Tag: debian 5.0


Installing Snort with BASE support,Mysql and ADODB

June 8th, 2010 — 9:35pm

Requirement
* GNU C Compiler 

debian:~# apt-get install build-essential

* Support modules

debian:~# apt-get install libpcap0.8-dev libpcre3-dev
debian:~# apt-get install snort-mysql ( just need create_mysql file script from /usr/share/snort-mysql/ )
debian:~# apt-get install checkinstall

* PHP,Web Server and Database Server
- PHP
- Apache2
- MySQL

* PHP Pear

debian:~# apt-get install php-pear
debian:~# pear install --force Image_Color
debian:~# pear install --force Image_Canvas
debian:~# pear install --force Image_Graph

Package

debian:~# wget http://dl.snort.org/snort-current/snort-2.8.6.tar.gz
debian:~# wget http://downloads.sourceforge.net/project/secureideas/BASE/base-1.4.5/base-1.4.5.tar.gz?use_mirror=waix
debian:~# wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-511-for-php5/adodb511.tgz?use_mirror=waix
debian:~# tar -zxvf snort-2.8.6.tar.gz
debian:~# tar -zxvf base-1.4.5.tar.gz
debian:~# tar -zxvf adodb511.tgz

Snort Installation

debian:~# cd snort-2.8.6
debian:~/snort-2.8.6# mkdir /etc/snort
debian:~/snort-2.8.6# mkdir /etc/snort/rules
debian:~/snort-2.8.6# mkdir /var/log/snort
debian:~/snort-2.8.6# chmod 777 /var/log/snort
debian:~/snort-2.8.6# useradd snort -d /var/log/snort -s /bin/false -c SNORT_IDS
debian:~/snort-2.8.6# chown -R snort /var/log/snort
debian:~/snort-2.8.6# cp etc/classification.config /etc/snort/
debian:~/snort-2.8.6# cp etc/reference.config /etc/snort/
debian:~/snort-2.8.6# cp -r etc/* /etc/snort/
debian:~/snort-2.8.6# ./configure --with-mysql=/usr/local/mysql
debian:~/snort-2.8.6# make && make install
debian:~/snort-2.8.6# checkinstall

Snort Configuration

debian:~/snort-2.8.6# nano /etc/snort/snort.conf
output database: log, mysql, user=snortuser password=snortpassword dbname=snortdb host=localhost

Database setup

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 427
Server version: 5.1.47 Source distribution

mysql> create database snort;
mysql> grant all on snort.* to snortuser@localhost identified by 'snortpassword';
mysql> flush privileges;
mysql> exit
Bye
debian:~# gzip -d /usr/share/doc/snort-mysql/create_mysql.gz
debian:~# /usr/local/mysql/bin/mysql -u root -p snort < /usr/share/doc/snort-mysql/create_mysql

BASE Installation and Configuration

debian:~# mv base-1.4.5/ /usr/local/apache2/htdocs/base
debian:~# mv adodb5/ /usr/local/apache2/htdocs/base/
debian:~# chmod 777 /usr/local/apache2/htdocs/base/*
debian:~# chmod 777 /usr/local/apache2/htdocs/base/adodb5/*
debian:~# cd /usr/local/apache2/htdocs/base/
debian:/usr/local/apache2/htdocs/base# cp base_conf.php.dist base_conf.php
debian:/usr/local/apache2/htdocs/base# nano base_conf.php
##Change the following lines##
---------------------------------
$DBlib_path="./adodb5";
$DBtype = 'mysql';
$alert_dbname   = 'snortdb';
$alert_host     = 'localhost';
$alert_port     = '';
$alert_user     = 'snortusername';
$alert_password = 'snortpassword';
---------------------------------
debian:/usr/local/apache2/htdocs/base# /usr/local/mysql/bin/mysql -u snort -p -D snort < sql/create_base_tbls_mysql.sql

Run Snort and BASE

debian:~# /usr/local/bin/snort -u snort -c /etc/snort/snort.conf
debian:~# /usr/local/apache2/bin/apachectl restart

Open your Web Browser http://your_ip or your domain/base

Debugging with gdb

debian:~# apt-get install gdb
debian:~# gdb snort
(gdb) r -u snort -c /etc/snort/snort.conf

Comment » | Linux

How to Install vsftpd @ Debian 5.0 i686

April 1st, 2010 — 4:57am

Requirement

* GNU C Compiler and other small packages required

debian:~# apt-get install gcc build-essential automake autoconf autoreconf libncurses5-dev g++

Package

debian:~# wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.2.2.tar.gz
debian:~# tar -zxvf vsftpd-2.2.2.tar.gz

Installation

debian:~# cd vsftpd-2.2.2/
debian:~/vsftpd-2.2.2# make
debian:~/vsftpd-2.2.2# make install

Configuration

debian:~/vsftpd-2.2.2# useradd nobody
debian:~/vsftpd-2.2.2# mkdir /usr/share/empty/
debian:~/vsftpd-2.2.2# mkdir /var/ftp/
debian:~/vsftpd-2.2.2# cp vsftpd.conf /etc/
debian:~/vsftpd-2.2.2# useradd -d /var/ftp ftp
debian:~/vsftpd-2.2.2# chown root.root /var/ftp
debian:~/vsftpd-2.2.2# chmod og-w /var/ftp
debian:~/vsftpd-2.2.2# nano /etc/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
listen=YES
debian:~/vsftpd-2.2.2# cp vsftpd.conf.5 /usr/local/man/man5
debian:~/vsftpd-2.2.2# cp vsftpd.8 /usr/local/man/man8
debian:~/vsftpd-2.2.2# cp vsftpd /usr/local/sbin/vsftpd

The Test

debian:~/vsftpd-2.2.2# /usr/local/sbin/vsftpd &
debian:~/vsftpd-2.2.2# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 2.2.2)
Name (localhost:root): ervan
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwx------    9 1004     1005         4096 Mar 30 23:58 Privatedir
drwxr-xr-x   22 1004     1005         4096 Mar 30 23:35 howto.txt
-rw-r--r--    1 1004     1005      3410753 Mar 21 02:52 scp20100309
226 Directory send OK.
ftp>

Comment » | Linux

« Previous Entries     

Back to top