Monday, July 5, 2010

Installing Snort

haaa... salam.. korang tau snort tuh apa?? tak tau ehh.. aku pon.. tapi aku tau la cara install dia... korang leh kaji apa itu snort dan BASE... ok dibawah ada cara2 aku tunjuk... mudah... dan best...

1. # portinstall snort
-- OR --
# make -C /usr/ports/security/snort install all

2.# portinstall oinkmaster
-- OR --
# make -C /usr/ports/security/oinkmaster install all

3. # cp /usr/local/etc/oinkmaster.conf.sample /usr/local/etc/oinkmaster.conf

4. # Example for Snort-current ("current" means cvs snapshots).
url = http://www.snort.org/pub-bin/oinkmaster.cgi//snortrules-snapshot-CURRENT.tar.gz

5. # oinkmaster -o /usr/local/etc/snort/rules/
Loading /usr/local/etc/oinkmaster.conf
Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-CURRENT.tar.gz... done.
Archive successfully downloaded, unpacking... done.
Setting up rules structures... done.
Processing downloaded rules... disabled 0, enabled 0, modified 0, total=9942
Setting up rules structures... done.
Comparing new files to the old ones... done.
Updating local rules files... done.

korang create la mysql passwd and user:
# mysql -u root -ppassword
mysql> CREATE DATABASE `snort`;
mysql> GRANT ALL PRIVILEGES ON snort.* TO 'snort'@'localhost' IDENTIFIED BY 'snortpassword';

6. # mysql -u snort -psnortpassword snort < /usr/local/share/examples/snort/create_mysql

7. pastuh korang config snort.conf
# pico -w /usr/local/etc/snort/snort.conf

8. uncomment dan config line ini:
# config detection: search-method lowmem
# output alert_syslog: LOG_AUTH LOG_ALERT
# output database: log, mysql, user=root password=test dbname=db host=localhost

9. uncomment kesemua include $RULE_PATH/*.rules kecuali line ini:
# include $RULE_PATH/local.rules <--- komen line nih

10. pastuh aktifkan snort dalam /etc/rc.conf.. dan start skali...
# echo "snort_enable=\"YES\"" >> /etc/rc.conf
# /usr/local/etc/rc.d/snort start
Starting snort.

11. kalu korang run tail /var/log/messages dia akan kuar camnih:

snort[12558]: Initializing daemon mode
kernel: fxp0: promiscuous mode enabled
snort[12559]: PID path stat checked out ok, PID path set to /var/run/
snort[12559]: Writing PID "12559" to file "/var/run//snort_fxp0.pid"
snort[12559]: Daemon initialized, signaled parent pid: 12558
snort[12558]: Daemon parent exiting
snort[12559]: Snort initialization completed successfully (pid=12559)

12. kalu xkuar error tuh berehhh selalu...

13.untuk test snort ke server len:

snort[12559]: [1:368:6] ICMP PING BSDtype [Classification: Misc activity] [Priority: 3]: {ICMP} xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx
snort[12559]: [1:366:7] ICMP PING *NIX [Classification: Misc activity] [Priority: 3]: {ICMP} xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx
snort[12559]: [1:384:5] ICMP PING [Classification: Misc activity] [Priority: 3]: {ICMP} xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx

14. pastuh korang install la BASE yang mudah sgt...

# portinstall adodb
-- OR --
# make -C /usr/ports/databases/adodb install clean

Selepas anda memperluaskan tarball, pergi ke BASE anda memasang URL dalam browser.. siap!~
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts