On this page
- Downloading and untaring
Intrusion Detection With BASE And Snort
Dec 21, 2018 Installation Sources. On the next step you can choose your system installation software. On this step CentOS offers a lot of Server and Desktop platform environments that you choose from, but, if you want a high degree of customization, especially if you are going to use CentOS 7 to run as a server platform. These instructions are intended for installing Apache on a single CentOS 7 node. I’ll be working from a Liquid Web Self Managed CentOS 7 server, and I’ll be logged in as non-root user. If you need more information then visit our tutorial on How to Add a User and Grant Root Privileges on CentOS 7.
This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected on your network.
Scenario: A linux server running Debian Sarge 3.1 setup according to Falko's - The Perfect Setup - Debian Sarge (3.1).
Let's assume we have one working website (www.example.com) and that the document root is: /var/www/www.example.com/web
The IP of the server is 192.168.0.5 and it's using eth0 as network interface name.
Needed programs and files
- Snort rules
- PCRE (Perl Compatible Regular Expressions)
- BASE (Basic Analysis and Security Engine)
- ADOdb (ADOdb Database Abstraction Library for PHP (and Python).)
Downloading and untaring
We need a temporary place for all the files that we are going to download, and untar.
To keep things simple we will create a directory in the /root named snorttemp. (It's obvious that this download directory can be any name and in anyplace)
Now you need to get Snort.
The latest version at the time of writing this is 2.6.0
When the download is finished untar the file:
And letâ€™s remove the tar file:
We also need the Snort rules!
Go to: http://www.snort.org/pub-bin/downloads.cgi and scroll down till you see the 'Sourcefire VRT Certified Rules - The Official Snort Ruleset (unregistered user release)' rules
(If you are a member of the forum you can also download the - registered user release):
Move the snortrules-pr-2.4.tar.gz into the snort-2.6.0 map:
and cd into snort-2.6.0:
Trinity blood sub indo 480p. Untar the snortrules-pr-2.4.tar.gz file:
Remove the tar file:
We are done downloading the files needed to get Snort to work.
To make snort work with BASE, we need more!
PCRE - Perl Compatible Regular Expressions.
Go to: http://www.pcre.org/ and select a download link for the pcre-6.3tar.gz file to download PCRE (at time of writing this it is pcre-6.3.tar.gz)
cd back to the snorttemp map:
and download the pcre-6.3.tar.gz file:
Untar the file:
Remove the tar: