Sunday, 4 August 2013

BASE Configuration on Centos 6.3 x86_64

BASE ( Basic Analysis and Security Engine ) is a good way to view Data through a Web Interface.

Require packages:

            1. Webserver (apache)
            2. PHP
            3. BASE
            4. adodb

We will install apache and php following command


  [root@snort ~]# yum install httpd php php-pear*


Download the "base" following link using wget command


[root@snort snort_install]# wget http://sourceforge.net/projects/secureideas/files/latest/download?source=files

Extract and move the base directory to apache home directory

[root@snort snort_install]# tar -zvxf base-1.4.5.tar.gz

[root@snort snort_install]# mv base-1.4.5 /var/www/html/base

Change the  group "apache" and give the permission 775


[root@snort snort_install]# chown apache.apache -R /var/www/html/base/

[root@snort snort_install]# chmod 775 -R /var/www/html/base/



Download the  "Adodb " following link using wget command



Unzip the adodb518a.zip and change the name "adodb5" to "adobe" and  move to inside the "base" directory.


[root@snort snort_install]# unzip adodb518a.zip


[root@snort snort_install]# mv  adodb5  /var/www/html/base/adodb

Now restart the httpd and mysqld service 


[root@snort snort_install]#  service httpd restart

[root@snort snort_install]#  service service mysqld restart


Now we will  open the base through web browser.

My server ip address http://10.21.1.19/base

Step 1:



The above screen is showing regarding config file and PHP version and Just Click to "Continue"


Step 2:  

         




The above screen is asking ADODB path and my case "/var/www/html/base/adodb"
Click Continue


Step 3:




Type the Database details and Click Continue.

Step 4:




Just give user name and password for BASE login. Click Continue.


Step 5:


Just Click Continue..

Step 6:



Just Click Continue..



Step 7:






This is BASE screen.



Thursday, 1 August 2013

Install and Configure barnyard2 on Centos 6.3 x86_64

Snort creates the output file format "unified2". So we can read that unified2 file using Barnyard2.
Before install the Barnyard2 we should install and configure Snort and Mysql

Baryard2 Installation


We can download the Baryard2 using "wget" command following link


[root@snort snort_install]# wget

http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz


Extract, compile and install the Barnyard2



[root@snort snort_install]# tar -zxvf barnyard2-1.9.tar.gz

[root@snort barnyard2-1.9]# ./configure --with-mysql


[root@snort barnyard2-1.9]# make


[root@snort barnyard2-1.9]# make install
Copy the "barnyard2.conf" file to "/etc/snort/" and "sid-msg.map" from /snort_install/snort-rule/etc/sid-msg.map to "/etc/snort/"

[root@snort barnyard2-1.9]# cp etc/barnyard2.conf /etc/snort/


[root@snort barnyard2-1.9]# cp -p /snort_install/snort-rule/etc/sid-msg.map /etc/snort/


[root@snort barnyard2-1.9]# mkdir /var/log/barnyard2
[root@snort barnyard2-1.9]# chmod 666 /var/log/barnyard2
[root@snort ~]# chmod 775 -R /var/log/snort/
[root@snort ~]# chown snort:snort -R /var/log/snort/

Baryard2 Configuration:


Open and Edit "barnyard2.conf" file


[root@snort barnyard2-1.9]# vim /etc/snort/barnyard2.conf


config hostname:        snort <---- give hostname and Interface name
config interface:        eth0
input unified2 <----- log file format


output database: alert, mysql, user=user-name dbname=database-name   password=xxxxx     host=localhost


 
:wq

Barnyard2 Testing

Open the terminal and type following command

[root@snort ~]# snort -u snort -g snort -c /etc/snort/snort.conf -i eth0 &

We will run below command and should get below output

[root@snort ~]# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.u2


Closing spool file '/var/log/snort//snort.u2.1374562940'. Read 332 records
Opened spool file '/var/log/snort//snort.u2.1374877709'
Closing spool file '/var/log/snort//snort.u2.1374877709'. Read 0 records
Opened spool file '/var/log/snort//snort.u2.1374881111'
Waiting for new data


    options --->  -c  Use configuration file
                       -d  Spool files from Directory
                       -f    file pattern

Now Barnyard2 is working fine..