Tag: x86_64


Installing Snort with BASE support,Mysql and ADODB

June 8th, 2010 — 9:35pm

Requirement
* GNU C Compiler 

debian:~# apt-get install build-essential

* Support modules

debian:~# apt-get install libpcap0.8-dev libpcre3-dev
debian:~# apt-get install snort-mysql ( just need create_mysql file script from /usr/share/snort-mysql/ )
debian:~# apt-get install checkinstall

* PHP,Web Server and Database Server
- PHP
- Apache2
- MySQL

* PHP Pear

debian:~# apt-get install php-pear
debian:~# pear install --force Image_Color
debian:~# pear install --force Image_Canvas
debian:~# pear install --force Image_Graph

Package

debian:~# wget http://dl.snort.org/snort-current/snort-2.8.6.tar.gz
debian:~# wget http://downloads.sourceforge.net/project/secureideas/BASE/base-1.4.5/base-1.4.5.tar.gz?use_mirror=waix
debian:~# wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-511-for-php5/adodb511.tgz?use_mirror=waix
debian:~# tar -zxvf snort-2.8.6.tar.gz
debian:~# tar -zxvf base-1.4.5.tar.gz
debian:~# tar -zxvf adodb511.tgz

Snort Installation

debian:~# cd snort-2.8.6
debian:~/snort-2.8.6# mkdir /etc/snort
debian:~/snort-2.8.6# mkdir /etc/snort/rules
debian:~/snort-2.8.6# mkdir /var/log/snort
debian:~/snort-2.8.6# chmod 777 /var/log/snort
debian:~/snort-2.8.6# useradd snort -d /var/log/snort -s /bin/false -c SNORT_IDS
debian:~/snort-2.8.6# chown -R snort /var/log/snort
debian:~/snort-2.8.6# cp etc/classification.config /etc/snort/
debian:~/snort-2.8.6# cp etc/reference.config /etc/snort/
debian:~/snort-2.8.6# cp -r etc/* /etc/snort/
debian:~/snort-2.8.6# ./configure --with-mysql=/usr/local/mysql
debian:~/snort-2.8.6# make && make install
debian:~/snort-2.8.6# checkinstall

Snort Configuration

debian:~/snort-2.8.6# nano /etc/snort/snort.conf
output database: log, mysql, user=snortuser password=snortpassword dbname=snortdb host=localhost

Database setup

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 427
Server version: 5.1.47 Source distribution

mysql> create database snort;
mysql> grant all on snort.* to snortuser@localhost identified by 'snortpassword';
mysql> flush privileges;
mysql> exit
Bye
debian:~# gzip -d /usr/share/doc/snort-mysql/create_mysql.gz
debian:~# /usr/local/mysql/bin/mysql -u root -p snort < /usr/share/doc/snort-mysql/create_mysql

BASE Installation and Configuration

debian:~# mv base-1.4.5/ /usr/local/apache2/htdocs/base
debian:~# mv adodb5/ /usr/local/apache2/htdocs/base/
debian:~# chmod 777 /usr/local/apache2/htdocs/base/*
debian:~# chmod 777 /usr/local/apache2/htdocs/base/adodb5/*
debian:~# cd /usr/local/apache2/htdocs/base/
debian:/usr/local/apache2/htdocs/base# cp base_conf.php.dist base_conf.php
debian:/usr/local/apache2/htdocs/base# nano base_conf.php
##Change the following lines##
---------------------------------
$DBlib_path="./adodb5";
$DBtype = 'mysql';
$alert_dbname   = 'snortdb';
$alert_host     = 'localhost';
$alert_port     = '';
$alert_user     = 'snortusername';
$alert_password = 'snortpassword';
---------------------------------
debian:/usr/local/apache2/htdocs/base# /usr/local/mysql/bin/mysql -u snort -p -D snort < sql/create_base_tbls_mysql.sql

Run Snort and BASE

debian:~# /usr/local/bin/snort -u snort -c /etc/snort/snort.conf
debian:~# /usr/local/apache2/bin/apachectl restart

Open your Web Browser http://your_ip or your domain/base

Debugging with gdb

debian:~# apt-get install gdb
debian:~# gdb snort
(gdb) r -u snort -c /etc/snort/snort.conf

Comment » | Linux

How to Fix eror “error while loading shared libraries” when executing zypper

March 14th, 2010 — 10:22pm

Error : 

ervan:/usr/lib # zypper
zypper: error while loading shared libraries: libsasl2.so.2: wrong ELF class: ELFCLASS64

ervan:/usr/lib # yast -i
Error while creating client module sw_single

Effect :
Cannot install package with yast and zypper

How To Fix :

- Checking

ervan:/usr/lib # ls | grep libsasl2.so.2
libsasl2.la
libsasl2.so
libsasl2.so.2
libsasl2.so.2.0.22
libsasl2.so.2.0.23
ervan:/usr/lib # ldd /usr/bin/zypper
libzypp.so.523 => /usr/lib/libzypp.so.523 (0xb7afe000)
libreadline.so.5 => /lib/libreadline.so.5 (0xb7ac6000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb79d2000)
libm.so.6 => /lib/libm.so.6 (0xb79a9000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb799a000)
libc.so.6 => /lib/libc.so.6 (0xb783e000)
librt.so.1 => /lib/librt.so.1 (0xb7833000)
libpthread.so.0 => /lib/libpthread.so.0 (0xb7819000)
libutil.so.1 => /lib/libutil.so.1 (0xb7815000)
libdbus-1.so.3 => /lib/libdbus-1.so.3 (0xb77d3000)
librpm-4.4.so => /usr/lib/librpm-4.4.so (0xb773d000)
libhal.so.1 => /usr/lib/libhal.so.1 (0xb772a000)
libhal-storage.so.1 => /usr/lib/libhal-storage.so.1 (0xb771d000)
libcurl.so.4 => /usr/lib/libcurl.so.4 (0xb76da000)
libxml2.so.2 => /usr/lib/libxml2.so.2 (0xb7586000)
libz.so.1 => /lib/libz.so.1 (0xb7571000)
libexpat.so.1 => /lib/libexpat.so.1 (0xb7549000)
libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0xb73e2000)
libncurses.so.5 => /lib/libncurses.so.5 (0xb73a4000)
/lib/ld-linux.so.2 (0xb7f3d000)
librpmdb-4.4.so => /usr/lib/librpmdb-4.4.so (0xb729c000)
librpmio-4.4.so => /usr/lib/librpmio-4.4.so (0xb71ba000)
libdl.so.2 => /lib/libdl.so.2 (0xb71b5000)
libbz2.so.1 => /lib/libbz2.so.1 (0xb71a5000)
libpopt.so.0 => /lib/libpopt.so.0 (0xb719b000)
libselinux.so.1 => /lib/libselinux.so.1 (0xb717e000)
libuuid.so.1 => /lib/libuuid.so.1 (0xb7178000)
libidn.so.11 => /usr/lib/libidn.so.11 (0xb7145000)
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb70fb000)
libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2 (0xb70b6000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7089000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb6fea000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb6fc3000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0xb6fbf000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb6fbb000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb6fa4000)
liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb6f94000)
 libsasl2.so.2 => not found
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb6f8b000)

Conclusions : libsasl2.so.2 is broken, we need to create symbolink link to another exist libsasl2.so.

- Resolving

ervan:/usr/lib #rm -rf libsasl2.so.2
ervan:/usr/lib #ln -s ./libsasl2.so.2.0.22 ./libsasl2.so.2

2 comments » | Linux

« Previous Entries     

Back to top