Front Office Football Central

Front Office Football Central (https://forums.operationsports.com/fofc//index.php)
-   FOFC Archive (https://forums.operationsports.com/fofc//forumdisplay.php?f=27)
-   -   Ping: software guys (https://forums.operationsports.com/fofc//showthread.php?t=47122)

Raven 02-11-2006 01:14 PM
Ping: software guys
 
Anyone here have experience with a NIDS?

I am trying to set up Snort with a mySQL database but have some questions.

Raven 02-13-2006 07:22 AM
The Monday morning bump.

DaddyTorgo 02-13-2006 03:03 PM
i used to sell NIDS, but i have no idea of the technical side of them. that's all. just wanted to put a plug in for my short-lived sales career selling Dragon NIDS for Enterasys.

Daimyo 02-13-2006 03:05 PM
I've set up Snort, MySQL, and ACID a couple times before, but I used RHEL 4 and the RPMs so it was pretty straight forward.

Daimyo 02-13-2006 03:20 PM
DOLA, I found this document that I wrote up at the time for the lower level techs to setup snort for test environments. It assumes a minimal install of RHEL4 (that is what the cd numbers reference), but I'm sure you could use any distro as long you could find the equivalent RPMs for it.


Snort Sensor

Get Files

• Snort (2.3.0)
• Snort mysql support (2.3.)
• Libcap (0.6.2 -- or whichever version Snort requires)
• Libmysqlclient

http://www.snort.org/dl/binaries/lin...3.0-1.i386.rpm
http://www.snort.org/dl/binaries/lin...3.0-1.i386.rpm
ftp://rpmfind.net/linux/redhat/updat...8.0.2.i386.rpm
cd3: mysqlclient10-3.23.58-4.RHEL4.1.i386.rpm

Install RPMs

# mkdir /usr/tools
# cd /usr/tools

# wget http://www.snort.org/dl/binaries/lin...3.0-1.i386.rpm
# wget http://www.snort.org/dl/binaries/lin....3.0-1.src.rpm
# wget http://www.snort.org/dl/binaries/lin...3.0-1.i386.rpm
# wget ftp://rpmfind.net/linux/redhat/updat...8.0.2.i386.rpm

# mount /media/cdrom
# cp /media/cdrom/RedHat/RPMS/mysqlclient10-3.23.58-4.RHEL4.1.i386.rpm /usr/tools

# rpm -ivh --force libpcap-0.6.2-17.8.02.i386.rpm
# rpm -ivh snort-2.3.0-1.i386.rpm

# mkdir /usr/src/redhat
# mkdir /usr/src/redhat/SOURCES
# rpm -ivh snort-2.3.0-1.src.rpm

# rpm -ivh mysqlclient10-3.23.58-4.RHEL4.1.i386.rpm
# rpm -ivh snort-mysql-2.3.0-1.i386.rpm
# up2date -u

Configure Snort

# nano /etc/snort/snort.conf

Set var HOME_NET to equal local subnet in CIDR notation (ie 10.0.0.0/24) and uncomment it (delete the #).

Comment out the “var HOME_NET any” line with a #.

Scroll down to the output section and uncomment the line:
output database: log, mysql, user=root password=test dbname=db host=localhost

and change it to (substitute a good password for
output database: log, mysql, user=snort password= dbname=snortdb host=localhost


Database Server

Get Files

• MySql 4.1.7
• Perl-DBD-MySql
• Perl DBIcd /media


cd2: mysql-4.1.7-4.RHEL4.1.i386.rpm
cd2: perl-DBD-MySQL-2.9004-3.1.i386.rpm
cd2: perl-DBI-1.40-5.i386.rpm
cd4: mysql-server-4.1.7-4.RHEL4.1.i386.rpm

# rpm -ivh perl-DBI-1.40-5.i386.rpm
# rpm -ivh --nodeps mysql-4.1.7-4.RHEL4.1.i386.rpm
# rpm -ivh perl-DBD-MySQL-2.9004-3.1.i386.rpm
# rpm -ivh --replacepkgs mysql-4.1.7-4.RHEL4.1.i386.rpm
# rpm -ivh mysql-server-4.1.7-4.RHEL4.1.i386.rpm
# up2date -u

Configure MySQL

# cd /etc/init.d
# mysqld start
# mysql
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR 'root'@'host_name' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
mysql> create database snortdb;
mysql> grant INSERT,SELECT on root.* to snort@localhost;
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('password_from_snort.conf');
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snortdb.* to snort@localhost;

mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snortdb.* to snort;
mysql> exit

# mysql -u root -p < /usr/src/redhat/SOURCES/snort-2.3.0/schemas/create_mysql snortdb


Web Server

Get Files

• Apache
• PHP
• ACID


cd2: httpd-2.0.52-9.ent.i386.rpm
cd2: httpd-su-exec-2.0.52-9.ent.i386.rpm
cd2: apr-0.9.4-24.1.i386.rpm
cd2: apr-util-0.9.4-17.1.i386.rpm
cd2: php-4.3.9-3.1.i386.rpm
cd2: php-pear-4.3.9-3.1.i386.rpm
cd2: curl-7.12.1-3.i386.rpm
cd2: libidn-0.5.6-1.i386.rpm
cd2: php-mysql-4.3.9-3.1.i386.rpm
cd4: php-gd-4.3.9-3.1.i386.rpm

Install RPMs

# rpm -ivh --nodeps httpd-su-exec-2.0.52-9.ent.i386.rpm
# rpm -ivh apr-0.9.4-24.1.i386.rpm
# rpm -ivh apr-util-0.9.4-17.1.i386.rpm
# rpm -ivh httpd-2.0.52-9.ent.i386.rpm

# rpm -ivh --nodeps php-pear-4.3.9-3.1.i386.rpm
# rpm -ivh libidn-0.5.6-1.i386.rpm
# rpm -ivh curl-7.12.1-3.i386.rpm
# rpm -ivh php-4.3.9-3.1.i386.rpm
# rpm -ivh php-mysql-4.3.9-3.1.i386.rpm
# rpm –ivh php-gd-4.3.9-3.1.i386.rpm
# up2date -u
# service httpd stop
# service httpd start

Daimyo 02-13-2006 03:21 PM
DOLA, that's from almost exacty a year ago too... so I'm sure version numbers have changed.

gstelmack 02-13-2006 03:31 PM
Snort? NIDS? I'm a geek and I'M lost with all this.

Daimyo 02-13-2006 04:44 PM
Quote:
Originally Posted by gstelmack
Snort? NIDS? I'm a geek and I'M lost with all this.
Network-based Intrusion Detection System

They exist at the network layer (as opposed to a Host-based IDS) and inspect network traffic at the packet level in an effort to identify traffic that shouldn't be there. A NIPS (P = prevention) takes it another step and actually attempts to block traffic it identifies as dangerous.

Snort is open source NIDS that has basically become the defacto standard.

Fidatelo 02-13-2006 04:47 PM
I write software for a living and I had no clue what the heck was going on until I googled snort.

The thread did make me think it might be funny to post a tech thread that was just full of made up acronyms just to really confuse people :)

Raven 02-13-2006 05:22 PM
Thanks, Daimyo. This should be helpful.


All times are GMT -5. The time now is 01:32 AM.

Powered by vBulletin Version 3.6.0
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.