0

These how to guides on the interent are outdated also the software it is relying on is not up to date with PHP5.5. I have done some hacks with ACID and ADODB to make part sof the gui to work. I have followed this guid to set up barnyard2 http://sathisharthars.wordpress.com/2014/05/03/configuring-snort-with-barnyard-snortreport-acid-in-ubuntu-14-04/ I have tried to follow other guids but have not able to successfulyl start snort and barnayrd and make the ACID gui work with any results. https://www.google.co.uk/search?q=start+snort+with+barnyard2&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb&gfe_rd=cr&ei=yPXMU7OvCKfY8gfn2IGADQ

Problems i face with snort

  /usr/local/bin/snort -D -u snort -g snort -c /etc/snort/snort.conf -i eth0 /usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo -D

above line fails with the option w 

  FATAL ERROR: Invalid option: w.

If i take w out i get next error

  FATAL ERROR: /etc/snort/etc/barnyard2.conf(27) Unknown config directive: reference_file.

I am not able to start snort.

I start barnyard2 and i see the follwoing erro in log files

barnyard2 -c /etc/snort/etc/barnyard2.conf -f merged.log

WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard2.waldo'
Jul 21 12:04:18 website-dev barnyard2: ERROR: Unable to open directory '' (No such file or directory)
Jul 21 12:04:18 website-dev barnyard2: ERROR: Unable to find the next spool file!

I have managed to make ACID load on apache after quite a bit of hacking to make it compatible with php5.5

shorif2000
  • 357
  • 1
  • 7
  • 26

1 Answers1

0
  rpm -ivh libdnet-debuginfo-1.12-6.el6.x86_64.rpm
  cd /usr/local/src
  wget https://www.snort.org/downloads/snort/snort-2.9.6.2.tar.gz
  wget https://www.snort.org/downloads/snort/daq-2.0.2.tar.gz

  # install daq
  tar -zxvf daq-2.0.2.tar.gz
  cd daq-2.0.2
  ./configure
  make
  make install
  cd /usr/local/lib
  ldconfig -v /usr/local/lib

  # install snort
  cd /usr/local/src/snort-2.9.6.2
  ./configure --enable-sourcefire
  make
  make install
  cd /usr/local/lib
  ldconfig -v /usr/local/lib

  cd /etc
  mkdir -p snort
  cd snort
  cp /usr/local/src/snort-2.9.6.2/etc/* .
  # get latest rule set
  wget https://www.snort.org/downloads/registered/snortrules-snapshot-2962.tar.gz
  tar -zxvf snortrules-snapshot-2962.tar.gz
  cp ./etc/* .
  touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules

  #configure
  groupadd -g 40000 snort
  useradd snort -u 40000 -d /var/log/snort -s /sbin/nologin -c SNORT_IDS -g snort
  chown -R snort:snort *
  chown -R snort:snort /var/log/snort
  • modify snort.conf
  • ** var RULE_PATH /etc/snort/rules
  • ** ipvar HOME_NET 192.168.1.0/24
  • ** ipvar EXTERNAL_NET !$HOME_NET
  • ** var SO_RULE_PATH /etc/snort/so_rules
  • ** var PREPROC_RULE_PATH /etc/snort/preproc_rules
  • ** var WHITE_LIST_PATH /etc/snort/rules
  • ** var BLACK_LIST_PATH /etc/snort/rules

  • configure

         cd /usr/local/src
     chown -R snort:snort *
     chmod -R 700 *
     chown -R snort:snort snort_dynamicsrc
     chmod -R 700 snort_dynamicsrc
     cd /usr/local/lib
     chown -R snort:snort snort*
     chown -R snort:snort pkgconfig
     chmod -R 700 snort*
     chmod -R 700 pkgconfig
     chown -R snort:snort daq-modules-config
     chown -R snort:snort u2*
     chmod -R 700 daq-modules-config
     chmod 700 u2*
     cd /etc
     chown -R snort:snort snort
     chmod -R 700 snort
     mkdir -p /usr/local/lib/snort_dynamicrules
     chown -R snort:snort /usr/local/lib/snort_dynamicrules
     chmod -R 700 /usr/local/lib/snort_dynamicrules

  • get startup script from https://www.snort.org/documents

  • need to edit config for stream5 to get rid of warnings as there is a 1mb limit http://manual.snort.org/node17.html#SECTION00322600000000000000

    snort -q -u snort -g snort -c /etc/snort/snort.conf -i ens34 -D

  • increase rx on interface http://www.gamelinux.org/?page_id=284

    ethtool -G ens34 rx 4096

shorif2000
  • 357
  • 1
  • 7
  • 26