Intrusion Detection With BASE And Snort

Discussion in 'HOWTO-Related Questions' started by StupidScript, Jul 17, 2006.

  1. StupidScript

    StupidScript New Member

    Thanks for the tutorial ...

    Here's (perhaps) a little help with a potential problem with Step 1 of 5 of the BASE setup program where it cannot verify the Path to ADODB.

    Error: "The Path to ADODB does not appear to be correct!"

    Following the instructions in the tutorial to the letter, you have an "adodb" directory in /var/www/. Setting "Path to ADODB" in Step 1 of the web-based BASE setup to "/var/www/adodb" returns the error above.

    Solution, for me: chown -R apache:apache /var/www/adodb

    It was owned by root, before I did that, however the PHP file in BASE's setup routine (setup1.php) requires the ability to check for a particular file in order to validate that location.

    As I had php.ini set up to use open_basedir, I needed to add that directory to my /etc/php.ini's open_basedir list of allowed directories and give Apache permission to read it before the setup file worked correctly. (I has previously needed to add the /var/www/html/base-1.2.5 directory to the list and chown it to apache:apache, as well.)

    I also used the tutorial to make a second installation on another system, and I needed to chmod 755 /var/www/adodb and all of its subdirectories.

    Incidentally, I'm running Fedora Core 4 on both systems, however there are some differences between the two.

    Hope that helps someone ... ;)
    Last edited: Jul 18, 2006
  2. sjau

    sjau Local Meanie Moderator

    Do the global and local values for allowed directories differ? Maybe that is the problem.
  3. edge

    edge Active Member Moderator

    Hmm.. It's me .. the one who made the howto,

    I've had a look at some Debian Sarge systems here, and they all have "/var/www/adodb" owned by root:root and set to 755

    Could it be a Debian thingy? Also.. It's using Apache2 (not sure if this has anything todo with it)
  4. StupidScript

    StupidScript New Member

    Thanks a lot for the tutorial, edge. Worked great! Here are my notes about the above stuff.

    Running on two servers: Fedora Core 4, Apache 2, PHP 5.x

    Both php.ini's using: safe_mode = On , open_basedir = ..allowed dirs..

    Both running Bastille (server hardening) HOWEVER the Bastille configurations are a little bit different because one server is sensitive and the other is used for testing things, occasionally, so it's not quite as 'tight' as the other system.

    I think the differences in the Bastille setup may account for the owner/permissions differences as noted.

    To clarify what I did to get everything working:

    1) chown adodb and all children to the user who owns the web server
    2) Change permissions on adodb directory and its subdirectories as req.
    3) IF using open_basedir: add directories as needed and restart web server

    Other than those small tweaks, everything went exactly as you noted in the tutorial, edge. Thanks a lot!
    Last edited: Jul 19, 2006
  5. edge

    edge Active Member Moderator

    I'm (as you might have seen on the way of the howto) new to linux and the howto's :)

    Anyway.. I'll give your things a go tomorrow or the day after on a new (virtual) Debian install, and if all okay I'll add / change it in the howto.
    I'm not sure if I will use your nick in it for the thanks to.. (StupidScript) :D
  6. wr19026

    wr19026 New Member

    I'm havibg problems with the following:

    ./configure --enable-dynamicplugin --with-mysql
    make install

    when I run it it gives the following error:

    checking for mysql...

    ERROR: unable to find mysql headers (mysql.h)
    checked in the following places

    [email protected]:~/snorttemp/snort-2.6.0# whereis mysql.h
    mysql: /usr/bin/mysql /etc/mysql /usr/bin/X11/mysql /usr/share/mysql /usr/share/man/man1/mysql.1.gz

    Environment: Ubuntu 6.06 LTS server set up as per the Perfect Setup; also running ISPConfig.

    Help and suggestions are much appreciated!
  7. falko

    falko Super Moderator ISPConfig Developer

    Please run
    apt-get install libmysqlclient12-dev
    and try again.
  8. wr19026

    wr19026 New Member

    I'm getting an error message (in Dutch so I don't think it'll help much :)). I'll figure out how to get this installed and try again. Thanks for the tip anyway!

    EDIT: As per one of the comments for the Perfect Setup for Ubuntu 6.06 I installed libmysqlclient15-dev which solves the problem.
    Last edited: Aug 12, 2006

Share This Page