Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Snort/BASE/PEAR libs + Image_Graph

  1. #11
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by streaker69 View Post
    CentOS5.1 is 6 CD's and yes, you need all 6 of them to install it. Driftnet doesn't really function as a 'real' screensaver, just I have it open full screen with the ever changing mosaic of pictures that people are seeing on the intertubes. It's also saving all the pictures to a directory, just in case someone is looking at something they shouldn't be.

    The plugin when it's done, should work with any Webcam or Netcam, but right now I haven't been able to get it started, because apparently V4L has an issue with USB 1.1 devices and the only camera I have to work with is a 1.1 device. I need to get a 2.0 device to even begin testing it out.

    BSMFH? Hmm, last I checked I wasn't a Sado-Masochist, but BoFH is fine with me, been following the antics of Simon for many years. Lately life at work hasn't been terribly exciting. You would have wanted to be around last summer when we were converting our SCADA/HMI system from ModBus+ over to Ethernet, that was a fun time of hardware upgrades, systems crashing and potential environmental disasters. Hopefully later this summer I'll be moving forward with converting our phone system to VoIP, so far, it's not looking good because we need a cordless phone on the system that is able to cover the 10 acres the plant sits on without using standard Wifi.

    But hey, if you ever make it to Central PA, drop me a line, you'd be welcome to stop in, I've had a couple members from this forum stop out and see me at the office.
    Ahh, I understand now concerning your Driftnet screen saver. Thats not a bad idea at all and closely monitoring&logging the co-workers image_surfing over a corporate network is great for evidence of any malicious act. Would it not clog up the HDD's?

    About the cam, thats odd. I would have thought being 'linux' the support for USB1.1 would have been well covered? It goes to show!

    Heh, lol Simon! I remember reading one episode ages ago, like seriously a long time ago about a Christmas party, a salesman and a pimply faced teenager..can't really remember what happened but I recall it was a good read. I read a few others, but its been ages since I have.

    Your right, when it comes to fun - problems are the best. You used SCADA at your work? I thought I watched a conference one time about SCADA being used in power stations, always thought it was a risk. I bet that your glad you made the move, it does sound like you had some craic with all those red alarms going off lol

    Within my city there are numerous mobile/cell phone masts, do you think its possible to implement on something similar for VoIP over 10 acres?...Well Im back from the garage and I got my coffee - Time to get BASE working

  2. #12
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by The_Denv View Post
    Your right, when it comes to fun - problems are the best. You used SCADA at your work? I thought I watched a conference one time about SCADA being used in power stations, always thought it was a risk. I bet that your glad you made the move, it does sound like you had some craic with all those red alarms going off lol
    SCADA is used in all kinds of industry but recently the power stations have been getting all the press because of a video that was released last year about a generator self destructing due to a 'hacker' infiltration in the network. It was staged for the cameras just to show what could happen.

    A friend of mine had done extensive SCADA work at a plant that makes pies, basically the entire process is automated. The SCADA software that we use actually has a Recipe modules for mixing ingredients together. We of course don't need that.

    During our change over, the contractor that was working with us, neglected to actually save a changed program to the PLC. That night, we had a thunderstorm and had a major power flicker in the building, the PLC lost power and forgot its programming. We didn't realize that was the problem and it took several hours to figure out what was wrong, because the PLC appeared to be ok. By the time we got it figured out, since the contractor was no longer on site and it was left up to us to fumble through it, the screens had clogged up and the inbound flow had filled a 48" pipe to 44", for the entire 8 mile run of the pipe. We had about another 30 minutes before it would have backed up to the point of popping manholes along it's length.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #13
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by streaker69 View Post
    SCADA is used in all kinds of industry but recently the power stations have been getting all the press because of a video that was released last year about a generator self destructing due to a 'hacker' infiltration in the network. It was staged for the cameras just to show what could happen.

    A friend of mine had done extensive SCADA work at a plant that makes pies, basically the entire process is automated. The SCADA software that we use actually has a Recipe modules for mixing ingredients together. We of course don't need that.

    During our change over, the contractor that was working with us, neglected to actually save a changed program to the PLC. That night, we had a thunderstorm and had a major power flicker in the building, the PLC lost power and forgot its programming. We didn't realize that was the problem and it took several hours to figure out what was wrong, because the PLC appeared to be ok. By the time we got it figured out, since the contractor was no longer on site and it was left up to us to fumble through it, the screens had clogged up and the inbound flow had filled a 48" pipe to 44", for the entire 8 mile run of the pipe. We had about another 30 minutes before it would have backed up to the point of popping manholes along it's length.
    Yeh man, I think the video you are talking about is the video that I watched, I think the 2 men who where presenting it where foreign, maybe German. SCADA pies....now thats food for thought lol!

    Jesus!...Man that sounds amazing! Okay I can see that it was a complete disaster and a lot of work involved for you, especially when the contractor wasn't there - But that could make a really good scene in a movie, seriously. [I have wrote a few scripts lol]. You really do have an exciting job, for some reason I am getting an image of Dan Aykroyd in Sneakers

    Well this BASE project is going to have to wait until I can get my Edimax to connect to my AP, all day today I have been tearing my hair out because I have connected to my AP 1,000+ times and my card decided to show me my AP, connect to it..then it stops working and I can't see any APs [evil repetitive loop]. Also, when it does decide to see APs it cant inject...I added my problem onto another thread as its OT here. I will conquer it, even if it means a prozac prescription!

    EDIT (25/Jun/08): Just to update the people who may be following this thread, this is my last week of me attending a few business classes as I am starting my own business. I have not done anything on BASE since my last time editing one of the posts. I have however got my Edimax card working (simply by unplugging it and plugging it back in). So after my class tonight I will return here and begin sorting this BASE project out once and for all, I do not like things beating me for so long, sorry for 1-2days of no progression

    [Btw, has anyone here on the fourms actually got this to work on BT3f]?

  4. #14
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    My head is fried.

    Apart from the error: ERROR: $mycountry

    I am getting this on BASE's HTTP interface:

    Code:
    Error (p)connecting to DB : snort@localhost
    
    Check the DB connection variables in base_conf.php
    
                   = $alert_dbname   : MySQL database name where the alerts are stored 
                   = $alert_host     : host where the database is stored
                   = $alert_port     : port where the database is stored
                   = $alert_user     : username into the database
                   = $alert_password : password for the username
                  
    
    Database ERROR:Access denied for user 'snort'@'localhost' (using password: YES)
    Does anyone have an idea of what is going on? Maybe its MySQL not allowing a root user to use it or something. I am not sure. Has there not been anyone here that has BASE&Snort up and running on their Back|Track3-Final install? [With world map]? I have been torturing myself with this since last night [the other day I set it aside for a while as it was so annoying]. I have been changing base_conf.php and snort.conf constantly to see what happened if I changed a certain value and nothing is happening.

    As per usual, I have searched Google and the error: ERROR: $mycountry is not ANYWHERE on Google apart from this thread. If anyone can help I would seriously appreciate it. Thanks

  5. #15
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by The_Denv View Post
    My head is fried.

    Apart from the error: ERROR: $mycountry

    I am getting this on BASE's HTTP interface:

    Code:
    Error (p)connecting to DB : snort@localhost
    
    Check the DB connection variables in base_conf.php
    
                   = $alert_dbname   : MySQL database name where the alerts are stored 
                   = $alert_host     : host where the database is stored
                   = $alert_port     : port where the database is stored
                   = $alert_user     : username into the database
                   = $alert_password : password for the username
                  
    
    Database ERROR:Access denied for user 'snort'@'localhost' (using password: YES)
    Does anyone have an idea of what is going on? Maybe its MySQL not allowing a root user to use it or something. I am not sure. Has there not been anyone here that has BASE&Snort up and running on their Back|Track3-Final install? [With world map]? I have been torturing myself with this since last night [the other day I set it aside for a while as it was so annoying]. I have been changing base_conf.php and snort.conf constantly to see what happened if I changed a certain value and nothing is happening.

    As per usual, I have searched Google and the error: ERROR: $mycountry is not ANYWHERE on Google apart from this thread. If anyone can help I would seriously appreciate it. Thanks
    The $mycountry thing has to do with the GeoIPfree thing that's in the base.conf.php file. I don't recall setting mine, as I think it does it automatically when you compile that ips_ascii file so it can locate based upon IP.

    Did you grant rights to your snort user in the database?

    mysql --user=mysql -p mysql
    GRANT ALL ON snort.* TO snort@localhost IDENTIFIED BY 'snortpassword';
    GRANT ALL ON snort.* TO snort@"%" IDENTIFIED BY 'snortpassword';
    flush privileges;
    exit
    You can either do that from the command line or from phpMyAdmin.

    Extrapolate the information you need from my friend's page here: http://www.nmsworld.com/UNIX/Snort.htm
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #16
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by streaker69 View Post
    The $mycountry thing has to do with the GeoIPfree thing that's in the base.conf.php file. I don't recall setting mine, as I think it does it automatically when you compile that ips_ascii file so it can locate based upon IP.

    Did you grant rights to your snort user in the database?



    You can either do that from the command line or from phpMyAdmin.

    Extrapolate the information you need from my friend's page here: http://www.nmsworld.com/UNIX/Snort.htm
    Thanks streaker69,
    I am not receiving any errors now within base, as you said; all I had to do was recompile the ips_ascii file. After resetting my MySQL password and reconfiguring the base_conf.php file [i.e: Uncommenting GeoIP country data etc] and then reloading snort - I was hit with the usual error about $mycountry blah blah. I just reloaded snort and the errors are gone again.

    Now my problem lays with Snort itself. I'm using 'rausb0' interface and tried to change the snort.conf to reflect my settings. SNORT is not picking anything up at all, I don't think its even running...back to the drawing board lol.

    Thanks streaker69, oh and that link doesn't work for me as I think I am in the forbidden zone:
    Code:
    HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
    Internet Information Services (IIS)
    Its ok though, I was able to view it via a proxy.

    EDIT: lol... I am still getting the "$mycountry has not been set as expected" error. Jesus! [Im still trying to get this working]. What is doing my head in is that those errors disappeared as I have set the configuration correctly, when I go to the Home of BASE and return to the graph after 25mins the errors appear again. As if something is resetting my conf files I emailed the BASE support team and linked them this thread, for their eyes I am going to paste my base_conf.php and snort.conf into text file and link it here [character limit] for what it's worth:


    MediaFire link | [snort.conf & base_conf.php in ONE text file]

    MediaFire link | [Apache Error Log]

  7. #17
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    2

    Default BASE and GeoIP

    Hi everyone,

    This is Kevin from the BASE project. First, I am thrilled you are trying to get it working under Backtrack. We are still trying to work out all of the set up for the GeoIP service within BASE. The $mycountry error is one we have seen and hope is fixed in the CVS version of BASE. Either you can wait for 1.4.1 or download the CVS version from sf.net.

    Thanks
    Kevin

  8. #18
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by secureideas View Post
    Hi everyone,

    This is Kevin from the BASE project. First, I am thrilled you are trying to get it working under Backtrack. We are still trying to work out all of the set up for the GeoIP service within BASE. The $mycountry error is one we have seen and hope is fixed in the CVS version of BASE. Either you can wait for 1.4.1 or download the CVS version from sf.net.

    Thanks
    Kevin
    As far as I know, it's working on my recently built CentOS machine. At least I haven't seen that error, and I've been able to build maps from BASE.

    Could it be an issue with those that are outside of the US?

    Thanks for jumping in here, I'm sure everyone appreciates seeing a Dev jump in give information.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #19
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by secureideas View Post
    Hi everyone,

    This is Kevin from the BASE project. First, I am thrilled you are trying to get it working under Backtrack. We are still trying to work out all of the set up for the GeoIP service within BASE. The $mycountry error is one we have seen and hope is fixed in the CVS version of BASE. Either you can wait for 1.4.1 or download the CVS version from sf.net.

    Thanks
    Kevin
    Hi Kevin - just wanted to say thanks for BASE - couldn't live without it
    dd if=/dev/swc666 of=/dev/wyze

  10. #20
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by streaker69 View Post
    Thanks for jumping in here, I'm sure everyone appreciates seeing a Dev jump in give information.
    Yeah Thanks Kevin for the input. Welcome and I hope you enjoy the forums.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •