Building an ethichal hacking lab on your laptop with VirtualBox – Part 8 Linux Mint Snort IDS – BASE install and configuration

Now to install Base and get ourselves a little GUI for all of this, but first some more installing

sudo apt-get install -y apache2 libapache2-mod-php5 php5 php5-mysql php5-common php5-gd php5-cli php-pear

110 - Installing for Base

110 – Installing for Base

It should finish like this, ignore that error for now we will fix it soon

111 - Prerequisites installed for Base

111 – Prerequisites installed for Base

sudo pear install -f Image_Graph

112 - Install Image graph pear

112 – Install Image graph pear

cd ~/snort_source
wget http://sourceforge.net/projects/adodb/files/adodb-php5-only/adodb-518-for-php5/adodb518a.tgz/download -O adodb518.tgz

113 - cd wget adodb

113 – cd wget adodb

Extract with:

tar -xvzf adodb518.tgz

114 - tar adodb

114 – tar adodb

sudo mv adodb5 /var/adodb

115 - mv adodb5 to adodb

115 – mv adodb5 to adodb

Run the following to add “snort-nids” or the name of your hostname to the fqdn file in the apache2 conf-available directory

echo “ServerName snort-nids” | sudo tee /etc/apache2/conf-available/fqdn.conf

116 - echo snort-nids

116 – echo snort-nids

a2enconf is a script that will enable the specified configuration files within apache2, in this case fqdn that we created in the previous step

sudo a2enconf fqdn

service apache2 reload

117 - a2enconf fqdn apache2 reload

117 – a2enconf fqdn apache2 reload

cd ~/snort_source
wget http://sourceforge.net/projects/secureideas/files/BASE/base-1.4.5/base-1.4.5.tar.gz

118 - cd wget base

118 – cd wget base

Extract with:

tar -zxvf base-1.4.5.tar.gz

119 - tar base

119 – tar base

Configure base so that we can run it from apache2:

sudo mv base-1.4.5 /var/www/html/base/
cd /var/www/html/base
sudo cp base_conf.php.dist base_conf.php
sudo chown -R www-data:www-data /var/www/html/base
sudo chmod o-r /var/www/html/base/base_conf.php
sudo vi /var/www/html/base/base_conf.php

120 - mv cd cp chown chmod vi

120 – mv cd cp chown chmod vi

Modify line 50 as follows $BASE_urlpath = ‘/base’;

121 - Modify line 50 base

121 – Modify line 50 base

Modify line 80 as follows $DBlib_path = ‘/var/adodb/’;

122 - Modify line 80 base

122 – Modify line 80 base

Modify line 102 – 106 as follows:

$alert_dbname = ‘snort’;
$alert_host = ‘localhost’;
$alert_port = ”;
$alert_user = ‘snort’;
$alert_password = ‘YOUR_MYSQL_PASSWORD’;

123 - Modify lines 102 - 106 base

123 – Modify lines 102 – 106 base

Restart the apache2 web server:

sudo service apache2 restart

124 - restart apache2

124 – restart apache2

Now in your browser navigate to http://snort-nids/base/index.php and click on ‘Setup page’

125 - base first load

125 – base first load

Click on Create Base AG

126 - base create base ag

126 – base create base ag

Success then looks like the following, click on ‘Main page’ next

127 - base ag created

127 – base ag created

You will be brought to the main page and it will look something like the following

128 - Base main page

128 – Base main page

Have a play around and click on alerts, look at the packet information, download a pcap of an event to analyse further. Just click around and see for yourself!

 

Leave a Reply