User Tools

Site Tools


freebsd:snort_base

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
freebsd:snort_base [2014/08/08 14:26]
tschulz [Configure Snort]
freebsd:snort_base [2014/08/08 14:50] (current)
tschulz
Line 3: Line 3:
 ===== Install Software ===== ===== Install Software =====
 <​file>​ <​file>​
-pkg install snort apache22 mysql56-server mod_php5 ​phpMyAdmin ​base wget+pkg install snort apache22 mysql56-server mod_php5 base wget
 </​file>​ </​file>​
  
Line 13: Line 13:
 make install make install
 </​file>​ </​file>​
 +
 +===== Enable Services =====
 +**Edit /​etc/​rc.conf**
 +<file config /​etc/​rc.conf>​
 +...
 +snort_enable="​YES"​
 +barnyard2_enable="​YES"​
 +barnyard2_flags="​-d /​var/​log/​snort -f snort.log"​
 +apache24_enable="​YES"​
 +mysql_enable="​YES"​
 +...
 +</​file>​
 +
  
 ===== Update Snort Rules ===== ===== Update Snort Rules =====
Line 127: Line 140:
 ... ...
 </​file>​ </​file>​
 +
 +===== Configure Barnyard =====
 +==== Configure Database ====
 +**Start MySQL**
 +<​file>​
 +/​usr/​local/​etc/​rc.d/​mysql start
 +</​file>​
 +**Create Database**
 +<​file>​
 +mysql
 +create database snort;
 +quit;
 +</​file>​
 +**Populate Database**
 +<​file>​
 +mysql snort < /​usr/​local/​share/​examples/​barnyard2/​create_mysql
 +</​file>​
 +**Create Database user**
 +<​file>​
 +mysql
 +CREATE USER '​snort'​@'​localhost'​ IDENTIFIED BY '​snortpass';​
 +GRANT ALL PRIVILEGES ON snort.* TO '​snort'​@'​localhost'​ WITH GRANT OPTION;
 +</​file>​
 +==== Edit /​usr/​local/​etc/​barnyard2.conf ====
 +<file config /​usr/​local/​etc/​barnyard2.conf>​
 +...
 +# Examples:
 +#   ​output alert_fast
 +#   ​output alert_fast: stdout
 +#
 +output alert_fast
 +...
 +# Examples:
 +output database: log, mysql, user=snort password=snortpass dbname=snort host=localhost
 +#   ​output database: alert, postgresql, user=snort dbname=snort
 +#   ​output database: log, odbc, user=snort dbname=snort
 +#   ​output database: log, mssql, dbname=snort user=snort password=test
 +#   ​output database: log, oracle, dbname=snort user=snort password=test
 +#
 +...
 +</​file>​
 +
 +===== Start Snort and Barnyard2 =====
 +<​file>​
 +/​usr/​local/​etc/​rc.d/​snort start
 +/​usr/​local/​etc/​rc.d/​barnyard2 start
 +</​file>​
 +
 +===== Configure Base (Snort Web Reporting) =====
 +==== Enable php ====
 +  * edit /​usr/​local/​etc/​apache24/​httpd.conf
 +<​file>​
 +...
 +LoadModule php5_module ​       libexec/​apache24/​libphp5.so
 +
 +AddType application/​x-httpd-php .php
 +AddType application/​x-httpd-php-source .phps
 +...
 +#
 +# DirectoryIndex:​ sets the file that Apache will serve if a directory
 +# is requested.
 +#
 +<​IfModule dir_module>​
 +    DirectoryIndex index.php index.html
 +</​IfModule>​
 +...
 +</​file>​
 +==== Make Base Accessible ====
 +<​file>​
 +cd /​usr/​local/​www/​
 +cp -rv base apache24/​data/​
 +cd apache24/​data/​
 +chown -R www base
 +</​file>​
 +
 +==== Configure Base ====
 +  - Navigate on a web browser to http://​127.0.0.1/​base/​setup/​index.php
 +  - Set adodb Path to /​usr/​local/​share/​adodb
 +  - Use the Database setting we used above (mysql, database_name,​ username, password)
freebsd/snort_base.1407525966.txt.gz · Last modified: 2014/08/08 14:26 by tschulz