User Tools
freebsd:snort_base
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
freebsd:snort_base [2014/08/08 14:26] tschulz [Configure Snort] |
freebsd:snort_base [2014/08/08 14:45] tschulz [Enable php] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Install Software ===== | ===== Install Software ===== | ||
| <file> | <file> | ||
| - | pkg install snort apache22 mysql56-server mod_php5 phpMyAdmin base wget | + | pkg install snort apache22 mysql56-server mod_php5 base wget |
| </file> | </file> | ||
| Line 13: | Line 13: | ||
| make install | make install | ||
| </file> | </file> | ||
| + | |||
| + | ===== Enable Services ===== | ||
| + | **Edit /etc/rc.conf** | ||
| + | <file config /etc/rc.conf> | ||
| + | ... | ||
| + | snort_enable="YES" | ||
| + | barnyard2_enable="YES" | ||
| + | barnyard2_flags="-d /var/log/snort -f snort.log" | ||
| + | apache24_enable="YES" | ||
| + | mysql_enable="YES" | ||
| + | ... | ||
| + | </file> | ||
| + | |||
| ===== Update Snort Rules ===== | ===== Update Snort Rules ===== | ||
| Line 126: | Line 139: | ||
| ... | ... | ||
| + | </file> | ||
| + | |||
| + | ===== Configure Barnyard ===== | ||
| + | ==== Configure Database ==== | ||
| + | **Start MySQL** | ||
| + | <file> | ||
| + | /usr/local/etc/rc.d/mysql start | ||
| + | </file> | ||
| + | **Create Database** | ||
| + | <file> | ||
| + | mysql | ||
| + | create database snort; | ||
| + | quit; | ||
| + | </file> | ||
| + | **Populate Database** | ||
| + | <file> | ||
| + | mysql snort < /usr/local/share/examples/barnyard2/create_mysql | ||
| + | </file> | ||
| + | **Create Database user** | ||
| + | <file> | ||
| + | mysql | ||
| + | CREATE USER 'snort'@'localhost' IDENTIFIED BY 'snortpass'; | ||
| + | GRANT ALL PRIVILEGES ON snort.* TO 'snort'@'localhost' WITH GRANT OPTION; | ||
| + | </file> | ||
| + | ==== Edit /usr/local/etc/barnyard2.conf ==== | ||
| + | <file config /usr/local/etc/barnyard2.conf> | ||
| + | ... | ||
| + | # Examples: | ||
| + | # output alert_fast | ||
| + | # output alert_fast: stdout | ||
| + | # | ||
| + | output alert_fast | ||
| + | ... | ||
| + | # Examples: | ||
| + | output database: log, mysql, user=snort password=snortpass dbname=snort host=localhost | ||
| + | # output database: alert, postgresql, user=snort dbname=snort | ||
| + | # output database: log, odbc, user=snort dbname=snort | ||
| + | # output database: log, mssql, dbname=snort user=snort password=test | ||
| + | # output database: log, oracle, dbname=snort user=snort password=test | ||
| + | # | ||
| + | ... | ||
| + | </file> | ||
| + | |||
| + | ===== Start Snort and Barnyard2 ===== | ||
| + | <file> | ||
| + | /usr/local/etc/rc.d/snort start | ||
| + | /usr/local/etc/rc.d/barnyard2 start | ||
| + | </file> | ||
| + | |||
| + | ===== Configure Base (Snort Web Reporting) ===== | ||
| + | ==== Enable php ==== | ||
| + | * edit /usr/local/etc/apache24/httpd.conf | ||
| + | <file> | ||
| + | ... | ||
| + | LoadModule php5_module libexec/apache24/libphp5.so | ||
| + | |||
| + | AddType application/x-httpd-php .php | ||
| + | AddType application/x-httpd-php-source .phps | ||
| + | ... | ||
| + | # | ||
| + | # DirectoryIndex: sets the file that Apache will serve if a directory | ||
| + | # is requested. | ||
| + | # | ||
| + | <IfModule dir_module> | ||
| + | DirectoryIndex index.php index.html | ||
| + | </IfModule> | ||
| + | ... | ||
| + | </file> | ||
| + | ==== Make Base Accessible ==== | ||
| + | <file> | ||
| + | cd /usr/local/www/ | ||
| + | cp -rv base apache24/data/ | ||
| + | cd apache24/data/ | ||
| + | chown -R www base | ||
| </file> | </file> | ||
freebsd/snort_base.txt · Last modified: 2014/08/08 14:50 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
