Difference between revisions of "SNORT: Install SNORT"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (22 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Konfigurasi database | + | '''NOT RECOMMENDED: Karena snort-mysql & acidbase sudah tidak menjadi bagian dari repo Ubuntu''' |
| + | |||
| + | |||
| + | Install menggunakan perintah | ||
| + | |||
| + | sudo apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \ | ||
| + | mysql-server libmysqlclient-dev libphp-adodb libgd2-xpm-dev php5-mysql \ | ||
| + | php5-gd php-pear apache2 php5 php5-xmlrpc php5-mysql php5-gd php5-cli php5-curl \ | ||
| + | mysql-client libdumbnet1 libdumbnet-dev php-pear | ||
| + | |||
| + | pear install Numbers_Roman | ||
| + | pear install Numbers_Words-0.18.1 | ||
| + | pear install Image_Canvas-0.3.5 | ||
| + | pear install Image_Graph-0.8.0 | ||
| + | pear install --alldeps mail | ||
| + | |||
| + | Konfigurasi [[database]] | ||
| + | |||
| + | mysql -u root -p123456 | ||
| − | |||
create database snort; | create database snort; | ||
grant ALL on root.* to snort@localhost; | grant ALL on root.* to snort@localhost; | ||
| Line 8: | Line 25: | ||
exit | exit | ||
| − | + | Instal SNORT | |
| − | apt-get install snort- | + | apt-get install snort snort-common snort-common-libraries snort-rules-default |
| − | + | Masukan | |
| − | 192.168.0.0/16 | + | Address range for the local network: 192.168.0.0/16 |
| + | mysql password : snort | ||
Konfigurasi [[database]] | Konfigurasi [[database]] | ||
| Line 25: | Line 43: | ||
cd /usr/share/doc/snort-mysql/ | cd /usr/share/doc/snort-mysql/ | ||
zcat create_mysql.gz | mysql -u root -h localhost -p123456 snort | zcat create_mysql.gz | mysql -u root -h localhost -p123456 snort | ||
| + | |||
| + | Konfigurasi [[SNORT]] | ||
| + | |||
| + | vi /etc/snort/database.conf | ||
| + | |||
| + | output database: alert, mysql, user=snort password=snort dbname=snort host=localhost | ||
| + | output database: log, mysql, user=snort password=snort dbname=snort host=localhost | ||
| + | |||
| + | Cek juga snort.conf harusnya OK | ||
| + | |||
| + | vi /etc/snort/snort.conf | ||
| + | |||
| + | # dibagian output database masukan | ||
| + | include database.conf | ||
| + | |||
| + | |||
| + | Buang db-pending-config | ||
| + | |||
| + | rm /etc/snort/db-pending-config | ||
| + | |||
| + | jika di perlukan | ||
| + | |||
| + | dpkg-reconfigure -plow snort-mysql | ||
| + | |||
| + | |||
| + | Konfigurasi BASE | ||
| + | |||
| + | vi /etc/acidbase/database.php | ||
| + | |||
| + | $alert_user='snort'; | ||
| + | $alert_password='snort'; | ||
| + | $basepath='/acidbase'; | ||
| + | $alert_dbname='snort'; | ||
| + | $alert_host='localhost'; | ||
| + | $alert_port=''; | ||
| + | $DBtype='mysql'; | ||
| + | |||
| + | ==Restart [[APACHE]] dan [[SNORT]]== | ||
| + | |||
| + | /etc/init.d/apache2 restart | ||
| + | /etc/init.d/snort restart | ||
| + | |||
| + | Tampaknya snort bisa di jalankan menggunakan perintah | ||
| + | |||
| + | /usr/sbin/snort -m 027 -D -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i eth0 | ||
| + | |||
| + | Akses ke | ||
| + | |||
| + | http://localhost/acidbase | ||
| + | |||
| + | |||
| + | ==Beberapa ERROR== | ||
| + | |||
| + | Pada masa lalu kita menjalankan [[snort]] menggunakan | ||
| + | |||
| + | snort -dev -c /etc/snort/snort.conf -D | ||
| + | |||
| + | jika terjadi fatal error seperti | ||
| + | |||
| + | ERROR: Failed to initialize dynamic preprocessor: SF_SMTP version 1.1.8 | ||
| + | |||
| + | Sebaiknya jalankan snort menggunakan perintah | ||
| + | |||
| + | /etc/init.d/snort restart | ||
| + | |||
| + | ==Perbaiki Rules== | ||
| + | |||
| + | Jalankan | ||
| + | |||
| + | snort -dev -c /etc/snort/snort.conf | ||
| + | |||
| + | Akan keluar error seperti | ||
| + | |||
| + | Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead. | ||
| + | ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed | ||
| + | Fatal Error, Quitting.. | ||
| + | |||
| + | Perbaiki line yang error misalnya | ||
| + | |||
| + | vi /etc/snort/rules/dos.rules | ||
| + | |||
| + | delete line 42 | ||
| + | |||
| + | |||
| + | ==Ijin Akses Non Localhost== | ||
| + | |||
| + | Pada saat belajar, agar mesin non-localhost dapat mengakses kita perlu mengedit | ||
| + | |||
| + | vi /etc/acidbase/apache.conf | ||
| + | |||
| + | Tambahkan | ||
| + | |||
| + | <DirectoryMatch /usr/share/acidbase/> | ||
| + | ... | ||
| + | allow from 127.0.0.0/255.0.0.0 | ||
| + | allow from 0.0.0.0/0.0.0.0 | ||
| + | ... | ||
| + | </DirectoryMatch> | ||
| + | |||
| + | Restart [[Web Server]] | ||
| + | |||
| + | /etc/init.d/apache2 restart | ||
| + | |||
==Bacaan== | ==Bacaan== | ||
Latest revision as of 16:57, 2 June 2015
NOT RECOMMENDED: Karena snort-mysql & acidbase sudah tidak menjadi bagian dari repo Ubuntu
Install menggunakan perintah
sudo apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \ mysql-server libmysqlclient-dev libphp-adodb libgd2-xpm-dev php5-mysql \ php5-gd php-pear apache2 php5 php5-xmlrpc php5-mysql php5-gd php5-cli php5-curl \ mysql-client libdumbnet1 libdumbnet-dev php-pear
pear install Numbers_Roman pear install Numbers_Words-0.18.1 pear install Image_Canvas-0.3.5 pear install Image_Graph-0.8.0 pear install --alldeps mail
Konfigurasi database
mysql -u root -p123456
create database snort; grant ALL on root.* to snort@localhost; grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ; grant ALL on snort.* to snort IDENTIFIED BY 'snort' ; exit
Instal SNORT
apt-get install snort snort-common snort-common-libraries snort-rules-default
Masukan
Address range for the local network: 192.168.0.0/16 mysql password : snort
Konfigurasi database
cd /usr/share/doc/snort-mysql/ zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
Jika sedang belajar
cd /usr/share/doc/snort-mysql/ zcat create_mysql.gz | mysql -u root -h localhost -p123456 snort
Konfigurasi SNORT
vi /etc/snort/database.conf
output database: alert, mysql, user=snort password=snort dbname=snort host=localhost output database: log, mysql, user=snort password=snort dbname=snort host=localhost
Cek juga snort.conf harusnya OK
vi /etc/snort/snort.conf
# dibagian output database masukan include database.conf
Buang db-pending-config
rm /etc/snort/db-pending-config
jika di perlukan
dpkg-reconfigure -plow snort-mysql
Konfigurasi BASE
vi /etc/acidbase/database.php
$alert_user='snort'; $alert_password='snort'; $basepath='/acidbase'; $alert_dbname='snort'; $alert_host='localhost'; $alert_port=; $DBtype='mysql';
Restart APACHE dan SNORT
/etc/init.d/apache2 restart /etc/init.d/snort restart
Tampaknya snort bisa di jalankan menggunakan perintah
/usr/sbin/snort -m 027 -D -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i eth0
Akses ke
http://localhost/acidbase
Beberapa ERROR
Pada masa lalu kita menjalankan snort menggunakan
snort -dev -c /etc/snort/snort.conf -D
jika terjadi fatal error seperti
ERROR: Failed to initialize dynamic preprocessor: SF_SMTP version 1.1.8
Sebaiknya jalankan snort menggunakan perintah
/etc/init.d/snort restart
Perbaiki Rules
Jalankan
snort -dev -c /etc/snort/snort.conf
Akan keluar error seperti
Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead. ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed Fatal Error, Quitting..
Perbaiki line yang error misalnya
vi /etc/snort/rules/dos.rules
delete line 42
Ijin Akses Non Localhost
Pada saat belajar, agar mesin non-localhost dapat mengakses kita perlu mengedit
vi /etc/acidbase/apache.conf
Tambahkan
<DirectoryMatch /usr/share/acidbase/> ... allow from 127.0.0.0/255.0.0.0 allow from 0.0.0.0/0.0.0.0 ... </DirectoryMatch>
Restart Web Server
/etc/init.d/apache2 restart
Bacaan
Referensi
- http://125.160.17.21/speedyorari/index.php?dir=snort/rules RULES JADOEL untuk Percobaan
- http://www.snort.org/snort-downloads
- http://www.snort.org/dl/
- http://www.snort.org/start/rules
- http://base.secureideas.net/