Instalasi SNORT dan BASE: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older editNewer edit →
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Replacing page with '* SNORT: Compile SNORT dan BASE * SNORT: Install SNORT ==Bacaan== * http://jogja.linux.or.id/berita/arsip/2010/01/14/kustomisasi-konfigurasi-ids-snort/ ==Referensi==...'
Line 1: Line 1:
Download [[SNORT]] & [[SNORT RULES]] versi terakhir dari
* [[SNORT: Compile SNORT dan BASE]]
 
* [[SNORT: Install SNORT]]
http://125.160.17.21/speedyorari/index.php?dir=snort/rules '''RULES JADOEL untuk Percobaan'''
http://www.snort.org/snort-downloads
http://www.snort.org/dl/
http://www.snort.org/start/rules
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
http://base.secureideas.net/
 
==Siapkan Aplikasi Pendukung==
 
Siapkan [[software]] pendukung
 
sudo apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-image-graph php-image-canvas php-pear
 
Untuk [[Ubuntu]] 9.04 tampaknya menggunakan
 
sudo apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-pear
 
Untuk [[Ubuntu]] 10.04
 
sudo apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-pear apache2 php5 php5-xmlrpc php5-mysql php5-gd php5-cli php5-curl \
mysql-client
 
Untuk [[Ubuntu]] 10.10
 
sudo apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-pear apache2 php5 php5-xmlrpc php5-mysql php5-gd php5-cli php5-curl \
mysql-client libdumbnet1 libdumbnet-dev
 
pear install Numbers_Roman-1.0.2
pear install Numbers_Words-0.16.2
pear install Image_Canvas-0.3.2
pear install Image_Graph-0.7.2
 
 
<!--
Karena [[BASE]] menggunakan [[PHP4]], sebaiknya pakai yang mengenali [[PHP4]] dan [[PHP5]] seperti ini
 
cp adodb4992.tgz /var
cd /var
tar zxvf adodb4992.tgz
-->
 
Restart [[Server]]
 
/etc/init.d/apache2 restart
/etc/init.d/mysql restart
 
==Install [[snort]]==
 
Compile snort yang terbaru '''(TIDAK RECOMMENDED SERING GAGAL)'''
 
cp snort-2.9.0.2.tar.gz /usr/local/src/
cd /usr/local/src
tar zxvf snort-2.9.0.2.tar.gz
 
cd /usr/local/src/snort-2.9.0.2/
./configure --with-mysql
make
make install
 
groupadd snort
useradd -g snort snort
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort
 
Kadang kala kita masih kesulitan untuk menset parameter snort.conf agar bisa deteksi dengan baik.
Versi yang baru entah kenapa tidak terlalu tersambung ke database rules.
Mungkin sesudah compile snort yang baru akan agak aman kalau compile lagi yang lama.
 
cp -Rf snort-2.8.0.tar.gz /usr/local/src/
cd /usr/local/src
tar zxvf snort-2.8.0.tar.gz
 
cd /usr/local/src/snort-2.8.0
./configure --with-mysql
make
make install
 
groupadd snort
useradd -g snort snort
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort
 
==Instalasi Rules==
 
Ambil [[Snort Rules]] dari
 
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
http://125.160.17.21/speedyorari/index.php?dir=snort/rules
 
Tampaknya alamat di atas sudah tidak valid lagi. Perlu di cari community rules snort yang bebas / gratis :( ..
Jika anda berhasil memperoleh community rules snort, lakukan copy [[Snort Rules]]
 
cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
cd /etc/snort
tar zxvf snortrules-snapshot-CURRENT.tar.gz
 
==Konfigurasi Snort==
 
Siapkan konfigurasi [[Snort]]
 
===Versi 2.8.0===
 
cp /usr/local/src/snort-2.8.0/etc/* /etc/snort
cd /etc/snort/
mkdir /etc/snort/preproc_rules
vi /etc/snort/snort.conf
 
===Versi 2.8.6.1===
 
cp /usr/local/src/snort-2.8.6.1/etc/* /etc/snort
cd /etc/snort/
mkdir /etc/snort/preproc_rules
vi /etc/snort/snort.conf
 
Ubah
 
var RULE_PATH ../rules                  var RULE_PATH /etc/snort/rules
var SO_RULE_PATH ../so_rules            var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH ../preproc_rules  var PREPROC_RULE_PATH /etc/snort/preproc_rules
output database: alert, mysql, user=snort password=snort dbname=snort host=localhost
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128
 
Ujicoba jalankan [[snort]], karena [[Snort rules]] yang digunakan biasanya masih banyak bug / error dan harus dibuang supaya hanya rules yang baik yang digunakan
 
/usr/local/bin/snort -dev -c /etc/snort/snort.conf
 
Contoh error
 
Initializing rule chains...
ERROR: (/etc/snort/rules/web-misc.rules)'''98''' => Cannot use 'rawbytes' and  'http_uri' as modifiers for the same "content" nor use 'rawbytes' with  "uricontent".
Fatal Error, Quitting..
 
Artinya
 
* file /etc/snort/rules/web-misc.rules mengandung error pada line '''98'''
* edit file /etc/snort/rules/web-misc.rules dan buang line yang ada error-nya
 
sampai keluar error terakhir
 
ERROR: database: mysql_error: Access denied for user 'snort'@'localhost' (using password: YES)
Fatal Error, Quitting..
 
==Autoexec==
 
Siapkan snort di rc.local
 
# vi /etc/rc.local
 
masukan
 
/usr/local/bin/snort -dev -c /etc/snort/snort.conf -D
 
==Siapkan Database==
 
Siapkan [[database]] [[MySQL]]
 
mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
 
Selanjutnya dengan [[database]] [[MySQL]]
 
# mysql -u root -p
Enter password:
create database snort;
grant INSERT,SELECT on root.* to snort@localhost;
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
exit
 
 
Atau jika anda masih dalam tahap ujicoba bukan untuk operasional,
dengan asumsi root password 123456, username snort, password snort, database snort; dapat menggunakan perintah
 
# mysql -u root -p123456
create database snort;
grant ALL on root.* to snort@localhost;
grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ;
grant ALL on snort.* to snort IDENTIFIED BY 'snort' ;
exit
 
 
Siapkan tabel di [[database]] [[snort]]
 
# mysql -u root -p < /usr/local/src/snort-2.8.0/schemas/create_mysql snort
password:
 
Atau kalau sedang belajar dengan password root 123456 dapat menggunakan perintah
 
# mysql -u root -p123456 < /usr/local/src/snort-2.8.0/schemas/create_mysql snort
atau
 
# mysql -u root -p123456 < /usr/local/src/snort-2.8.6.1/schemas/create_mysql snort
 
Cek [[database]] [[snort]]
 
# mysql -p
Enter password:
show databases;
use snort
show tables;
exit
 
 
==Siapkan BASE==
 
Download dari
 
* http://base.secureideas.net/
* http://sourceforge.net/projects/secureideas/
 
Install [[BASE]] untuk versi 1.4.5
 
cp base-1.4.5.tar.gz /var/www/
cd /var/www
tar zxvf base-1.4.5.tar.gz
mv base-1.4.5 base
cd /var/www/base
cp base_conf.php.dist base_conf.php
 
 
 
Edit konfigurasi [[BASE]]
 
# vi base_conf.php
 
isi dengan
 
$BASE_urlpath = "/base";
$DBlib_path = "/usr/share/php/adodb/";
$DBlib_path = "/var/adodb/"; - gunakan ini untuk instalasi adodb manual
$DBtype = "mysql";
$alert_dbname  = 'snort';
$alert_host    = 'localhost';
$alert_port    = '';
$alert_user    = 'snort';
$alert_password = 'snort';
$archive_exists  = 0;
$archive_dbname  = 'snort';
$archive_host    = 'localhost';
$archive_port    = '';
$archive_user    = 'snort';
$archive_password = 'snort';
 
Beri ijin [[Apache]] [[Web Server]] mengakses folder [[BASE]]
 
# chown -Rf www-data.www-data /var/www/base
 
 
Akses [[Web]] [[SNORT]] & [[BASE]]
 
http://localhost/base
 
Setup page
CREATE BASE AG
Main page


==Bacaan==
==Bacaan==

Revision as of 05:15, 15 December 2010

Bacaan

Referensi

Pranala Menarik

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=Instalasi_SNORT_dan_BASE&oldid=23339"