|
|
| (44 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| Download SNORT & SNORT RULES versi terakhir dari
| | * [[SNORT: Compile SNORT dan BASE]] |
| | * [[SNORT: Install SNORT]] |
| | * [[SNORT: Install SNORT untuk BARNYARD2]] '''RECOMMENDED''' |
|
| |
|
| http://www.snort.org/dl/
| | ==Bacaan== |
| http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
| |
| | |
| | |
| Siapkan software pendukung
| |
| | |
| # apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
| |
| mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
| |
| php5-gd php-image-graph php-image-canvas php-pear
| |
| | |
| | |
| Sebaiknya pakai adodb yang mengenali PHP4 dan PHP5 seperti ini
| |
| | |
| # cp adodb4991.tgz /var
| |
| # cd /var
| |
| # tar zxvf adodb4991.tgz
| |
| | |
| | |
| Restart Server
| |
| | |
| # /etc/init.d/apache2 restart
| |
| # /etc/init.d/mysql restart
| |
| | |
| Install snort
| |
| | |
| | |
| # cp -Rf snort-2.8.4.1.tar.gz /usr/local/src/
| |
| # cd /usr/local/src
| |
| # tar zxvf snort-2.8.4.1.tar.gz
| |
| # cd snort-2.8.4.1
| |
| # ./configure --with-mysql
| |
| # make
| |
| # make install
| |
| # groupadd snort
| |
| # useradd -g snort snort
| |
| # mkdir /etc/snort
| |
| # mkdir /etc/snort/rules
| |
| # mkdir /var/log/snort
| |
| | |
| | |
| Ambil Rules untuk snort dari
| |
| | |
| http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
| |
| | |
| Copy Snort Rules
| |
| | |
| # cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
| |
| # cd /etc/snort
| |
| # tar zxvf snortrules-snapshot-CURRENT.tar.gz
| |
| | |
| | |
| Siapkan konfigurasi Snort
| |
| | |
| # cp /usr/local/src/snort-2.8.4.1/etc/* /etc/snort
| |
| # cd /etc/snort/
| |
| # mkdir /etc/snort/preproc_rules
| |
| # vi /etc/snort/snort.conf
| |
| | |
| “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
| |
| "var PREPROC_RULE_PATH ../preproc_rules" -> "var PREPROC_RULE_PATH /etc/snort/preproc_rules"
| |
| output database: log, mysql, user=snort password=snort dbname=snort host=localhost
| |
| | |
| | |
| Siapkan snort di rc.local
| |
| | |
| # vi /etc/rc.local
| |
| /usr/local/bin/snort -dev -c /etc/snort/snort.conf -D
| |
| | |
| | |
| | |
| Siapkan database MySQL
| |
| | |
| mysql
| |
| mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
| |
| | |
| Selanjutnya dengan database MySQL
| |
| | |
| # mysql -u root -p
| |
| Enter password:
| |
| mysql> create database snort;
| |
| mysql> grant INSERT,SELECT on root.* to snort@localhost;
| |
| mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
| |
| mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
| |
| mysql> exit
| |
| | |
| | |
| | |
| Siapkan tabel di database snort
| |
| | |
| # mysql -u root -p < /usr/local/src/snort-2.8.4.1/schemas/create_mysql snort
| |
| password:
| |
| | |
| | |
| Cek database snort
| |
| | |
| # mysql -p
| |
| Enter password:
| |
| mysql> show databases;
| |
| mysql> use snort
| |
| mysql> show tables;
| |
| mysql> exit
| |
| | |
| | |
| Install BASE
| |
| | |
| # cp base-1.3.9.tar.gz /var/www/
| |
| # cd /var/www
| |
| # tar zxvf base-1.3.9.tar.gz
| |
| # mv base-1.3.9 base
| |
| # cd /var/www/base
| |
| # cp base_conf.php.dist base_conf.php
| |
| | |
| | |
| Edit konfigurasi BASE
| |
| | |
| # vi base_conf.php
| |
| $BASE_urlpath = "/base";
| |
| $DBlib_path = "/usr/share/php/adodb/";
| |
| # $DBlib_path = "/var/adodb/"; - gunakan ini untuk instalasi adodb manual
| |
| $DBtype = "mysql";
| |
| | |
| $alert_dbname = 'snort';
| |
| $alert_host = 'localhost';
| |
| $alert_port = '';
| |
| $alert_user = 'snort';
| |
| $alert_password = 'snort';
| |
| | |
| $archive_exists = 0;
| |
| $archive_dbname = 'snort';
| |
| $archive_host = 'localhost';
| |
| $archive_port = '';
| |
| $archive_user = 'snort';
| |
| $archive_password = 'snort';
| |
| | |
| | |
| Beri ijin Apache Web Server mengakses folder BASE
| |
| | |
| # chown -Rf www-data.www-data /var/www/base
| |
| | |
| | |
| Akses Web SNORT & BASE
| |
| | |
| http://localhost/base
| |
| | |
| Setup page
| |
| CREATE BASE AG
| |
| Main page
| |
|
| |
|
| | * http://willy.lecturer.maranatha.edu/?p=817 |
|
| |
|
| | ==Referensi== |
|
| |
|
| | * http://125.160.17.21/speedyorari/index.php?dir=snort/rules '''RULES JADOEL untuk Percobaan''' |
| | * http://www.snort.org/snort-downloads |
| | * http://www.snort.org/dl/ |
| | * http://www.snort.org/start/rules |
| | * http://base.secureideas.net/ |
|
| |
|
| ==Pranala Menarik== | | ==Pranala Menarik== |
|
| |
|
| | * [[SNORT]] |
| * [[Linux Howto]] | | * [[Linux Howto]] |
| | |
| | [[Category: Linux]] |
| | [[Category: Network Security]] |
