Friday, April 28, 2006

Acidbase on Debian Cookbook

Ok, so after much tinkering, I've come up with a cookbook to get the snort Acidbase frontend running on Debian with mysql5/php5/apache2.

In case your wondering "why" I put this together... The original Acid is way outdated and is a pain to get working with anything but old packages like php4 and mysql 4.1 blah blah... Acidbase is much more updated, but if you don't install things in the correct order, it trys to use older acid packages and becomes a huge mess... So I put together this little cookbook to make sure I get the order smooth... this came about after NUMEROUS attempts at getting it working installing different components at different times...

Anywayz....

Enjoy... :)


Install Cookbook for Snort/MySQL5/PHP5/Apache2/Acidbase on Debian/testing

Install Debian from Stable CD. Stay with Stable distro level until fully installed.

Then edit /etc/apt/sources.list and add testing distro info.

Then update apt
apt-get update

Then perform a distribution upgrade
apt-get dist-upgrade

Once complete, reboot
init 6

Install mysql server
apt-get install mysql-server

Install acidbase frontend
apt-get install acidbase
During the install acidbase will creat the default snort db and user.
Ensure acidbase is configured to make use of the archive db
Edit /etc/acidbase/base_conf.php
Edit the snort_archive DB section. Set the archive DB field from 0 to 1 and set your password
If you need to edit your db settings its in /etc/acidbase/database.php

Install phpmyadmin
apt-get install phpmyadmin

Configure the database via phpmyadmin
Browse to http://localhost/phpmyadmin/
User ID is root, password is blank
Create snort_archive db
Under privileges set root password for both root accounts
Assign full privileges for snort account to snort_archive db

Install snort-mysql
apt-get install snort-mysql

Create snort tables in DB
zcat /usr/share/doc/snort-mysql/create_mysql.gz | mysql -u snort_username -h snort_hostname -p database_name
zcat /usr/share/doc/snort-mysql/create_mysql.gz | mysql -u snort_username -h snort_hostname -p archive_database_name
Verify in phpmyadmin that 16 tables are added to both snort databases

Clear snort-db-lock file so snort can start
rm /etc/snort/db-pending-config
Start snort
/etc/rc3.d/S20snort start

Verify snort is running
ps -ef|grep snort

Restart apache2
apache2ctl restart
Browse to http://localhost/acidbase
Setup db structure from web-interface.
Click on the "Use Archive Database" link - setup DB structure for archive DB
Then click back to "Use Alert Database"

You should be ready to rock and roll....