SNORT_INLINE - The Easy Tutorial - BASE http://openmaniak.com/inline_base.

php

Snort_Inline Base
Last update: 26-Apr-2007
TOTAL
Search Since dec
What is Snort_Inline? Tool 2006
Screenshots Install 1'418'081
Prerequisites Ergonomy Visitors
Installation Forum Details 3'247'570
Oinkmaster - Snort Rules Pages
Oinkmaster - Bleeding Rules
Run Snort_Inline Apr
BASE 2010
Bridging Stats
78'336
Visitors
154'549
Pages
If you like our tutorials, don't hesitate to support us and visit our sponsors! 188
countries
Help us
Full
translate
statistics
our
OM TEAM
tutorials!
BASE is a graphical interface written in PHP used to display the logs generated by the Snort_Inline IPS and Director:
sent into the database. It stands for Basic Analysis and Security Engine. Blaise
JOIN the
You can find the BASE website here: http://base.secureideas.net/ Carrera
OpenManiak
Tutorials
Team.
creation:
1. DOWNLOAD BASE: Blaise
Carrera
Download the latest version. Translaters:
Giovanni
We now have to uncompress the files and put them in the correct folder: Fredducci
Angel
#tar -xvf base-1.3.5.tar.gz Chraniotis
#mv /home/user/Desktop/base-1.3.5 /var/www/base Moham.
H. Karvan
Alexandro
Silva
2. CONFIGURE BASE: Blaise
Carrera
We need ADOdb (Active Data Objects Data Base) for BASE. AdOdb is in fact a database abstraction library Andrei
for PHP. Chertolyas
Informations about ADOdb can be found here: http://adodb.sourceforge.net/ Sergiy
Uvarov
Download "ADOdb for PHP": http://adodb.sourceforge.net/#download Nickola
Again we now have to uncompress the files and put them in the correct folder: Kolev
Łukasz
#tar -xvf adodb490.tgz Nowatkowski
#mv /home/user/Desktop/adodb /var/www/base/ Ivo Raisr
Catalin
There are two ways to configure BASE: Bivolaru
Either you use a wizard or you change the config file by yourself. Bogdan A.
Costea
A) Using the wizard Kirill
Simonov
#chown -R www-data /var/www/base/ Oliver
Mucafir
The change above will be needed to let the web server user (www-data) write in the BASE directory. Open JaeYoung
a web browser and select the BASE directory: Jeon
http://localhost/base
Seungyoon
Here you are entering a wizard: Lee
Jie Yu & Si
Step 0: Check if everything is okay to begin the wizard. Cheng
Tao Wei
YukiAlex
Fumihito
Yoshida

Muhammad
Takdir
Çağdaş
Tülek
Auditors
Step 1: Language and path to ADOdb: /var/www/base/. Leslie
Luthi
Joe
Anderson

1 de 4 19/06/10 15:38
SNORT_INLINE - The Easy Tutorial - BASE http://openmaniak.com/inline_base.php

Jennifer
Ockwell
Nigel
Titley
Alison
Rees

Sabrina
Barbey

Step 2: MySQL settings. Webmaster:

Blaise
Carrera

Step 3: BASE authentification settings.

Step 4: Create the MySQL database and tables (click on Create BASE AG).

B) Change the config file

It's not mandatory to use the wizard, you can do everything manually.
The first thing to do is to set the file base_conf.php.dist.
Open base_config.php.dist in the BASE directory and change the lines as shown below.

2 de 4 19/06/10 15:38
SNORT_INLINE - The Easy Tutorial - BASE http://openmaniak.com/inline_base.php

$DBlib_path="./adodb";

$DBtype="mysql";

$alert_dbname = snort;
$alert_host = localhost;
$alert_port = "";
$alert_user = snortuser;
$alert_password = snortpassword;

$archive_dbname = snort;
$archive_host = localhost;
$archive_port = "";
$archive_user = snortuser;
$archive_password = snortpassword;

Then you must rename the file from base_conf.php.dist to base_conf.php

#mv /var/www/base/base_conf.php.dist /var/www/base/base_conf.php

Second thing to do is to import the BASE MySQL tables into the snort database:

# mysql -u root -p snort < /var/www/base/sql/create_base_tbls_mysql.sql

3. CONNECT TO BASE:

Just access the BASE web link:

http://localhost/base
You will be prompted for a new password for the admin user.

4. BASE GRAPHS:

First we have to install the graphics library php5-gd for handling graphics directly from PHP scripts.

# apt-get install php5-gd

Then restart the apache webserver:

# /etc/init.d/apache2 restart

Second thing to do is to download three php PEAR libraries.

PEAR stands for "PHP Extension and Application Repository".

To download and install the librairies easily, the best thing to do is to install the php-pear package:

# apt-get install php-pear

Then we have to install the following packages:

Image_Graph, Image_color and Image_Canvas.

#pear install --force Image_Color

#pear install --force Image_Canvas
#pear install --force Image_Graph

Since there are some dependencies, you need to install the scripts in the order above.
Now, you have access to the graphs ...

Here are two typical error messages:

1 - Php5-gd is not installed:

PHP ERROR: PHP build incomplete: the prerequisite GD support required to generate graphs was not build
into PHP. Please recompile PHP with the necessary library (--with-gd).

2 - Php-pear and/or its extensions are not installed correctly:

Error loading the Graphing library:

3 de 4 19/06/10 15:38
SNORT_INLINE - The Easy Tutorial - BASE http://openmaniak.com/inline_base.php

Check your Pear::Image_Graph installation!

Image_Graph can be found here:at http://pear.veggerby.dk/. Without this library no graphing operations
can be performed.

5. BASE OPTIONAL SETTINGS:

To customize the BASE tool, edit /var/www/base/base_config.php

There are two useful settings to activate:

A/Enabling DNS resolution

$resolve_IP= 1;

B/ Enabling colored alerts

Strangely, it seems that when you use the wizard procedure, the lines concerning the colored alerts are
lost.
So if you used the manual install procedure, just active the $colored_alerts variable, or (ie: you used the
wizard procedure) copy the lines below in your base_config.php file.

/**
* This option is used to set if BASE will use colored results
* based on the priority of alerts
* 0 : no
* 1 : yes
*/
$colored_alerts = 1;

// Red, yellow, orange, gray, white, blue

$priority_colors = array ('FF0000','FFFF00','FF9900','999999','FFFFFF','006600');

If you liked our tutorials, don't hesitate to support us and visit our sponsors!

4 de 4 19/06/10 15:38