Tuesday, January 05, 2010
Install SnortCenter2 on Ubuntu 9.10 (quick note)
Install guide for snortcenter is here: http://users.telenet.be/larc/documentation/chap1.html
Snortcenter2: http://sourceforge.net/projects/snortcenter2/
Install webserver, php, mysql, curl and perl:
apt-get install apache2 mysql-server php5 php5-mysql perl curl
Create snort DB:
echo "CREATE DATABASE snort;" | mysql -u root -p
Install snort:
apt-get install snort-mysql
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -uroot -p1 snort
Install snortcenter
Download snortcenter2:
wget http://downloads.sourceforge.net/project/snortcenter2/SnortCenter%20Console/SnortCenter%20Console%202.x%203_31_05/snortcenter-console-3-31-05.tar.gz?use_mirror=nchc
tar -vzxf snortcenter-console-3-31-05.tar.gz
mv snortcenter-release/ /var/www/snortcenter
Get adodb lib, place it where snortcenter can include it:
wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-510-for-php5/adodb510.tgz?use_mirror=nchc
tar -vzxf adodb510.tgz
mv adodb5 /var/www/snortcenter/adodb
Create snortcenter DB:
echo "CREATE DATABASE snortcenter;" | mysql -u root -p
Edit snortcenter config file:
vi /var/www/snortcenter/config.php
$DBlib_path = "/var/www/snortcenter/adodb/"; //use absolute path to get rid of an unknown error
//edit mysql conn
Edit database.php file to fix some bug
vi /var/www/snortcenter/database.php
Go to line 294 change "CREATE TABLE schema" to "CREATE TABLE `schema`"
Go to line 304 change "INSERT INTO schema" to "INSERT INTO `schema`"
Open URL: http://server/snortcenter/setup.php and get thing done.
Install snortcenter agent:
wget http://downloads.sourceforge.net/project/snortcenter2/SnortCenter%20Agent/Linux%20Agent/snortcenter-agent-v2.x.linux.tar.gz?use_mirror=nchc
tar -vxzf snortcenter-agent-v2.x.linux.tar.gz
cd sensor/
./setup.sh
conf/start
Go to snortcenter web to add sensor and Push to sensor Ur snort conf (Admin->Import/Update Rules->Copy and paste):
Snortcenter2: http://sourceforge.net/projects/snortcenter2/
Install webserver, php, mysql, curl and perl:
apt-get install apache2 mysql-server php5 php5-mysql perl curl
Create snort DB:
echo "CREATE DATABASE snort;" | mysql -u root -p
Install snort:
apt-get install snort-mysql
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -uroot -p1 snort
Install snortcenter
Download snortcenter2:
wget http://downloads.sourceforge.net/project/snortcenter2/SnortCenter%20Console/SnortCenter%20Console%202.x%203_31_05/snortcenter-console-3-31-05.tar.gz?use_mirror=nchc
tar -vzxf snortcenter-console-3-31-05.tar.gz
mv snortcenter-release/ /var/www/snortcenter
Get adodb lib, place it where snortcenter can include it:
wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-510-for-php5/adodb510.tgz?use_mirror=nchc
tar -vzxf adodb510.tgz
mv adodb5 /var/www/snortcenter/adodb
Create snortcenter DB:
echo "CREATE DATABASE snortcenter;" | mysql -u root -p
Edit snortcenter config file:
vi /var/www/snortcenter/config.php
$DBlib_path = "/var/www/snortcenter/adodb/"; //use absolute path to get rid of an unknown error
//edit mysql conn
$DBtype = "mysql";
$DB_dbname = "snortcenter";
$DB_dbname = "snortcenter";
$DB_host = "localhost";
$DB_user = "root";
$DB_password = "1";
$DB_port = "";
Edit database.php file to fix some bug
vi /var/www/snortcenter/database.php
Go to line 294 change "CREATE TABLE schema" to "CREATE TABLE `schema`"
Go to line 304 change "INSERT INTO schema" to "INSERT INTO `schema`"
Open URL: http://server/snortcenter/setup.php and get thing done.
Install snortcenter agent:
wget http://downloads.sourceforge.net/project/snortcenter2/SnortCenter%20Agent/Linux%20Agent/snortcenter-agent-v2.x.linux.tar.gz?use_mirror=nchc
tar -vxzf snortcenter-agent-v2.x.linux.tar.gz
cd sensor/
./setup.sh
conf/start
Go to snortcenter web to add sensor and Push to sensor Ur snort conf (Admin->Import/Update Rules->Copy and paste):
var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]¶ 5:17 PM
var HOME_NET 192.168.37.0/24
var RULE_PATH /etc/snort/rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var TELNET_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
var EXTERNAL_NET !$HOME_NET
var SNMP_SERVERS $HOME_NET
# Next variable automatic added by SnortCenter, used in some rule(s).
var HTTP_PORTS any
#
preprocessor stream5_global: max_tcp 8192, track_tcp yes, track_udp no
preprocessor stream5_tcp: policy first, use_static_footprint_sizes
#
output log_tcpdump: tcpdump.log
#
#
#
config reference: bugtraq http://www.securityfocus.com/bid/
config reference: cve http://cve.mitre.org/cgi-bin/cvename.cgi?name=
config reference: arachNIDS http://www.whitehats.com/info/IDS
config reference: McAfee http://vil.nai.com/vil/content/v_
config reference: nessus http://cgi.nessus.org/plugins/dump.php3?id=
config reference: url http://
#
#
#-------------------------------------------------------------------------------
# $Id: classification.config, Tuesday 05th 2010f January 2010 05:05:23 PM
#-------------------------------------------------------------------------------
config classification: not-suspicious,Not Suspicious Traffic,3
config classification: unknown,Unknown Traffic,3
config classification: bad-unknown,Potentially Bad Traffic, 2
config classification: attempted-recon,Attempted Information Leak,2
config classification: successful-recon-limited,Information Leak,2
config classification: successful-recon-largescale,Large Scale Information Leak,2
config classification: attempted-dos,Attempted Denial of Service,2
config classification: successful-dos,Denial of Service,2
config classification: attempted-user,Attempted User Privilege Gain,1
config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1
config classification: successful-user,Successful User Privilege Gain,1
config classification: attempted-admin,Attempted Administrator Privilege Gain,1
config classification: successful-admin,Successful Administrator Privilege Gain,1
config classification: rpc-portmap-decode,Decode of an RPC Query,2
config classification: shellcode-detect,Executable code was detected,1
config classification: string-detect,A suspicious string was detected,3
config classification: suspicious-filename-detect,A suspicious filename was detected,2
config classification: suspicious-login,An attempted login using a suspicious username was detected,2
config classification: system-call-detect,A system call was detected,2
config classification: tcp-connection,A TCP connection was detected,4
config classification: trojan-activity,A Network Trojan was detected, 1
config classification: unusual-client-port-connection,A client was using an unusual port,2
config classification: network-scan,Detection of a Network Scan,3
config classification: denial-of-service,Detection of a Denial of Service Attack,2
config classification: non-standard-protocol,Detection of a non-standard protocol or event,2
config classification: protocol-command-decode,Generic Protocol Command Decode,3
config classification: web-application-activity,access to a potentially vulnerable web application,2
config classification: web-application-attack,Web Application Attack,1
config classification: misc-activity,Misc activity,3
config classification: misc-attack,Misc Attack,2
config classification: icmp-event,Generic ICMP event,3
config classification: kickass-porn,SCORE! Get the lotion!,1
config classification: policy-violation,Potential Corporate Privacy Violation,1
config classification: default-login-attempt,Attempt to login by a default username and password,2
#
#
#-------------------------------------------------------------------------------
# $Id: Unknown-Catagory.rules, Tuesday 05th 2010f January 2010 05:05:23 PM
#-------------------------------------------------------------------------------
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any ( sid: 1837; rev: 2; msg: "PORN alt.binaries.pictures.tinygirls"; flow: to_client,established; content: "alt.binaries.pictures.tinygirls"; nocase; classtype: kickass-porn;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( sid: 1292; rev: 9; msg: "ATTACK-RESPONSES directory listing"; flow: established; content: "test"; classtype: bad-unknown;)
alert tcp any any -> any any ( sid: 10293; rev: 10; msg: "testkaka_is_coming"; content: "testkaka";)
Comments:
<< Home
Just desire to say your article is as surprising. The
clearness in your post is simply cool and i could assume
you're an expert on this subject. Well with your permission let me to grab your feed to keep updated with forthcoming post. Thanks a million and please carry on the rewarding work.
Also visit my web-site ... love quotes
My web site - love quotes
clearness in your post is simply cool and i could assume
you're an expert on this subject. Well with your permission let me to grab your feed to keep updated with forthcoming post. Thanks a million and please carry on the rewarding work.
Also visit my web-site ... love quotes
My web site - love quotes
# posted by 
: 5:03 AM
: 5:03 AM
My developer is trying to convince me to move to .net from PHP.
I have always disliked the idea because of the costs. But he's tryiong none the less. I've been using WordPress on
numerous websites for about a year and am concerned about switching to another platform.
I have heard excellent things about blogengine.net. Is there a way I can
import all my wordpress content into it? Any kind
of help would be greatly appreciated!
Feel free to visit my blog - company profile
I have always disliked the idea because of the costs. But he's tryiong none the less. I've been using WordPress on
numerous websites for about a year and am concerned about switching to another platform.
I have heard excellent things about blogengine.net. Is there a way I can
import all my wordpress content into it? Any kind
of help would be greatly appreciated!
Feel free to visit my blog - company profile
# posted by : 3:52 AM
: 3:52 AM
Hi there, I discovered your blog via Google whilst searching for a comparable topic, your
website came up, it appears to be like great.
I've bookmarked it in my google bookmarks.
Hi there, simply changed into aware of your blog via Google, and located that it is really informative. I am gonna watch out for brussels. I'll be
grateful if you happen to continue this in future.
Many folks will likely be benefited from your writing.
Cheers!
My weblog ... xxxmoviegalls.com
website came up, it appears to be like great.
I've bookmarked it in my google bookmarks.
Hi there, simply changed into aware of your blog via Google, and located that it is really informative. I am gonna watch out for brussels. I'll be
grateful if you happen to continue this in future.
Many folks will likely be benefited from your writing.
Cheers!
My weblog ... xxxmoviegalls.com
# posted by : 6:28 AM
: 6:28 AM
Thanks , I have recently been searching for information approximately this subject for a long time
and yours is the best I've found out till now. But, what concerning the conclusion? Are you sure concerning the supply?
Have a look at my site ... Sexygirlchat.Net
and yours is the best I've found out till now. But, what concerning the conclusion? Are you sure concerning the supply?
Have a look at my site ... Sexygirlchat.Net
# posted by : 5:40 PM
: 5:40 PM
Your style is very unique in comparison to
other people I have read stuff from. I appreciate you
for posting when you have the opportunity, Guess I'll just book mark this blog.
My blog - http://www.wildpartygirls.org
other people I have read stuff from. I appreciate you
for posting when you have the opportunity, Guess I'll just book mark this blog.
My blog - http://www.wildpartygirls.org
# posted by : 5:25 AM
: 5:25 AM
hi!,I love your writing so much! proportion we communicate extra approximately your article on AOL?
I need an expert on this space to solve my problem.
Maybe that is you! Looking ahead to see you.
my web blog: sex on webcam
I need an expert on this space to solve my problem.
Maybe that is you! Looking ahead to see you.
my web blog: sex on webcam
# posted by : 5:25 PM
: 5:25 PM
active tramadol online pharmacy no prescription - tramadol hydrochloride high
Post a Comment
# posted by : 11:02 PM
: 11:02 PMSubscribe to Post Comments [Atom]
<< Home
