Changes between Initial Version and Version 1 of SnortMysqlUbuntu

Timestamp:

Jul 11, 2008, 6:06:51 PM (16 years ago)

Author:

waue

Comment:

--

SnortMysqlUbuntu

@@ +1 @@
+[[PageOutline]]
+ = Snort + Mysql + Base on Ubuntu = 
+
+ == 安裝所需要檔案 == 
+'''$ sudo apt-get install apache2 php5-mysql libphp-adodb'''
+'''$ sudo apt-get install snort-mysql snort-doc'''
+'''$ sudo apt-get install php5-gd php-pear'''
+ == 修改snort設定檔 == 
+'''$ sudo vim /etc/snort/snort.conf'''
+
+增加
+> output database: log, mysql, user=snort password=snort dbname=snort host=localhost
+移除或註解以下此行（安裝 snort-mysql後才會出現）:
+> output database: log, mysql,
+
+ == 設定Mysql資料庫 == 
+
+{{{
+$ mysql -u root -p
+
+mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
+mysql> create database snort;
+mysql> grant INSERT,SELECT on root.* to snort@localhost;
+mysql> SET PASSWORD FOR snort@localhost=PASSWORD('snort');
+mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
+mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
+mysql> exit
+
+$ cp /usr/share/doc/snort-mysql/create_mysql.gz ./
+$ gzip -d create_mysql.gz
+$ mysql -u root -p < ./create_mysql snort
+
+}}}
+
+ == 設定snort網頁管理:BASE == 
+
+ 1 下載[http://base.secureideas.net/ BASE 專案] 並解開到/var/www之下，改名為base 
+ 2 改BASE的設定檔
+{{{
+$ cd /var/www/base
+$ sudo cp base_conf.php.dist base_conf.php 
+$ sudo vim base_conf.php 
+//設定以下參數如：
+>$BASE_urlpath = '/base';
+
+>$DBlib_path = '/usr/share/php/adodb';
+
+>$alert_dbname   = 'snort';
+
+>$alert_host     = 'localhost';
+
+>$alert_port     = '';
+
+>$alert_user     = 'snort';
+
+>$alert_password = 'snort';
+
+}}}
+
+ 3 安裝php 額外套件
+
+$ sudo pear install Image_Color
+
+$ sudo pear install Image_Canvas-alpha
+
+$ sudo pear install Image_Graph-alpha
+
+ 4 解除封印 
+
+$ sudo rm /etc/snort/db-pending-config
+
+ * ps : 可能可以直接安裝 $ sudo apt-get install acidbase省略掉以上步驟， 但沒試過
+
+ 5 奔跑吧！snort
+
+$ sudo /etc/init.d/snort start
+
+ == 檢視網頁 == 
+
+看網頁是否成功開啟... 
+
+ == 故障排除 == 
+
+有空在寫囉！