Posted by: jasonk2600 | January 19, 2010

Debian GNU/Linux Snort IDS Monitoring Console

Synopsis

This post describes the steps necessary to configure a system running Debian GNU/Linux as a monitoring console for the Snort IDS using BASE.  This post only covers the process of configuring the monitoring console, for information on setting up Snort IDS sensors and/or setting up PostgreSQL as a database backend for the Snort IDS refer to the following posts:

Installation

Install the Apache web server and PHP 5 using the aptitude software package management utility.

# aptitude install apache2 libapache2-mod-php5 \
  php5-gd php5-pgsql libphp-adodb

 

Next, install the BASE IDS monitoring web application using the aptitude software package management utility.  When prompted select pgsql as the database type to be used by acidbase.

# aptitude install acidbase

 

Configuration

Configure BASE by modifying the /etc/acidbase/database.php configuration file to connect to the system running the PostgreSQL database backend.  NOTE: Replace 10.0.1.1 with the IP address of your PostgreSQL database backend.

$alert_user='snortuser';
$alert_password='YourPassword';
$basepath='/acidbase';
$alert_dbname='snort';
$alert_host='10.0.1.1';
$alert_port='5432';
$DBtype='pgsql';

 

Create a symbolic link to the BASE IDS monitoring web application in the /var/www/ directory.

# cd /var/www
# ln -s /usr/share/acidbase

 

Open your favorite web browser and login to BASE for the first time at http://localhost/acidbase/.  Click on the ‘Setup Page’ link and then click on the ‘Create BASE AG’ button to initialize the database.  The BASE IDS monitoring web application has now been configured and is ready for use.

 

  [EoF]
Advertisements

Responses

  1. […] Debian GNU/Linux Snort IDS Monitoring Console. […]

  2. […] Debian GNU/Linux Snort IDS Monitoring Console. […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: