Hi everyone, I'm new to the forums. I found this site after looking for a good how-to on installing snort, base, etc.... After searching, I found this article, http://www.howtoforge.com/intrusion-detection-with-snort-mysql-apache2-on-ubuntu-7.10. I followed it to the letter and I'm still unable to get it going. BASE doesn't show anything at all after snort has been running for a while. Is there anyone out there that could possibly help me out or is experiencing the same issues as I am? Thank you, Erik
to check if snort is running, do "snort -c /etc/snort/snort.conf -i eth0 -v" stick your machine out directly on the internet, not behind your router. then run snort with the -D option as mentioned in the article, go to sleep, then wake up in the morning with attacks logged in BASE. if you want me to send some traffic your way to test it out, let me know. you can PM me with your IP. cheers, Erik
i use this command snort -c /etc/snort/snort.conf -u _snort -g _snort & sleep 2 open up the first 1024 ports on the router to your linux box and than goto this URL and it will run an port check on the first 1024 ports on your IP https://www.grc.com/x/ne.dll?bh0bkyd2 and see if its shows up also check the pear to see if its installed coz the first 3 or 4 times i try it myself i didn't get the pear installed right ( Image_Color / Image_Canvas-alpha / Image_Graph-alpha ) just rerun the pear install Image_Color pear install Image_Canvas-alpha pear install Image_Graph-alpha
i will try what you told me later the server is connected directly to the internet , i ssh in from work all the time ..
i get these pear install Image_Color PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20060613+lfs/gd.so' - /usr/lib/php5/20060613+lfs/gd.so: undefined symbol: gdImageCreateFromJpeg in Unknown on line 0 Ignoring installed package pear/Image_Color Nothing to install root@f00:/home/dimgr# pear install Image_Graph-alpha PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20060613+lfs/gd.so' - /usr/lib/php5/20060613+lfs/gd.so: undefined symbol: gdImageCreateFromJpeg in Unknown on line 0 Ignoring installed package pear/Image_Graph Nothing to install root@f00:/home/dimgr# pear install Image_Canvas-alpha PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20060613+lfs/gd.so' - /usr/lib/php5/20060613+lfs/gd.so: undefined symbol: gdImageCreateFromJpeg in Unknown on line 0 Ignoring installed package pear/Image_Canvas Nothing to install the Graph alerts on BASE do not work PHP ERROR: PHP build incomplete: the prerequisite GD support required to generate graphs was not built into PHP. Please recompile PHP with the necessary library (--with-gd)
no luck apt-get install php5-gd Reading package lists... Done Building dependency tree Reading state information... Done php5-gd is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
here it is cat /etc/php5/conf.d/gd.ini # configuration for php GD module extension=gd.so dimgr@f00:~$
i kind of figured it out with iptables firewalling on , base won't log mess... turn iptables off and you can see it logging some of my nmap scans but is this normal?
Hi Everyone, I'm New to this forum but i found that their is an issue regarding Base is not working after complete installation of snort. This problem i faced too and with little modification i made it working. I hope its work for those who need it. Follow the steps of below url http://www.howtoforge.com/intrusion-detection-with-snort-mysql-apache2-on-ubuntu-7.10 ---------------------------------------------------------- Now the changes u need to implement while installing. ---------------------------------------------------------- After finishing the step: 1. Pre-requistes Install: libpcap-0.9.8.tar.gz & tcpdump-3.9.8.tar.gz ---------- download "snortdb-extra.gz" file before installing snort. Later this file is required at the time of Mysql configuration. ---------- After finishing the step : 10. Snort Configuration Follow the steps below to configure mysql mysql -u root -p mysql> SET PASSWORD FOR root@localhost=PASSWORD('password'); >Query OK, 0 rows affected (0.25 sec) mysql> create database snort; >Query OK, 1 row affected (0.01 sec) mysql> grant INSERT,SELECT on root.* to snort@localhost; >Query OK, 0 rows affected (0.02 sec) mysql> SET PASSWORD FOR snort@localhost=PASSWORD('password_from_snort.conf'); >Query OK, 0 rows affected (0.25 sec) mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost; >Query OK, 0 rows affected (0.02 sec) mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort; >Query OK, 0 rows affected (0.02 sec) mysql> exit >Bye Execute the following commands to create the tables example: mysql -u root -p < /usr/share/doc/snort-2.2.0/contrib/create_mysql snort * the text is in red indicates to specify the "create_mysql" file path Enter password: the mysql root password Then install the extra DB tables using the following command example: zcat /usr/share/doc/snort-2.2.0/contrib/snortdb-extra.gz |mysql -p snort * the text is in red indicates to specify the "snortdb-extra.gz" file path Enter password: the mysql root password -------------------------------- Login in mysql and cross check the Snort database containing 19 tables or not. if yes then proceed. -------------------------------- once these modifications are done.. you can use Base. Zaka.
OK, I know how noob this is going to look, but... I followed the instructions verbatim I thought, other than using base-1.4.1 rather than 1.3.8, and snort-2.8.2.2 rather then snort-2.8.0. This is embarassing.. should I use the URL http://[I]localhost[/I]/web/base-php4/index.php ? if so, I am getting what looks liike perm problems: Warning: include_once(Mail.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/web/base-php4/includes/base_action.inc.php on line 29 Suggestions please? I looked for BASE docs, to no real avail.