This post describes the steps necessary to configure a system running Debian GNU/Linux as a monitoring console for the Snort IDS using BASE. This post only covers the process of configuring the monitoring console, for information on setting up Snort IDS sensors and/or setting up PostgreSQL as a database backend for the Snort IDS refer to the following posts:
Install the Apache web server and PHP 5 using the aptitude software package management utility.
# aptitude install apache2 libapache2-mod-php5 \ php5-gd php5-pgsql libphp-adodb
Next, install the BASE IDS monitoring web application using the aptitude software package management utility. When prompted select pgsql as the database type to be used by acidbase.
# aptitude install acidbase
Configure BASE by modifying the /etc/acidbase/database.php configuration file to connect to the system running the PostgreSQL database backend. NOTE: Replace 10.0.1.1 with the IP address of your PostgreSQL database backend.
$alert_user='snortuser'; $alert_password='YourPassword'; $basepath='/acidbase'; $alert_dbname='snort'; $alert_host='10.0.1.1'; $alert_port='5432'; $DBtype='pgsql';
Create a symbolic link to the BASE IDS monitoring web application in the /var/www/ directory.
# cd /var/www # ln -s /usr/share/acidbase
Open your favorite web browser and login to BASE for the first time at http://localhost/acidbase/. Click on the ‘Setup Page’ link and then click on the ‘Create BASE AG’ button to initialize the database. The BASE IDS monitoring web application has now been configured and is ready for use.