This document summarizes the installation and configuration of SNORT, APACHE, PHP, MYSQL and SnortReport on a Windows server. Key steps included installing and configuring the software, assigning directories, setting up MySQL to store SNORT alerts, configuring APACHE to work with PHP and host the SnortReport web interface, and configuring SNORT to log to the MySQL database. The document also covers running SNORT as a Windows service and accessing the SnortReport web interface to view consolidated IDS alerts.
Report
Share
Report
Share
1 of 21
More Related Content
SnortReport Presentation
1. Installation of SNORT, APACHE, PHP, MYSQL and SnortReport. Presented By Ositadimma Maxwell Ejelike Bahman Radjabalipour
2. HARDWARE AND SOFTWARE Operating System: Windows 2003 Server Enterprise Edition and Microsoft Windows XP Hardware: Compaq 1600 Pentium III dual Processor Server and Pentium IV workstation Software Installed Apache_1.3.24-win32-x86-src.msi www.apache.org Php-4.3.0-Win32.zip www.php.com Snort_243_Installer.exe www.snort.org WinPcap_3_1.exe http://www.winpcap.org Snortrules_snapshot_CURRENT [1].tar.gz www.snort.org Snortreport-1.3.1.tar.gz Jpgraph-1.20.3.tar.gz Gd-2.0.33.zip Mysql-4.0.17-win.zip Winrar
4. WINPCAP It captures packets from the network cables and throws them to snort It’s a Windows version of libpcap used in Linux for running snort The WinPcap gets information about the network adapters in the network.
5. SNORT Open sourced, lightweight, network intrusion detection system Uses easy to learn rules to detect and log the signatures of possible attacks It can also be use as a Sniffer It’s a free utility with active community support
6. MYSQL SQL based database software Most supported platform for storing snort alerts Stores all IDS alerts triggered from our snort sensors. Snort can log directly to MYSQL natively, as the alerts come in.
8. MYSQL CONTD. Winmysqladmin Edit my.ini file Ran winmysqladmin from a command prompt Bind MySQL to the system localhost IP address, we use 127.0.0.1 Set the communication port; it's 3306 for a typical MySQL installation. Set the key_buffer setting for snort data, we choose 64M
9. MYSQL CONTD. Cleaning MYSQL and creating DB for Snort mysql -u root –p delete from user where host = "%"; delete from user where user = "“ select * from user drop database test show databases create database snort create database archive Grant INSERT, SELECT, UPDATE on snort.* to snort@localhost identified by "snortdba";
10. APACHE WEB SERVER Web Server of choice for most websites The sole purpose is for hosting the SnortReport web-based console
11. APACHE WEB SERVER FOR SNORT LoadModule php4_module F:/Snortapps/php/sapi/php4apache.dll AddModule mod_php4.c Addtype application/x-httpd-php .php .phtml Order deny, allow Deny from all Allow from 127.0.0.1
12. PHP General-purpose scripting language for web development Support for a database-enabled web page Provides support for SnortReport
13. PHP FOR SNORT Copy "F:nortappshphp4ts.dll" to " E:INDOWSystem32" . Copy "C:nortappsHPapihp4apache4.dll" to "E:rogram Filespache Grouppacheodules" Copy the file "E:nortappshphp.ini-dist" to our ROOT Folder (E:INDOWS) and renamed it to "php.ini". Edit the php.ini max_execution_time = 60 session.save_path = E:/windows/temp removed the ; in front of "; extension=php_gd.dll" doc_root = E:rogram filespache grouppachetdocsnortreport extension_dir = F:nortappshpxtensions
14. JDGRAPH AND GD 2.0.11 A general graphics library that supports PNG images It is used to display the nice pie graph in SnortReport Uncompress it to the directory where Apache is installed
15. SNORTREPORT Snort Report is an add-on module for the Snort Intrusion Detection System. It provides real-time reporting from the MySQL database generated by Snort. It’s a Web-based application for viewing all IDS alerts All sensor information is consolidated here for viewing
16. SNORTREPORT INSTALLATION Uncompress SnortReport Navigate to the snortreport folder and choose srconf.php. Edit the variables below: $server = "localhost"; $user = "snort"; $pass = "snortdb"; $dbname = "snort"; define(“Path of JDGRAPH", “Path of GD"); Reboot the machine Start your browser and type: http://localhost/snortreport
17. Configuring snort.conf var HOME_NET 192.168.15.24/32 output database: alert, mysql, user=snort dbname=snort password=PASSWORD host=127.0.0.1 port=3306 sensor_name=maxserver include $RULE_PATH/bahman_Maxwell.rules Include F:nortappstclassification.config Include F:nortappstceference.config
18. Configuring Snort as a Service snort /SERVICE /INSTALL -de -c F:nortappstcnort.conf -l F:nortappsog -i 2 /SERVICE: Windows command to access the Services commands /INSTALL: The command that installs the program as a Window service