'[Snort-users] Problem snort 9.3.3 - SNORT REPORT show NO DATA'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    [Snort-users] Problem snort 9.3.3 - SNORT REPORT show NO DATA
From:       "Sans, Ruben" <rsans () simon ! es>
Date:       2012-10-26 12:05:48
Message-ID: 20121026120551.84BCE132E41 () mail ! simon ! es
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi all,

I installed snort with the following versions:
sudo wget http://hem.bredband.net/jpgraph/jpgraph-1.27.1.tar.gz
sudo wget http://www.symmetrixtech.com/ids/snortreport-1.3.3.tar.gz sudo tar zxvf
sudo wget  wget http://www.snort.org/dl/snort-current/daq-1.1.1.tar.gz
sudo wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
sudo  wget http://www.snort.org/dl/snort-current/snort-2.9.3.tar.gz
FTP     snortrules-snapshot-2930.tar.gz

I've installed following the procedure of snort default Ubuntu 12.04
http://www.snort.org/assets/158/snortinstallguide293.pdf

The Network configuration is as follows:
2 network intefaces:
Eth0 --> IP LAN
Eth1 --> Snort

auto eth0
iface eth0 inet static
        address 192.168.252.62
        netmask 255.255.255.0
        network 192.168.252.0
        broadcast 192.168.252.255
        gateway 192.168.252.254
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 172.16.14.30

auto eth1
iface eth1 inet manual
        up ifconfig eth1 0.0.0.0 up
        up ip link set eth1 promisc on
* I configured the ethernet previously not in promiscuous mode

Config int he Cisco Catalyst 3750
monitor session 1 source interface Gi0/1 , Gi0/11 , Gi0/24 , Gi0/27 , Gi0/41 , Gi0/43
monitor session 1 destination interface Gi0/44

I tested with tcpdump, and see traffic on eth1, I have also connected a wireshark and \
I see traffic.

Just install the snort, snort Report works properly, but I get "NO DATA".

Can you Help me, please?

Thanks in advance!!!!!!!!!!!



ANNEX WITH THE DETAIL/STEPS OF CONFIGURATION
Then I show all the Snort configuration:

sudo apt-get install nmap
sudo apt-get install nbtscan
sudo apt-get install apache2
sudo apt-get install php5
sudo apt-get install php5-mysql
sudo apt-get install php5-gd
sudo apt-get install libpcap0.8-dev
sudo apt-get install libpcre3-dev
sudo apt-get install g++
sudo apt-get install bison
sudo apt-get install flex
sudo apt-get install libpcap-ruby
sudo apt-get install make
sudo apt-get install autoconf
sudo apt-get install libtool

pass root mysql = YOURPASSWORD
sudo apt-get install mysql-server
sudo apt-get install libmysqlclient-dev

sudo apt-get update
sudo apt-get upgrade

SNORT REPORT

Download and install JpGraph (Optional)

sudo wget http://hem.bredband.net/jpgraph/jpgraph-1.27.1.tar.gz
sudo mkdir /var/www/jpgraph
sudo tar zxvf jpgraph-1.27.1.tar.gz
sudo cp -r jpgraph-1.27.1/src /var/www/jpgraph/

Download and Set up Snort Report

wget http://www.symmetrixtech.com/ids/snortreport-1.3.3.tar.gz sudo tar zxvf \
snortreport-1.3.3.tar.gz -C /var/www/

sudo nano /var/www/snortreport-1.3.3/srconf.php

Change this:
$pass = "YOURPASS";

For this:
$pass = "YOURPASSWORD";

SNORT

Download and install the DATA Acquisition API

Sudo wget  wget http://www.snort.org/dl/snort-current/daq-1.1.1.tar.gz
sudo tar zxvf daq-1.1.1.tar.gz
cd daq-1.1.1
sudo ./configure
sudo make
sudo make install

Download and install libdnet

wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
sudo tar zxvf libdnet-1.12.tgz
cd libdnet-1.12/
sudo ./configure
sudo make
sudo make install
sudo ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1

Download and install snort

sudo  wget http://www.snort.org/dl/snort-current/snort-2.9.3.tar.gz
sudo tar zxvf snort-2.9.3.tar.gz
cd snort-2.9.3
sudo ./configure --prefix=/usr/local/snort --enable-sourcefire
sudo make
sudo make install
sudo mkdir /var/log/snort
sudo mkdir /var/snort
sudo groupadd snort
sudo useradd -g snort snort
sudo chown snort:snort /var/log/snort

Download snort Rules

FTP     snortrules-snapshot-2930.tar.gz
sudo tar zxvf snortrules-snapshot-2930.tar.gz -C /usr/local/snort
sudo mkdir /usr/local/snort/lib/snort_dynamicrules
sudo cp /usr/local/snort/so_rules/precompiled/Ubuntu-10-4/i386/2.9.3.0/* \
/usr/local/snort/lib/snort_dynamicrules
sudo touch /usr/local/snort/rules/white_list.rules
sudo touch /usr/local/snort/rules/black_list.rules
sudo ldconfig

Configure Snort

sudo nano /usr/local/snort/etc/snort.conf

Change this:
var WHITE_LIST_PATH ../rules
var BLACK_LIST_PATH ../rules

For this:
var WHITE_LIST_PATH /usr/local/snort/rules
var BLACK_LIST_PATH /usr/local/snort/rules

Change this:
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
dynamicdetection directory /usr/local/lib/snort_dynamicrules

For this:
dynamicpreprocessor directory /usr/local/snort/lib/snort_dynamicpreprocessor/
dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so
dynamicdetection directory /usr/local/snort/lib/snort_dynamicrules

After this line:
#output unified2: filename merged.log, limit 128, nostamp, \
mpls_event_types, vlan_event_types

Put this line:
output unified2: filename snort.u2, limit 128


Download and install Barnyard2

wget https://nodeload.github.com/firnsy/barnyard2/tarball/master \
-O barnyard2-2.10.tar.gz
sudo tar zxvf barnyard2-2.10.tar.gz
cd firnsy-barnyard2*
sudo autoreconf -fvi -I ./m4
sudo ./configure --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu
sudo make
sudo make install
sudo cp etc/barnyard2.conf /usr/local/snort/etc
sudo mkdir /var/log/barnyard2
sudo chmod 666 /var/log/barnyard2
sudo touch /var/log/snort/barnyard2.waldo
sudo chown snort.snort /var/log/snort/barnyard2.waldo

echo "create database snort;" | mysql -u root -p
mysql -u root -p -D snort < ./schemas/create_mysql

echo "grant create, insert, select, delete, update on snort.* to snort@localhost \
identified by 'YOURPASSWORD'" | mysql -u root -p

sudo nano /usr/local/snort/etc/barnyard2.conf

Change this lines:
config reference_file: /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file: /etc/snort/gen-msg.map
config sid_file: /etc/snort/sid-msg.map

#config hostname: thor
#config interface: eth0

#output database: log, mysql, user=root password=test dbname=db host=localhost

For this:
config reference_file: /usr/local/snort/etc/reference.config
config classification_file: /usr/local/snort/etc/classification.config
config gen_file: /usr/local/snort/etc/gen-msg.map
config sid_file: /usr/local/snort/etc/sid-msg.map

config hostname: localhost
config interface: eth1

output database: log, mysql, user=snort password=YOURPASSWORD dbname=snort \
host=localhost


Testing Snort

sudo /usr/local/snort/bin/snort -u snort -g snort \
-c /usr/local/snort/etc/snort.conf -i eth1

Snort Start automatically

sudo nano /etc/rc.local

After exit0:
ifconfig eth1 up
/usr/local/snort/bin/snort -D -u snort -g snort \
-c /usr/local/snort/etc/snort.conf -i eth1
/usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf \
-G /usr/local/snort/etc/gen-msg.map \
-S /usr/local/snort/etc/sid-msg.map \
-d /var/log/snort \
-f snort.u2 \
-w /var/log/snort/barnyard2.waldo \
-D

sudo /etc/init.d/rc.local start

http://192.168.252.62/snortreport-1.3.3/alerts.php



Rubén Sans
Dpto. de Sistemas de Información

[cid:image001.jpg@01CDB382.64A24950]

Diputación, 390-392
08013 Barcelona
Tel. 933 440 800, Ext. 408
e-mail: rsans@simon.es<mailto:rsans@rsans@simon.es>
www.simon.es


________________________________
*************** AVISO LEGAL ***************

Este mensaje se dirige exclusivamente a su destinatario y puede contener información \
privilegiada o confidencial. Si no es vd. el destinatario indicado, queda notificado \
de que la utilización divulgación y/o copia sin autorización está prohibida en virtud \
de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos \
lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

This message is intended exclusively for its addressee and may contain information \
that is confidential and protected by professional privilege. If you are not the \
intended recipient you are hereby notified that any dissemination copy or disclosure \
of this communication is strictly prohibited by law. If this message has been \
received in error please immediately notify us via e-mail and delete it.

Aquest missatge es dirigeix exclusivament al seu destinatari i pot contenir \
informació privilegiada o confidencial. Si vostè no és el destinatari indicat, queda \
notificat que la utilització divulgació i/o copia sense autorització està prohibida \
segons la llei vigent. Si vostè ha rebut aquest missatge per error, li agrairem que \
ens ho comuniqui immediatament per aquesta mateixa via i procedeixi a la seva \
destrucció.

________________________________
PROTEGE EL MEDIO AMBIENTE
Antes de imprimir este e-mail piense bien si es necesario hacerlo: EL MEDIOAMBIENTE \
ES COSA DE TODOS


[Attachment #5 (text/html)]

<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:st1="urn:schemas-microsoft-com:office:smarttags" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags" \
name="PersonName" /><!--[if !mso]> <style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]--><style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.EstiloCorreo17
	{mso-style-type:personal-compose;
	font-family:Arial;
	color:windowtext;}
@page Section1
	{size:595.3pt 841.9pt;
	margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.Section1
	{page:Section1;}
-->
</style><!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>
<body lang="ES" link="blue" vlink="purple">
<div class="Section1">
<p class="MsoNormal"><span class="hps"><font size="3" face="Times New Roman"><span \
lang="EN" style="font-size:12.0pt">Hi all,<o:p></o:p></span></font></span></p> <p \
class="MsoNormal"><span class="hps"><font size="3" face="Times New Roman"><span \
lang="EN" style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></span></p> <p \
class="MsoNormal"><span class="hps"><font size="3" face="Times New Roman"><span \
lang="EN" style="font-size:12.0pt">I installed</span></font></span><span \
class="shorttext"><span lang="EN"> </span></span><span class="hps"><span \
lang="EN">snort</span></span><span class="shorttext"><span lang="EN"> \
</span></span><span class="hps"><span lang="EN">with the following \
versions</span></span><span class="shorttext"><span lang="EN">:</span></span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal"><font size="3" face="Times \
New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo wget \
http://hem.bredband.net/jpgraph/jpgraph-1.27.1.tar.gz<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo \
wget&nbsp;http://www.symmetrixtech.com/ids/snortreport-1.3.3.tar.gz sudo tar \
zxvf<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo wget&nbsp; \
wget&nbsp;http://www.snort.org/dl/snort-current/daq-1.1.1.tar.gz<o:p></o:p></span></font></p>
 <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">sudo wget&nbsp;http://libdnet.googlecode.com/files/libdnet-1.12.tgz
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">sudo &nbsp;wget&nbsp;http://www.snort.org/dl/snort-current/snort-2.9.3.tar.gz<o:p></o:p></span></font></p>
 <p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">FTP&nbsp;&nbsp;&nbsp;&nbsp; \
snortrules-snapshot-2930.tar.gz<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><span class="hps"><font size="3" face="Times New Roman"><span \
lang="EN" style="font-size:12.0pt">I've</span></font></span><span lang="EN"> <span \
class="hps">installed</span> <span class="hps">following</span> <span class="hps"> \
the procedure</span> <span class="hps">of snort</span> <span \
class="hps">default</span> <span class="hps">Ubuntu \
12.04</span><o:p></o:p></span></p> <p class="MsoNormal"><font size="3" face="Times \
New Roman"><span style="font-size: 12.0pt"><a \
href="http://www.snort.org/assets/158/snortinstallguide293.pdf"><span \
lang="EN">http://www.snort.org/assets/158/snortinstallguide293.pdf</span></a></span></font><span \
lang="EN"><o:p></o:p></span></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN" style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> \
<p class="MsoNormal"><span class="hps"><u><font size="3" face="Times New Roman"><span \
lang="EN" style="font-size:12.0pt">The Network \
configuration</span></font></u></span><u><span lang="EN"> <span class="hps">is as \
follows</span>:</span><o:p></o:p></u></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">2 network \
intefaces:<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">Eth0 \
</span></font><font face="Wingdings"><span \
style="font-family:Wingdings">à</span></font><span lang="EN-GB"> IP \
LAN<o:p></o:p></span></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">Eth1 </span></font><font \
face="Wingdings"><span style="font-family:Wingdings">à</span></font><span \
lang="EN-GB"> Snort<o:p></o:p></span></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">auto eth0<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">iface eth0 inet static<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; address \
192.168.252.62<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; netmask \
255.255.255.0<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; network \
192.168.252.0<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; broadcast \
192.168.252.255<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; gateway \
192.168.252.254<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # dns-* options \
are implemented by the resolvconf package, if installed<o:p></o:p></span></font></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dns-nameservers \
172.16.14.30<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">auto eth1<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">iface eth1 inet manual<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; up ifconfig eth1 \
0.0.0.0 up<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; up ip link set \
eth1 promisc on<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">*</span></font><span class="shorttext"><span lang="EN-GB"> \
</span></span><span class="hps"><span lang="EN">I configured</span></span><span \
lang="EN"> <span class="hps">the</span> <span class="hps">ethernet</span> <span \
class="hps"> previously</span> <span class="hps">not in</span> <span \
class="hps">promiscuous mode</span></span><span lang="EN-GB"><o:p></o:p></span></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Config int he Cisco Catalyst \
3750<o:p></o:p></span></font></u></p> <p class="MsoNormal"><font size="3" face="Times \
New Roman"><span lang="EN-GB" style="font-size:12.0pt">monitor session 1 source \
interface Gi0/1 , Gi0/11 , Gi0/24 , Gi0/27 , Gi0/41 , Gi0/43 \
<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">monitor session 1 destination \
interface Gi0/44<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="CA" \
style="font-size:12.0pt">I tested with tcpdump, and see traffic on eth1, I have also \
</span></font><span lang="EN-GB">connected</span><span lang="CA"> a wireshark and I \
see traffic.</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><span class="hps"><b><font size="3" face="Times New Roman"><span \
lang="EN" style="font-size:12.0pt;font-weight:bold">Just</span></font></b></span><b><span \
lang="EN" style="font-weight:bold"> <span class="hps">install the</span> <span \
class="hps">snort</span>, <span class="hps"> snort</span> <span \
class="hps">Report</span> <span class="hps">works properly</span>, <span \
class="hps">but I get</span> <span class="hps">&quot;NO</span> <span class="hps"> \
DATA&quot;</span>.<o:p></o:p></span></b></p> <p class="MsoNormal"><b><font size="3" \
face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt;font-weight:bold"><o:p>&nbsp;</o:p></span></font></b></p> <p \
class="MsoNormal"><b><font size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt;font-weight:bold">Can you Help me, \
please?<o:p></o:p></span></font></b></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><b><font size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt;font-weight:bold">Thanks in \
advance!!!!!!!!!!!<o:p></o:p></span></font></b></p> <p class="MsoNormal"><font \
size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><b><font size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt;font-weight:bold">ANNEX WITH THE DETAIL/STEPS OF \
CONFIGURATION<o:p></o:p></span></font></b></p> <p class="MsoNormal"><span \
class="hps"><font size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt">Then I show</span></font></span><span lang="EN"> <span \
class="hps">all the</span> <span class="hps">Snort \
configuration</span>:<o:p></o:p></span></p> <p class="MsoNormal"><span \
class="hps"><font size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></span></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get install nmap<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get install nbtscan<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get install apache2<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get install php5<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get install php5-mysql<o:p></o:p></span></font></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get install php5-gd<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get install \
libpcap0.8-dev<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install libpcre3-dev<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install g&#43;&#43;<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install bison<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install flex<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install libpcap-ruby<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install make<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install autoconf<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install libtool<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">pass root mysql = YOURPASSWORD<o:p></o:p></span></font></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get install \
mysql-server<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo apt-get \
install libmysqlclient-dev<o:p></o:p></span></font></p> <p class="MsoNormal"><font \
size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get update<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo apt-get upgrade<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><b><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-weight:bold">SNORT \
REPORT<o:p></o:p></span></font></u></b></p> <p class="MsoNormal"><b><u><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-weight:bold"><o:p><span style="text-decoration:  \
none">&nbsp;</span></o:p></span></font></u></b></p> <p class="MsoNormal"><u><font \
size="3" face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">Download \
and install JpGraph (Optional)<o:p></o:p></span></font></u></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo wget \
http://hem.bredband.net/jpgraph/jpgraph-1.27.1.tar.gz<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo mkdir /var/www/jpgraph<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo tar zxvf \
jpgraph-1.27.1.tar.gz<o:p></o:p></span></font></p> <p class="MsoNormal"><font \
size="3" face="Times New Roman"><span lang="PT-BR" style="font-size:12.0pt">sudo cp \
-r jpgraph-1.27.1/src /var/www/jpgraph/<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="PT-BR" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Download and Set up Snort \
Report<o:p></o:p></span></font></u></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">wget&nbsp;http://www.symmetrixtech.com/ids/snortreport-1.3.3.tar.gz \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo nano \
/var/www/snortreport-1.3.3/srconf.php<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Change this:<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">$pass = &quot;YOURPASS&quot;; <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">For this:<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">$pass = \
&quot;YOURPASSWORD&quot;;<o:p></o:p></span></font></p> <p \
class="MsoNormal"><b><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-weight:bold"><o:p><span style="text-decoration:  \
none">&nbsp;</span></o:p></span></font></u></b></p> <p class="MsoNormal"><b><u><font \
size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-weight:bold">SNORT<o:p></o:p></span></font></u></b></p> \
<p class="MsoNormal"><b><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-weight:bold"><o:p><span style="text-decoration:  \
none">&nbsp;</span></o:p></span></font></u></b></p> <p class="MsoNormal"><u><font \
size="3" face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">Download \
and install the DATA Acquisition API<o:p></o:p></span></font></u></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Sudo wget&nbsp; \
wget&nbsp;http://www.snort.org/dl/snort-current/daq-1.1.1.tar.gz<o:p></o:p></span></font></p>
 <p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="PT-BR" \
style="font-size:12.0pt">sudo tar zxvf daq-1.1.1.tar.gz<o:p></o:p></span></font></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">cd daq-1.1.1<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo ./configure<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo make<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo make install<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Download and install \
libdnet<o:p></o:p></span></font></u></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">wget&nbsp;http://libdnet.googlecode.com/files/libdnet-1.12.tgz
 <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo tar zxvf libdnet-1.12.tgz<o:p></o:p></span></font></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">cd libdnet-1.12/<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo ./configure <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo make<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo make install <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo ln -s /usr/local/lib/libdnet.1.0.1 \
/usr/lib/libdnet.1<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Download and install snort<o:p></o:p></span></font></u></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo \
&nbsp;wget&nbsp;http://www.snort.org/dl/snort-current/snort-2.9.3.tar.gz<o:p></o:p></span></font></p>
 <p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo tar zxvf \
snort-2.9.3.tar.gz<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">cd \
snort-2.9.3<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo ./configure \
--prefix=/usr/local/snort --enable-sourcefire<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo make<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo make install<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo mkdir /var/log/snort<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo mkdir /var/snort<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo groupadd snort<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo useradd -g snort snort<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo chown snort:snort \
/var/log/snort<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Download snort Rules<o:p></o:p></span></font></u></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">FTP&nbsp;&nbsp;&nbsp;&nbsp; \
snortrules-snapshot-2930.tar.gz<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo tar zxvf snortrules-snapshot-2930.tar.gz -C \
/usr/local/snort<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo mkdir \
/usr/local/snort/lib/snort_dynamicrules<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo cp \
/usr/local/snort/so_rules/precompiled/Ubuntu-10-4/i386/2.9.3.0/* \
\<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" \
style="font-size:12.0pt">/usr/local/snort/lib/snort_dynamicrules<o:p></o:p></span></font></p>
 <p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo touch \
/usr/local/snort/rules/white_list.rules<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo touch \
/usr/local/snort/rules/black_list.rules<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo ldconfig<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Configure Snort<o:p></o:p></span></font></u></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo nano \
/usr/local/snort/etc/snort.conf<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><i><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-style:italic">Change \
this:<o:p></o:p></span></font></i></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">var \
WHITE_LIST_PATH ../rules <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">var BLACK_LIST_PATH ../rules <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size: \
12.0pt">For this:<i><span \
style="font-style:italic"><o:p></o:p></span></i></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">var WHITE_LIST_PATH /usr/local/snort/rules \
<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">var BLACK_LIST_PATH \
/usr/local/snort/rules <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><i><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-style:italic">Change \
this:<o:p></o:p></span></font></i></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">dynamicpreprocessor directory \
/usr/local/lib/snort_dynamicpreprocessor/ <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">dynamicengine \
/usr/local/lib/snort_dynamicengine/libsf_engine.so <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">dynamicdetection directory /usr/local/lib/snort_dynamicrules \
<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><i><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-style:italic">For this:<o:p></o:p></span></font></i></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">dynamicpreprocessor directory \
/usr/local/snort/lib/snort_dynamicpreprocessor/ <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">dynamicengine \
/usr/local/snort/lib/snort_dynamicengine/libsf_engine.so \
<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">dynamicdetection directory \
/usr/local/snort/lib/snort_dynamicrules <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><i><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-style:italic">After this \
line:<o:p></o:p></span></font></i></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">#output unified2: \
filename merged.log, limit 128, nostamp, \<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">mpls_event_types, \
vlan_event_types<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><i><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-style:italic">Put this \
line:<o:p></o:p></span></font></i></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">output unified2: \
filename snort.u2, limit 128<o:p></o:p></span></font></p> <p class="MsoNormal"><font \
size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Download and install \
Barnyard2<o:p></o:p></span></font></u></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">wget \
https://nodeload.github.com/firnsy/barnyard2/tarball/master \
\<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">-O \
barnyard2-2.10.tar.gz&nbsp;&nbsp; <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo tar zxvf \
barnyard2-2.10.tar.gz<o:p></o:p></span></font></p> <p class="MsoNormal"><font \
size="3" face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">cd \
firnsy-barnyard2*<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo autoreconf \
-fvi -I ./m4<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo ./configure \
--with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu<o:p></o:p></span></font></p>
 <p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo make<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo make install<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo cp etc/barnyard2.conf \
/usr/local/snort/etc<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo mkdir \
/var/log/barnyard2<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo chmod 666 \
/var/log/barnyard2<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">sudo touch \
/var/log/snort/barnyard2.waldo<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo chown snort.snort \
/var/log/snort/barnyard2.waldo<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">echo &quot;create database snort;&quot; | mysql -u root \
-p<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">mysql -u root -p -D snort &lt; \
./schemas/create_mysql<o:p></o:p></span></font></p> <p class="MsoNormal"><font \
size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">echo &quot;grant create, insert, select, delete, update on \
snort.* to snort@localhost \ <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">identified by 'YOURPASSWORD'&quot; | mysql -u root \
&#8211;p<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times \
New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo nano \
/usr/local/snort/etc/barnyard2.conf<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p class="MsoNormal" \
style="text-align:justify"><i><font size="3" face="Times New Roman"><span \
lang="EN-GB" style="font-size:12.0pt;font-style: italic">Change this \
lines:<o:p></o:p></span></font></i></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">config \
reference_file: /etc/snort/reference.config <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="FR" \
style="font-size:12.0pt">config classification_file: /etc/snort/classification.config \
<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">config gen_file: \
/etc/snort/gen-msg.map <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">config sid_file: \
/etc/snort/sid-msg.map<o:p></o:p></span></font></p> <p class="MsoNormal"><font \
size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">#config hostname: thor<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">#config interface: eth0<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">#output database: log, mysql, user=root password=test \
dbname=db host=localhost<o:p></o:p></span></font></p> <p class="MsoNormal"><font \
size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><i><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-style:italic">For this:<o:p></o:p></span></font></i></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">config reference_file: /usr/local/snort/etc/reference.config \
<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="FR" style="font-size:12.0pt">config classification_file: \
/usr/local/snort/etc/classification.config <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="FR" \
style="font-size:12.0pt">config gen_file: /usr/local/snort/etc/gen-msg.map \
<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="FR" style="font-size:12.0pt">config sid_file: \
/usr/local/snort/etc/sid-msg.map<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="FR" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">config hostname: localhost<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">config interface: eth1<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">output database: log, mysql, user=snort \
password=YOURPASSWORD dbname=snort \ <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">host=localhost<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Testing Snort<o:p></o:p></span></font></u></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p><span \
style="text-decoration:none">&nbsp;</span></o:p></span></font></u></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo /usr/local/snort/bin/snort -u snort -g snort \
\<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">-c /usr/local/snort/etc/snort.conf \
-i eth1<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times \
New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><u><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">Snort Start automatically<o:p></o:p></span></font></u></p> \
<p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">sudo nano /etc/rc.local<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><i><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt;font-style:italic">After \
exit0:<o:p></o:p></span></font></i></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">ifconfig eth1 \
up<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">/usr/local/snort/bin/snort -D -u \
snort -g snort \<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span lang="EN-GB" style="font-size:12.0pt">-c \
/usr/local/snort/etc/snort.conf -i eth1<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">/usr/local/bin/barnyard2 -c \
/usr/local/snort/etc/barnyard2.conf \<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">-G /usr/local/snort/etc/gen-msg.map \
\<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span lang="EN-GB" style="font-size:12.0pt">-S \
/usr/local/snort/etc/sid-msg.map \<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">-d /var/log/snort \<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">-f snort.u2 \<o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN-GB" \
style="font-size:12.0pt">-w /var/log/snort/barnyard2.waldo \
\<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="3" face="Times New \
Roman"><span style="font-size: 12.0pt">-D<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p>&nbsp;</o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">sudo /etc/init.d/rc.local start<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p>&nbsp;</o:p></span></font></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><a href="http://192.168.252.62/snortreport-1.3.3/alerts.php">http://192.168.252.62/snortreport-1.3.3/alerts.php</a><o:p></o:p></span></font></p>
 <p class="MsoNormal"><font size="3" face="Times New Roman"><span lang="EN" \
style="font-size:12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><font size="2" face="Arial"><span style="font-size:10.0pt; \
font-family:Arial"><o:p>&nbsp;</o:p></span></font></p> <p class="MsoNormal"><font \
size="2" face="Arial"><span style="font-size:10.0pt; \
font-family:Arial"><o:p>&nbsp;</o:p></span></font></p> <p \
class="MsoNormal"><st1:PersonName ProductID="Rubén Sans" w:st="on"><b><font size="2" \
face="Arial"><span style="font-size:10.0pt;font-family:Arial;font-weight:  \
bold">Rubén Sans</span></font></b></st1:PersonName><o:p></o:p></p> <p \
class="MsoNormal"><font size="1" face="Arial"><span style="font-size:8.0pt; \
font-family:Arial">Dpto. de Sistemas de Información</span></font><o:p></o:p></p> <p \
class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size: \
12.0pt"><o:p>&nbsp;</o:p></span></font></p> <p class="MsoNormal"><font size="3" \
face="Times New Roman"><span style="font-size: 12.0pt"><img border="0" width="101" \
height="50" id="_x0000_i1025" \
src="cid:image001.jpg@01CDB382.64A24950"><o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="1" face="Arial"><span style="font-size:8.0pt; \
font-family:Arial"><o:p>&nbsp;</o:p></span></font></p> <p class="MsoNormal"><font \
size="1" face="Arial"><span style="font-size:8.0pt; font-family:Arial">Diputación, \
390-392<o:p></o:p></span></font></p> <p class="MsoNormal"><font size="1" \
face="Arial"><span style="font-size:8.0pt; font-family:Arial">08013 Barcelona
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="1" face="Arial"><span style="font-size:8.0pt;
font-family:Arial">Tel. 933 440 800, Ext. 408</span></font><font size="2" \
face="Verdana"><span \
style="font-size:11.0pt;font-family:Verdana"><o:p></o:p></span></font></p> <p \
class="MsoNormal"><font size="1" face="Arial"><span style="font-size:8.0pt; \
font-family:Arial">e-mail: <a \
href="mailto:rsans@rsans@simon.es">rsans@simon.es</a></span></font><o:p></o:p></p> <p \
class="MsoNormal"><font size="1" face="Arial"><span style="font-size:8.0pt; \
font-family:Arial"><a href="www.simon.es">www.simon.es</a></span></font><b><font \
size="2" face="Arial"><span style="font-size:10.0pt;font-family:Arial;font-weight: \
bold">&nbsp;&nbsp; <o:p></o:p></span></font></b></p>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p>&nbsp;</o:p></span></font></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1">*************** AVISO LEGAL \
***************<br> <br>
Este mensaje se dirige exclusivamente a su destinatario y puede contener información \
privilegiada o confidencial.<br> Si no es vd. el destinatario indicado, queda \
notificado de que la utilización divulgación y/o copia sin autorización está \
prohibida en virtud de la legislación vigente.<br> Si ha recibido este mensaje por \
error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a \
su destrucción.<br> <br>
This message is intended exclusively for its addressee and may contain information \
that is confidential and protected by professional privilege.<br> If you are not the \
intended recipient you are hereby notified that any dissemination copy or disclosure \
of this communication is strictly prohibited by law.<br> If this message has been \
received in error please immediately notify us via e-mail and delete it.<br> <br>
Aquest missatge es dirigeix exclusivament al seu destinatari i pot contenir \
informació privilegiada o confidencial.<br> Si vostè no és el destinatari indicat, \
queda notificat que la utilització divulgació i/o copia sense autorització està \
prohibida segons la llei vigent.<br> Si vostè ha rebut aquest missatge per error, li \
agrairem que ens ho comuniqui immediatament per aquesta mateixa via i procedeixi a la \
seva destrucció.<br> </font><br>
<hr>
<font face="Arial" color="Green" size="2">PROTEGE EL MEDIO AMBIENTE<br>
Antes de imprimir este e-mail piense bien si es necesario hacerlo: EL MEDIOAMBIENTE \
ES COSA DE TODOS<br> </font>
</body>
</html>


["image001.jpg" (image/jpeg)]
[Attachment #7 (--===============0143290082915286012==)]
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic