Snort + Mysql + Base on Ubuntu

Edited by Waue , NCHC 2008-07-11

安裝所需要檔案

$ sudo apt-get install apache2 php5-mysql libphp-adodb snort-mysql snort-doc php5-gd php-pear

修改snort設定檔

$ sudo vim /etc/snort/snort.conf

增加

output database: log, mysql, user=snort password=snort dbname=snort host=localhost

移除或註解以下此行（安裝 snort-mysql後才會出現）:

output database: log, mysql,

設定Mysql資料庫

$ mysql -u root -p

mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
mysql> create database snort;
mysql> grant INSERT,SELECT on root.* to snort@localhost;
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('snort');
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
mysql> exit

$ cp /usr/share/doc/snort-mysql/create_mysql.gz ./
$ gzip -d create_mysql.gz
$ mysql -u root -p < ./create_mysql snort

設定snort網頁管理:BASE

1 下載​BASE 專案 並解開到/var/www之下，改名為base

2 改BASE的設定檔

$ cd /var/www/base
$ sudo cp base_conf.php.dist base_conf.php 
$ sudo vim base_conf.php 
//設定以下參數如：
>$BASE_urlpath = '/base';

>$DBlib_path = '/usr/share/php/adodb';

>$alert_dbname   = 'snort';

>$alert_host     = 'localhost';

>$alert_port     = '';

>$alert_user     = 'snort';

>$alert_password = 'snort';

3 安裝php 額外套件

$ sudo pear install Image_Color

$ sudo pear install Image_Canvas-alpha

$ sudo pear install Image_Graph-alpha

4 解除封印

$ sudo rm /etc/snort/db-pending-config

• ps : 可能可以直接安裝 $ sudo apt-get install acidbase省略掉以上步驟， 但沒試過

5 奔跑吧！snort

$ sudo /etc/init.d/snort start

檢視網頁

看網頁是否成功開啟...

故障排除

有空在寫囉！