Configuring Snort - Tutorial

[xatar]

Hi all,

I thought I would give some brief instructions on configuring Snort on the Back|Track distribution.

Snort® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.

To configure Snort on the Back|Track distribution, follow these steps:

1) Click on the 'K' menu, Back|Track, Back|Track Services, SNORT, Setup & Initialise Snort.

2) When the Bash prompt appears, enter a password for the root & user accounts.

3) Take note of the displayed information as you need that to continue the configuration!

4) Start Mozilla and browse to http://localhost/base

5) Click on Continue.

6) Choose your language and the path to the Database - /usr/local/apache2/htdocs/base/adodb

7) Enter the following information and click Submit Query.

Pick a Database Type : MySQL
Database Name : snort
Database Host : localhost
Database User Name : snort
Database Password : The user password you configured earlier!

8) Enter the following information and click Submit Query.

Admin User Name : root
Password : The root password you configured earlier!
Full Name : Anything!

9) Click on the 'Create BASE AG' button to create the BASE database and click 'step 5'. (BASE = Basic Analysis and Security Engine)

10) You will get an error saying that snort cannot write the base_conf.php file. Copy the text on the screen into a text file and save it as /usr/local/apache2/htdocs/base/base_conf.php

11) Then take the time to delete the setup directory in /usr/local/apache2/htdocs/base/

12) Finally, click on 'Click here to access your install'. Snort is now running with the default alerts and signatures.

To learn more about Snort, please visit http://www.snort.org


Hope this helps you guys!

l8r,
xatar.

[net_runner]

thanks you very much, it really help, now im going to "learn more"

[f1x3r]

Nice tutorial dude!Very clear and concise

[phed1]

also works with BT2 only have to point snort to /usr/local/apache not apache2

[duelster]

figured it out. im runniging bt ver2.

adding onto polrpaul post:

use "changeme" as passwd or use your own and edit 2 files he suggests.
mv base_conf.php base_conf.php.og
http://localhost/base/setup/step1.php
path to adodb /usr/local/apache/adodb
dbname = snort
db host = localhost
passwd - changeme (or your own supplied passwd, remember to edit 2 files per above)

cont. with setup

rm -rf /usr/local/apache/htdocs/base/setup

point browser to http://localhost/base/base_main.php


no need to rename apache2 > apache

[aisketui]

hi,

any idea about snort in BT4?

[imported_cybrsnpr]

hi,

any idea about snort in BT4?

You brought up a 3 year old thread for this?

Code:

apt-get install snort

[imported_wyze]

You brought up a 3 year old thread for this?

Code:

apt-get install snort

If you do that, you'll get an old package.. better to install it from source.

[imported_cybrsnpr]

True. Current Source is always the best way to go. But if that is beyond the scope of the user, then apt-get is usually an acceptable alternative (and also the simplest, though not necessarily the best).

[purehate]