The websnort is not working

[gvalmana]

Hello my friend, hoy can I start de websnort, i have a dude, with the script can I use snort as NIDS for all my DMZ and LAN, thanks

[joanbono]

Hello @gvalmana

Yes, you can.

If you used the installation script, you have the option to install also WebSnort.

Read the documentation

If you have installed Snort and now you want the WebSnort, run in your terminal

sudo python2 -m pip install --upgrade websnort

[joanbono]

Anyway, the title is confusing, because WebSnort is working perfectly.

If you followed the documentation, you should be able to install it and get it working properly.

Open a web browser and navigate to localhost:80, WebSnort should be there.

[gvalmana]

hello my friend, i used the script, everything tell me that is ok but the websnort is not working, also i sow that de rules that the script neet to download are missing, sorry for my english, im from Cuba and iam making a big efort traiying speaking, i'dont know what's happening but the websnort is not working, also im not sure that snort is working to, thaks

[joanbono]

Hi @gvalmana , I need some information like which operating system are you using in order to help you.

How did you execute the script? Make sure that you are running the script as root.

Example:

$ sudo su
# bash Snorter.sh -i $INTERFACE -o $OINKCODE

Replace $INTERFACE whith your ethernet interface and use $OINKCODE in case you have one.

[gvalmana]

Hello my friend, im using Debian 8.11 over Proxmox Enviorement, i runned the script like sai the document, in the same way tha you wrote to me, i made a nmap and telnet and the webservice over port 80 is not running, i tested the MySQL server and is working, how can i send you the ouput of the execution of the script? Maybi you see and error that i am doing, sorry mi friend im new the advanced network managing, thank you for your helps

[joanbono]

try to reinstall the script.

I asume that you are running it as sudo. Just create a new VM and run the script. Paste the output in pastebin and then put here the link to pastebin.

I just tried to install everything in a Debian Virtual Machine and everything is working, so it seems that you are doing something wrong.

Can you paste here the EXACT command you are using to execute the script and the output of the ip a command also?

Thanks

[gvalmana]

Hello my friend, im using the same code that you show me above, other thing, i saw that th script giveme an error when it tray to download the rules from a web, i opended de link and is bronken, the web of snort tell me that the link does not exist, do you know some thing about that? Thanks

[joanbono]

It's difficult to follow you. Can you paste the errors or upload screenshots?

If you say "the URL" can you paste which one is?

Are you talking about this one https://rules.emergingthreats.net/ ?

Please provide information or I will close the issue since I can't provide information about what is happening to you, because you are not explaining it properly. If you talk about a URL, put that URL here. If you talk about a script line, put here which line number or at least copy the line in the script.

For me everything is working properly.

[gvalmana]

Hi again, sorry, this the code that im using root@sentinela:/home/Snorter/src# bash Snorter.sh -o MYOINCODE -i eth0 end and this is the URL that is missing https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz.md5?oinkcode=84f8c1c42dd908ddb726c1cda79ef906988f0abf

[joanbono]

As you can see, in the URL you posted appears your OINKCODE.

The rules are downloaded by pulledpork. I need more information on that.

[joanbono]

Any updates on this, @gvalmana ?

[joanbono]

Hi @gvalmana , any updates on this?

[gvalmana]

Hi im still triying to do, i made clic on the link and the web tell that is incorrect, i paste the output of the script I execute this bash Snorter.sh -o "HERE IS MY OINKCODE" -i eth0 and this is the output `

    [+] OINKCODE: "HERE IS MY OINKCODE"
    [+] INTERFACE: eth0
    [+] DAQ: 
    [+] SNORT: 
    [+] ARCH: x86_64
[i] INFO: Updating and Upgrading repositories...

` when the script try to conect to this link https://snort.org/downloads/snort/.tar.gz to download it show me this Proxy request sent, awaiting response... 404 Not Found 2018-07-17 16:26:06 ERROR 404: Not Found. I made my conection throw a proxy server of mi ISP, maybi that the reason of my problemas?

[gvalmana]

https://snort.org/downloads/snort/ this URL showme error 404

[gvalmana]

Hi again, sorry, my server show me this error, [1] Exit 1 sudo websnort -p 80 > /dev/null 2>&1, do you know something about? thanks for your help

[gvalmana]

Hello my friend i made it, jajaja, i used this help https://github.com/shendo/websnort the websnort is runing, do you have some manual o docs that can help how can i use the websnort and configure snort? thanks you

[joanbono]

You are not installing Snort.

Here you have this:

    [+] OINKCODE: "HERE IS MY OINKCODE"
    [+] INTERFACE: eth0
    [+] DAQ: 
    [+] SNORT: 
    [+] ARCH: x86_64
[i] INFO: Updating and Upgrading repositories...

But yous hould have on DAQ which version is installing and on SNORT which version is installing like follows

So you are doing something wrong. I just installed it and it's working.

[gvalmana]

My friend, snort is working OK but how can i get the comuniti rules, SNORT when i execute this snort -d -c /etc/snort/snort.conf show me this error ERROR: /etc/snort//etc/snort/rules/community.rules(0) Unable to open rules file "/etc/snort//etc/snort/rules/community.rules": No such file or directory.

[joanbono]

@gvalmana using Pulled pork: https://github.com/shirkdog/pulledpork

I hardly recommend you to read the documentation.

The program is for installing Snort, Barnyard and PulledPork.

The issues are for errors in the program, not for learning how to use every program which is installed in the script just because you don't understand how the program works and what does each installed program.

Please, read the documentation.

Your problem is related to pulledpork and its usage. Read carefully the de documentation in the link I've sent.

Closing this issue as invalid.