search

djcas9 / legacy-snorby

!! DO NOT USE THIS - THIS REPO HAS MOVED - https://github.com/Snorby/snorby !!
http://www.snorby.org
59 stars 14 forks source link

**UPDATED 5/24** Ubuntu 10.4, Snorby, Snort 2.8.6 (src), and You! #32

Open HavocStyles opened 14 years ago

HavocStyles commented 14 years ago

UPDATED Didn't have time to write up full documentation yet. But here is what you will need to get Snort 2.8.6 compiled /w mysql support and dynamic plugins, along with what Snorby needs in Ubuntu 10.4

UPDATED Get your dependencies: Some of these might not be needed, but all of these are required if you plan to compile snort and ntop. If you don't plan on rolling those two packages by hand into your system (not recomended by me) these are still good packages to have installed just in case you do need compile something in the future and need the libraries to do so.

apt-get install build-essential libpcap-dev libmysqlclient-dev mysql-client mysql-server bison flex apache2 libapache2-mod-php5 php5-gd php5-mysql libphp-adodb php-pear libc6-dev g++ gcc pcregrep libpcre3-dev rubygems libopenssl-ruby ruby1.8-dev rake libtool automake autoconf libgdbm-dev librrd-dev python-dev geoip-bin libgeoip-dev php5-geoip python-geoip git-core

UPDATED Download the latest source of snort and untar. I used the following ./configure bellow... Reason: I use preprocessor-rules and if you want to use them as well, you'll have to make sure and tell snort to compile that in. The default preprocessor-rules are located in the snort src directory i.e. snort-2.8.6/preproc_rules/preprocessor.rules just copy that file to /etc/snort dir and refrence that file in snort.conf.

./configure -enable-dynamicplugin --with-mysql --enable-decoder-preprocessor-rules

make

make install

Keep your snort src directory handy, for uninstall i.e. make uninstall

Updated now let's get Snorby going; We need some gems installed. We have to install a certin version of Prawn to get PDF's to work and also need a another version of rails installed as well. NOTE: go grab a cup coffee this one might take a little bit!

gem install -v=2.3.2 rails gem install -v=0.6.2 prawn gem install -v=0.6.2 prawn-core gem install -v=0.2.3 prawn-format gem install -v=0.3.2 prawn-layout gem install -v=0.1.1 prawn-security gem install mysql

You can do this all on one line i.e. gem install -v=2.3.2 rails; gem install -v=0.6.2 prawn; gem install -v=0.6.2 prawn-core; gem install -v=0.2.3 prawn-format; gem install -v=0.3.2 prawn-layout; gem install -v=0.1.1 prawn-security; gem install mysql

Compile ntop should work as per their instructions and it's out of scope for this short incomplete document, since Snorby doesn't depend on it.

you should be able to now go into the Snorby directory and install with rake (NEW INSTALL ONLY)

rake snorby:setup RAILS_ENV=production

This is very high level, to the point, short n sweet. This is a work in progress please let me know if you have any questions or add/edit to this document.

Cheers, Eric

ewall commented 14 years ago

I just completed my setup, and most of my process was quite similar. Incidentally, the latest version of the prawn gem (0.84) has been okay so far.

Oh, and this page was helpful for getting the mod_passenger setup right (and it also includes tips for using mongrel or lighttpd if you prefer): https://help.ubuntu.com/community/RubyOnRails