| « Tuning Snort and flex response |
Installing Snort sensor with Mysql and BASE on CentOS Linux
![[mail]](img/envelope.gif){kind=small}
Installing BASE
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS.
You will need to install the following packages before installing BASE:
php-mysql
php-gd
php-pear-Net-SMTP
To install these packages execute:
# yum install php-mysql php-gd php-pear-Net-SMTP
You will also need the following pear packages:
Image_Color
Image_Canvas-alpha
Image_Graph-alpha
You can install them by executing:
# pear install Image_Color
# pear install Image_Canvas-alpha
# pear install Image_Graph-alpha
BASE also needs adodb. You can download it from http://adodb.sourceforge.net/#download. Make sure that the version you download corresponds with your version of PHP.
I use adodb-php5-only which you can get here: http://superb-east.dl.sourceforge.net/sourceforge/adodb/adodb506a.tgz
You can use wget to download it:
# cd /tmp/
# wget http://superb-east.dl.sourceforge.net/sourceforge/adodb/adodb506a.tgz
After download uncompress it to your web directory, usually /var/www/html:
# cd /var/www/html
# tar xvzf /tmp/adodb506a.tgz
Now download BASE to the same directory. BASE can be found here: http://base.secureideas.net/. You can also use the direct link:
# cd /tmp/
# wget http://voxel.dl.sourceforge.net/sourceforge/secureideas/base-1.4.1.tar.gz
Uncompress BASE to the web directory:
# cd /var/www/html
# tar xvzf /tmp/base-1.4.1.tar.gz
Rename the BASE directory:
# mv base-php5 base
Configure BASE:
# cd base
# cp base_conf.php.dist base_conf.php
Edit base_conf.php:
# vi base_conf.php
Change BASE_url_path variable to "/base".
Change Dblib_path variable to the location of adodb, in this case "/var/www/html/adodb5".
Configure mysql access the following way:
$Dbtype = 'mysql'
$alert_dbbame="snort"
$alert_host="localhost"
$alert_port=""
$alert_user="snort"
$alert_password="password"
$archive_exists=0
$archive_dbbame="snort"
$archive_host="localhost"
$alert_port=""
$archive_user="snort"
$archive_password="password"
Now start apache:
# /etc/init.d/httpd start
And add apache to the startup:
# chkconfig --level 345 httpd on
Now you should be able to access BASE through your web browser:
If BASE complains about invalid database structure follow the links to the "Setup Page" and add BASE tables from there. Then go to the Main page and you should have a working snort sensor with BASE front end.
If you wish to enable authentication for BASE, create a user under Administration section of BASE interface, and then go back to base_conf.php and flip the value of "Use_Auth_System" variable.
Enjoy!
6 comments
execute the "./configure --with-mysql --prefix-/usr
" ,it prompts "no such file or directory",what
is the purpose of this command?Besides,when i
run the "yum install mysqlclient10",it tells me
there is no mysqlclient10 available then i install
the mysqlclient10-3.23.58-9.2.1.i386.rpm,is that
OK?Lookforward your reply.
and pear install Image_Graph-alpha. it said my PEAR installer version is not enough. what you have to do is download new package and intall it.
This post has 16 feedbacks awaiting moderation...
Comment feed for this postLeave a comment
