Instale o Snort + Snorby no OpenSuse

De Wiki Hackstore

Softwares e Versões

  • GIT
  • RVM (Ruby Version Manager)
  • Snort
  • Snorby
  • Bind


instalação snorby

http://snorby.org/


instale o ruby e o rails

instale o GIT

zypper install git

Instale o RVM

bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)


Após instalar o rvm, configure o ambiente para o mesmo e saia e entre novamente como root:

echo "export rvm_pretty_print_flag=1" > ~/.rvmrc && exit

Instale o ruby versão 1.9.2:

rvm install 1.9.2

Defina a versão 1.9.2 do ruby como a default do sistema:

rvm use 1.9.2 --default

Confira se as configurações estão corretas:

rvm info

Instale o imagemagick >=6.7.x

Instale algumas dependências gráficas do snorby:

zypper install -y patterns-openSUSE-devel_basis gcc-c++ bzip2 readline-devel zlib-devel libxml2-devel libxslt-devel libopenssl-devel libffi45-devel
zypper install libxml2-devel libxslt-devel libbz2-devel findutils-locate
zypper install GraphicsMagick GraphicsMagick-devel

Obtenha a última versão do source do ImageMagick

http://www.imagemagick.org/script/install-source.php#unix

Descompacte o código fonte

tar -xzf ImageMagick.tar.gz

Agora configure as opções e compilação e compile o source

cd ImageMagick-* && ./configure --prefix=/usr
make && make install

Atualize as bibliotecas

ldconfig

Teste a execução do imagemagick

identify -list format


instale o Snorby

Baixe o snorby

git clone http://github.com/Snorby/snorby.git /srv/www/htdocs/snorby


Instale as dependências do ruby

cd /srv/www/htdocs/snorby && gem install rails --no-ri --no-rdoc


Instale algumas gems necessárias para o bundler

gem install bundler rake prawn


Instale algumas dependências necessários ao bundle

zypper install sqlite3-devel libxml2-devel libxslt-devel libcap-ng-devel libcap-devel
gem install tzinfo builder memcache-client rack rack-test erubis mail sqlite3-ruby thor i18n rack-mount rails rank passenger


Instale o bundle

cd /srv/www/htdocs/snorby && bundle install


Atualize o sistema

gem update --system


Instale o wkhtmltopdf

Execute a instalação automatizada:

pdfkit --install-wkhtmltopdf

caso dê problemas em versões anteriores do opensuse, utilize o comando abaixo:

OCICLI http://software.opensuse.org/ymp/home:prusnak/openSUSE_11.4/wkhtmltopdf.ymp


Instale o Snort

Crei o banco do snort

Acesse o mysql como root, e crie o banco do snort:

CREATE DATABASE snort;
GRANT all privileges ON snort.* TO snort@localhost IDENTIFIED BY 'Sn0rby';
flush privileges;
QUIT



Instale a última versão do snort

OCICLI http://software.opensuse.org/ymp/server:monitoring/openSUSE_11.3/snort.ymp

Instale o suporte ao mysql

zypper install snort-mysql snort-mysql-debuginfo snort-postgresql snort-devel snort-debuginfo

Edite o arquivo /etc/snort/snort.conf e inclua a seguinte linha na seção database:

output database: log, mysql, user=snort password=Sn0rby dbname=snort host=localhost

Defina a interface no arquivo /etc/sysconfig/snort

Reinicie o snort

/etc/init.d/snortd restart


Configure o Snorby

Configure os arquivos /srv/www/htdocs/snorby/config/snorby_config.yml e /srv/www/htdocs/snorby/config/database.yml

/srv/www/htdocs/snorby/config/database.yml

snorby: &snorby
  adapter: mysql
  database: snort
  username: snort
  password: Sn0rby
  host: localhost

development:
  <<: *snorby

test:
  <<: *snorby

production:
  <<: *snorby


/srv/www/htdocs/snorby/config/snorby_config.yml

development:
  domain: localhost:3000
  wkhtmltopdf: /usr/bin/wkhtmltopdf

test:
  domain: localhost:3000
  wkhtmltopdf: /usr/bin/wkhtmltopdf

production:
  domain: localhost:3000
  wkhtmltopdf: /usr/bin/wkhtmltopdf


Instale o servidor web do ruby - Passenger

Instale algumas dependências do passenger

zypper install apache2-devel libcurl-devel libcap-progs pcre-tools pcre-devel libpcrecpp0 libdnet-devel libtool


Instale o passenger modulo do apache2

/usr/local/rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/bin/passenger-install-apache2-module -a
                                                                                                                                


Instale as dependências do java

zypper install java-1_6_0-sun java-1_6_0-sun-devel


Instale os gems no diretório de cache do Snorby

bundle pack
bundle install --path vendor/cache


Compile o snorby

bundle exec rake snorby:hard_reset
bundle exec rake snorby:setup RAILS_ENV=production


configure o apache2

Inclua a configuração no httpd.conf do apache2

echo "Include /etc/apache2/mod_passenger.conf" >> /etc/apache2/httpd.conf


Edite o arquivo de configuração "/etc/apache2/mod_passenger.conf"

vi /etc/apache2/mod_passenger.conf


PassengerRoot /usr/local/rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9
PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.2-p290/ruby

LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/ext/apache2/mod_passenger.so


NameVirtualHost *:8008

<VirtualHost *:8008>
   ServerName ids.ugcpraxis.com.br
   DocumentRoot /srv/www/htdocs/snorby/public

<Directory /srv/www/htdocs/snorby/public>
 AllowOverride all
 Options Indexes +ExecCGI FollowSymLinks -MultiViews
 Order allow,deny
 Allow from all
 PassengerEnabled on
 PassengerAppRoot /srv/www/htdocs/snorby
 RailsEnv production
 RailsBaseURI /snorby
</Directory>

Alias /snorby /srv/www/htdocs/snorby/public
</VirtualHost>
                                                                                                                                                                                                                                 
<VirtualHost *:8008>                                                                                                                                                                                                             
   ServerName gw.ugcpraxis.com.br                                                                                                                                                                                                
   DocumentRoot /srv/www/htdocs                                                                                                                                                                                                  
                                                                                                                                                                                                                                 
</VirtualHost>

Reinicie o apache2

/etc/init.d/apache2 restart


DNS

Configure seu arquivo de zona DNS seguindo o exemplo abaixo:

cat /var/lib/named/internet.zone

$TTL 1W
@               IN SOA  @   root (
                                45              ; serial (d. adams)
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum

                IN NS           @
                IN A            192.168.1.15
snorby          1D IN A         192.168.1.15 

        IN AAAA     ::1

Lembre-se de alterar o serial e efetuar um reload no named.



Mais informações

Referências

https://github.com/Snorby/snorby/wiki/Ubuntu-1.9.2-without-RVM-by-Eric-Peters
http://www.blog.bridgeutopiaweb.com/post/how-to-install-rvm-and-rails-3-on-snow-leopard/
https://rvm.beginrescueend.com/rvm/install/ (documentação oficial)
https://help.ubuntu.com/community/RubyOnRails#Configure%20Apache
http://conteudoopensource.blogspot.com/2010/06/snorby-instalacao-do-frontend-para.html
http://www.corelan.be/index.php/2011/02/27/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x/