Intrusion Detection With BASE And Snort - Page 4

BASE web page setup

Open your favorite web browser and go to: http://www.example.com/base-1.2.5/setup
If all is setup okay you should see the BASE Setup Program page:

BASE setup

Click on Continue

step 1 of 5:
Enter the path to ADODB (/var/www/adodb):

BASE Step 1 setup
click on Submit Query

step 2 of 5:
Enter the needed info on the next screen: (leave the Use Archive Database as is):

BASE Step 2 setup
click on Submit Query

step 3 of 5:
If you want to Use Authentication for the Base page you can do so here:

BASE Step 3 setup

click on Submit Query

step 4 of 5:
Click on Create BASE AG to create the database.

BASE Step 4a setup
and after Create BASE AG
BASE Step 4b setup

Once done, click on Now continue to step 5...

BASE Step 5 setup

To make the Graph's from BASE work you will also need to install Image_Color, Image_Canvas and Image_Graph.
To do this do:

pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha

That it for BASE!

If you want you can chmod the base-1.2.5 dir back to 775:

chmod 775 base-1.2.5

You can also delete the snorttemp directory, and all the files in it.

Starting Snort

To start SNORT and make BASE show you the Snort's logged info, you will need to run:

/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g root -D

Now wait some time and see all the Snort alerts show up in BASE.

BASE alerts

Share this page:

Suggested articles

9 Comment(s)

Add comment

Comments

By: Anonymous

thanks.....this tutorial helped me out a lot.

By: Anonymous

Nice, easy to follow tutorial. Keep up the good work!

It's been a while that I've been meaning to get back to using snort. I think I'll give a try sometime this week. Never used BASE, I'll probably try it out this Wednesday.

Good Stuff.

--Jon Zhttp://jzencovich.blogspot.com/

By: Anonymous

 Not bad actually, but the project still not grow up, if you use commercial variants you know this is nowhere comparing to them...

By: kav5

Looks good but it is not complete. It would be very nice to add snortsam installation to the tutorial because it implements IPS system. (to block attacker automatically) 

By: Anonymous

 If u get these :

Warning: include_once(Mail.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/web/base-php4/includes/base_action.inc.php on line 29

,...........................

 

 Try issuing these commands and see if it helps:

pear install Mail
pear install Mail_Mime

By: pevma

Also folks,

to get the graphics working by country and world maps:

There are 2 files: 

1. world_map6.png

2. world_map6.txt

do a search:

find / -iregex ".*world_map6.png"

you will find the file...then copy it to where your "PEAR directory" is

You will find your "PEAR directory" after you execute :

pear config-show

Then copy the 2 files in the "PEAR directory" under /Image/Graph/Images/Maps/

so the FULL path should look something like this:

/usr/share/php/Image/Graph/Images/Maps/

 

That solevs one of the problems ...then you get an error like ".... couldn find...or not defined $GeoIPfree_file_ascii and $ip2cc"...something of the sort...for this purpose in your cmd execute:

perl -MCPAN -e 'install  Geography::Countries'

then

 perl -MCPAN -e 'install  IP::Country'

ok...almost there

then find your  base_conf.php  - should be somewhere in your /var/www/ directory  or the directories inder that

edit the file /base_conf.php/   towards the end you will find 

" $IP2CC..." uncomment that ...maybe restart your browser or clear the cahce of your browser and you are ready to go!!!

thats it

By: wisedud2u

after you install the Geography::Countries do this

[email protected]:~#  cd /usr/lib/perl5/site_perl/5.8.8/Geo/

[email protected]:Geo#wget  http://cpansearch.perl.org/src/BRICAS/Geo-IPfree-0.6/misc/ipct2txt.pl

 [email protected]:Geo#perl ipct2txt.pl ./ipscountry.dat /path/to/your/htdocs/base/ips-ascii.txt


 

By:

This guide is a pretty good start but I actually found Patrick Harper's guide to be more in-depth. His guide is available at www.internetsecurityguru.com which I've used to develop a Snort/Centos/BASE install cd that I'm calling EasyIDS.

By:

Thanks a lot for your tutorial. It allowed me to get everything up and running in a very short time.