CiscoTik

Networking Administration

CiscoTik

Networking Administration

CiscoTik

آموزش شبکه های مبتنی بر سیسکو و میکروتیک و ...

طبقه بندی موضوعی
محبوب ترین مطالب
  • ۹۲/۱۲/۱۲
    eBGP
نویسندگان
  • ۱
  • ۰

In this post I’m going to walk you through on how-to install Snort and the Snorby web UI on a freshly installed Debian Wheezy box.

As a first step we’re going to install Snort. Luckily it’s up in the repos, so we’re just going to apt-get it. I’m going to go with the snort-mysql package, as it gives a mysql DB support to snort which is a good thing. So first let’s get a mysql server up and running

get update && apt-get upgrade -y && apt-get install mysql-server mysql-client


Then we can get snorby up:

apt-get install snort-mysql

This will ask a few questions and it doesn’t matter what you answer as we’ll have to reconfigure it after Snorby has been installed anyway.

Moving on to installing Snorby. Prerequisites:




apt-get install libyaml-dev git-core default-jre imagemagick libmagickwand-dev wkhtmltopdf build-essential libssl-dev libreadline-gplv2-dev zlib1g-dev <linux-headers-686-pae> libsqlite3-dev libxslt1-dev libxml2-dev libmysqlclient-dev libmysql++-dev apache2-prefork-dev libcurl4-openssl-dev ruby ruby-dev


 
apt-cache search linux-headers



linux-headers-3.2.0-4-all - All header files for Linux 3.2 (meta-package)
linux-headers-3.2.0-4-all-amd64 - All header files for Linux 3.2 (meta-package)
linux-headers-3.2.0-4-amd64 - Header files for Linux 3.2.0-4-amd64
linux-headers-3.2.0-4-common - Common header files for Linux 3.2.0-4
linux-headers-3.2.0-4-common-rt - Common header files for Linux 3.2.0-4-rt
linux-headers-3.2.0-4-rt-amd64 - Header files for Linux 3.2.0-4-rt-amd64
linux-headers-2.6-amd64 - Header files for Linux amd64 configuration (dummy package)
linux-headers-amd64 - Header files for Linux amd64 configuration (meta-package)
linux-headers-rt-amd64 - Header files for Linux rt-amd64 configuration (meta-package


apt-get install libyaml-dev git-core default-jre imagemagick libmagickwand-dev wkhtmltopdf build-essential libssl-dev libreadline-gplv2-dev zlib1g-dev libsqlite3-dev libxslt1-dev libxml2-dev libmysqlclient-dev libmysql++-dev apache2-prefork-dev libcurl4-openssl-dev ruby ruby-dev linux-headers-3.2.0-4-all


Don’t forget to use the linux headers for your kernel’s architecture

gem install bundler rails 



gem install rake --version=0.9.2
cd /var/www/

Download the source for the application.

git clone http://github.com/Snorby/snorby.git
cd /var/www/snorby/config/

Set up configuration files.

cp database.yml.example database.yml
cp snorby_config.yml.example snorby_config.yml
sed -i s/"\/usr\/local\/bin\/wkhtmltopdf"/"\/usr\/bin\/wkhtmltopdf"/g snorby_config.yml

Tell snorby the mysql database name, user and password that it should use.

nano database.yml

At this point you should also create the user and the database. I just used phpmyadmin, but it shouldn’t be too hard to create a new user from the command line.

cd /var/www/snorby/

Let’s install it.

bundle install --deployment
bundle exec rake snorby:setup

At this point Snorby should start when you type:

bundle exec rails server -e production -b 127.0.0.1

If you point your browser to

http://localhost:3000

the Snorby WebUI should pop up. You can access it with the default credentials:

snorby@snorby.org
snorby

Don’t be stupid, change the email and the password after logging in.

Now if you look around the site you’ll notice that Snorby isn’t getting any data just yet. So we’ll have to configure Snort!

dpkg-reconfigure snort-mysql

Answer the questions, set up all the interface you need for sniffing network traffic and enter Snorby’s mysql database and the username and password for it when prompted. Now that the database is configured we’ll just need to move away a lock file, so that Snort can start up.

mv /etc/snort/db-pending-config /etc/snort/db-pending-config_no_more

At this point we’re ready to launch snort:

service snort start

Let’s test it!

Snort should alert for nmap scans so on another box just type:

nmap -A -T5 yourhost.org

Let it run, then check Snorby. You should see something similar to the picture below.

Now there’s really only one thing left before we’re done: Make Snorby autostart on boot.

cd /etc/init.d/
nano snorby

A simple script like this should do the trick:

#!/bin/bash

cd /var/www/snorby && bundle exec rails server -e production &

Let’s put it to start in runlevel 2:

chmod +x snorby
update-rc.d -f snorby start 2

And now Snorby will start whenever the system enters runlevel 2 and we’re done.

Last updated on





نظرات (۰)

هیچ نظری هنوز ثبت نشده است

ارسال نظر

ارسال نظر آزاد است، اما اگر قبلا در بیان ثبت نام کرده اید می توانید ابتدا وارد شوید.
شما میتوانید از این تگهای html استفاده کنید:
<b> یا <strong>، <em> یا <i>، <u>، <strike> یا <s>، <sup>، <sub>، <blockquote>، <code>، <pre>، <hr>، <br>، <p>، <a href="" title="">، <span style="">، <div align="">
تجدید کد امنیتی