Howto to install snort + oinkmaster + guardian + base on sme server 7.x
Author: MasterSleepy |
|
|
|
|
|
Problem: You want to install snort on sme server 7.x |
|
|
|
|
STEP 1: Install Snort
Download and install the contrib
| [root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=270" [root@server root]# rpm -ivh smeserver-snort-2.4.3-1.i386.rpm |
STEP 2: Start service
Snort will be automatically activate when you restart server, or you can launch it manually
| [root@server root]# service snortd restart |
STEP 3: Service option
You can activate or deactivate mysql logging
To deactive mysql plugin
| [root@server root]# db configuration setprop snortd mysql disabled [root@server root]# service snortd restart |
To active mysql plugin
| [root@server root]# db configuration setprop snortd mysql enabled [root@server root]# service snortd restart |
If http_inspect is to restrive, you can deactive it
| [root@server root]# db configuration setprop snortd HttpInspect disabled [root@server root]# service snortd restart |
To activate http_inspect
| [root@server root]# db configuration setprop snortd HttpInspect enabled [root@server root]# service snortd restart |
STEP 4: Install Oinkmaster
Oinkmaster can keep snort rules up-to-date by downloading new rules from internet.
Download and install the contrib
| [root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=272" [root@server root]# rpm -ivh smeserver-oinkmaster-1.2-1.noarch.rpm |
STEP 5: Configure Oinkmaster
Oinkmaster can retrieve snort rules from different web site.
3 differents source have configure for this package:
You have to go to snort web site and register
http://www.snort.org/pub-bin/register.cgi
When you are registered, go to your user preferences
https://www.snort.org/reg-bin/userprefs.cgi
At the end of the page you have a table with title "Oink Code", clic button "Get Code".
Now you have a oinkcode that you can give to oinkmaster with the following command
| [root@server root]# db configuration setprop oinkmaster code <code given> [root@server root]# expand-template /etc/oinkmaster.conf |
| [root@server root]# db configuration setprop oinkmaster community enabled [root@server root]# expand-template /etc/oinkmaster.conf |
| [root@server root]# db configuration setprop oinkmaster bleeding enabled [root@server root]# expand-template /etc/oinkmaster.conf |
| [root@server root]# mv /etc/cron.daily/02-oinkmaster /etc/cron.weekly/ |
STEP 6: Install guardian
When snort detect some alert, guardian will black list the ip during one day.
Download and install the contrib
| [root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=274" [root@server root]# rpm -ivh smeserver-guardiand-1.7-1.noarch.rpm |
STEP 7: Configure guardian service
Guardian service can be deactive using
| [root@server root]# db configuration set guardiand service status disabled |
Guardian service can be active using
| [root@server root]# db configuration set guardiand service status enabled |
STEP 8: Install base
Download and install base rpm
| [root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=276" [root@server root]# rpm -ivh smeserver-base-1.2.2-1.noarch.rpm |
go to url
https://<server-ip>/base