Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Configuring Snort - Tutorial

  1. #1
    xatar
    Guest

    Default Configuring Snort - Tutorial

    Hi all,

    I thought I would give some brief instructions on configuring Snort on the Back|Track distribution.

    Snort® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.
    To configure Snort on the Back|Track distribution, follow these steps:

    1) Click on the 'K' menu, Back|Track, Back|Track Services, SNORT, Setup & Initialise Snort.

    2) When the Bash prompt appears, enter a password for the root & user accounts.

    3) Take note of the displayed information as you need that to continue the configuration!

    4) Start Mozilla and browse to http://localhost/base

    5) Click on Continue.

    6) Choose your language and the path to the Database - /usr/local/apache2/htdocs/base/adodb

    7) Enter the following information and click Submit Query.

    Pick a Database Type : MySQL
    Database Name : snort
    Database Host : localhost
    Database User Name : snort
    Database Password : The user password you configured earlier!


    8) Enter the following information and click Submit Query.

    Admin User Name : root
    Password : The root password you configured earlier!
    Full Name : Anything!


    9) Click on the 'Create BASE AG' button to create the BASE database and click 'step 5'. (BASE = Basic Analysis and Security Engine)

    10) You will get an error saying that snort cannot write the base_conf.php file. Copy the text on the screen into a text file and save it as /usr/local/apache2/htdocs/base/base_conf.php

    11) Then take the time to delete the setup directory in /usr/local/apache2/htdocs/base/

    12) Finally, click on 'Click here to access your install'. Snort is now running with the default alerts and signatures.

    To learn more about Snort, please visit http://www.snort.org


    Hope this helps you guys!

    l8r,
    xatar.

  2. #2
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    3

    Default

    thanks you very much, it really help, now im going to "learn more"

  3. #3
    Just burned his ISO
    Join Date
    Sep 2006
    Posts
    3

    Default

    Nice tutorial dude!Very clear and concise

  4. #4
    Just burned his ISO
    Join Date
    Dec 2006
    Posts
    11

    Default

    also works with BT2 only have to point snort to /usr/local/apache not apache2

  5. #5
    Just burned his ISO
    Join Date
    Nov 2006
    Posts
    2

    Default

    figured it out. im runniging bt ver2.

    adding onto polrpaul post:

    use "changeme" as passwd or use your own and edit 2 files he suggests.
    mv base_conf.php base_conf.php.og
    http://localhost/base/setup/step1.php
    path to adodb /usr/local/apache/adodb
    dbname = snort
    db host = localhost
    passwd - changeme (or your own supplied passwd, remember to edit 2 files per above)

    cont. with setup

    rm -rf /usr/local/apache/htdocs/base/setup

    point browser to http://localhost/base/base_main.php


    no need to rename apache2 > apache

  6. #6
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    10

    Default

    hi,

    any idea about snort in BT4?

  7. #7

    Default

    Quote Originally Posted by aisketui View Post
    hi,

    any idea about snort in BT4?
    You brought up a 3 year old thread for this?

    Code:
    apt-get install snort

  8. #8
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by cybrsnpr View Post
    You brought up a 3 year old thread for this?

    Code:
    apt-get install snort
    If you do that, you'll get an old package.. better to install it from source.
    dd if=/dev/swc666 of=/dev/wyze

  9. #9

    Default

    True. Current Source is always the best way to go. But if that is beyond the scope of the user, then apt-get is usually an acceptable alternative (and also the simplest, though not necessarily the best).

  10. #10
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default


Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •