| View previous topic :: View next topic |
| Author |
Message |
jhybinette
n00b
Joined: 30 Mar 2006
Posts: 1
|
 Posted: Thu Mar 30, 2006 5:35 pm Post subject: |
 |
|
I though if you are going to use the hardened flag, you have to build a hardened system first. like setting the flags using ufed
hardened erandom pic
then reemerge gcc and glibc
then emerge -e world
then rebuild the kernel and enable pax etc etc etc
If you dont do this the hardened flag may back fire on you
Johan |
|
| Back to top |
|
 |
Khan
Tux's lil' helper
Joined: 19 Feb 2003
Posts: 96
|
| Posted: Mon Apr 03, 2006 8:10 pm Post subject: |
|
|
Trying this only resulted in blocks due to mod_php and php. And using "pear install Log" only produces the following error: PEAR_Remote: authorization required, please log in first
Does anyone have any idea how to get the Pear modules installed so that I can generate graphing? Thanks.
| eroth wrote: | Great guide...it's helped me get everything up and running.
A few quick notes though, as the guide might be a bit dated:
1. The Pear libraries should be installed via portage (ie. emerge -av --oneshot dev-php/PEAR-Numbers_Roman) or pulled in directly from the packages requiring them, which i suppose is the new gentoo way rather than the pear command line. I had to add the following to /etc/portage/package.keywords:
| Code: | dev-php/PEAR-Image_Canvas ~x86
dev-php/PEAR-Image_Color ~x86
dev-php/PEAR-Image_Graph ~x86
dev-php/PEAR-Numbers_Roman ~x86 |
|
|
|
| Back to top |
|
|
atmat
n00b
Joined: 23 Aug 2005
Posts: 7
|
| Posted: Tue Apr 11, 2006 1:01 pm Post subject: |
|
|
when I start snort I get this weird error
Apr 11 19:26:22 [snort] FATAL ERROR: unknown preprocessor "http_decode"_
I did not look at the docs yet. No time, anyone knows what's this http_decode" thing? Sorry for asking no time to look around google  I'll be on line again tonight.. if someone posts here the answer ok, otherwise I'll take a deeper look at snort.
thnx and sorry for the quick post.
bye |
|
| Back to top |
|
|
blackcell
n00b
Joined: 17 Aug 2002
Posts: 56
Location: Oregon
|
| Posted: Wed Apr 12, 2006 2:11 am Post subject: |
|
|
use http_inspect instead of http_decode
_________________
"If the automobile had followed the same development cycle as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside." |
|
| Back to top |
|
|
carpman
Advocate
Joined: 20 Jun 2002
Posts: 2202
Location: London - UK
|
| Posted: Thu Apr 13, 2006 2:14 pm Post subject: |
|
|
Hello, ok going to go ahead and try this using following package.use
| Code: |
media-libs/gd jpeg png
dev-lang/php -* apache2 dba cgi cli ctype crypt curl gd jpeg mysql pear pcre pcntl png pdo-external session sockets sockets spell session tiff truetype xml xml2 xsl zlib
net-www/apache apache2 mpm-prefork
net-analyzer/snort mysql
net-analyzer/base apache2 gd mysql vhosts
dev-db/mysql innodb session
|
Not using hardened setup so don't need harden use flag.
Anyone see any problems with this setup?
cheers
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb |
|
| Back to top |
|
|
wschalk
n00b
Joined: 30 Jan 2005
Posts: 38
|
| Posted: Tue Apr 25, 2006 12:33 am Post subject: Base with PHP5? |
|
|
Hi,
I am trying to install BASE on PHP5 but here's the error message I am getting:
# emerge -vp net-analyzer/base
These are the packages that I would merge, in order:
Calculating dependencies \
!!! All ebuilds that could satisfy ">=dev-php4/jpgraph-1.19" have been masked.
!!! One of the following masked packages is required to complete your request:
- dev-php4/jpgraph-1.20.2 (masked by: ~x86 keyword)
- dev-php4/jpgraph-1.19 (masked by: ~x86 keyword)
For more information, see MASKED PACKAGES section in the emerge man page or
refer to the Gentoo Handbook.
!!! (dependency required by "net-analyzer/base-1.2.4" [ebuild])
So my problem is if I unmask jpgraph in dev-php4 he wants to install PHP4 which I don't use. Any ideas how to
stick with PHP5 but install BASE successfully?
Thank you.
Best regards,
Werner |
|
| Back to top |
|
|
carpman
Advocate
Joined: 20 Jun 2002
Posts: 2202
Location: London - UK
|
| Posted: Tue Apr 25, 2006 10:27 am Post subject: Re: Base with PHP5? |
|
|
| wschalk wrote: | Hi,
I am trying to install BASE on PHP5 but here's the error message I am getting:
# emerge -vp net-analyzer/base
These are the packages that I would merge, in order:
Calculating dependencies \
!!! All ebuilds that could satisfy ">=dev-php4/jpgraph-1.19" have been masked.
!!! One of the following masked packages is required to complete your request:
- dev-php4/jpgraph-1.20.2 (masked by: ~x86 keyword)
- dev-php4/jpgraph-1.19 (masked by: ~x86 keyword)
For more information, see MASKED PACKAGES section in the emerge man page or
refer to the Gentoo Handbook.
!!! (dependency required by "net-analyzer/base-1.2.4" [ebuild])
So my problem is if I unmask jpgraph in dev-php4 he wants to install PHP4 which I don't use. Any ideas how to
stick with PHP5 but install BASE successfully?
Thank you.
Best regards,
Werner |
Here is my package.keywords that i use to install with php5
| Code: |
dev-php5/pecl-apc
www-apps/phpsysinfo
dev-php/smarty
dev-php5/jpgraph ~x86
dev-php5/pecl-pdo
dev-php/PEAR-Image_Canvas ~x86
dev-php/PEAR-Image_Color ~x86
dev-php/PEAR-Image_Graph ~x86
dev-php/PEAR-Numbers_Roman ~x86
net-analyzer/base
|
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb |
|
| Back to top |
|
|
emily87
n00b
Joined: 25 Apr 2006
Posts: 3
|
|
| Back to top |
|
|
wschalk
n00b
Joined: 30 Jan 2005
Posts: 38
|
| Posted: Tue Apr 25, 2006 8:23 pm Post subject: Installing Base |
|
|
Hi,
thanks for the instructions on base and PHP5. When I try to install it on my system I get the following
error message during the installation of PEAR_Image_Color:
>>> Install PEAR-Image_Color-1.0.2 into /var/tmp/portage/PEAR-Image_Color-1.0.2/image/ category dev-php
/usr/portage/eclass/php-pear-r1.eclass: line 68: pear: command not found
!!! ERROR: dev-php/PEAR-Image_Color-1.0.2 failed.
!!! Function php-pear-r1_src_install, Line 68, Exitcode 127
!!! Unable to install PEAR package
!!! If you need support, post the topmost build error, NOT this status message.
In which package is the "pear" command?
Cheers,
Werner. |
|
| Back to top |
|
|
iverasp
n00b
Joined: 11 Oct 2004
Posts: 58
|
| Posted: Wed Apr 26, 2006 11:14 pm Post subject: |
|
|
I cant seem to get remote logging working. The plan is to use my linux router as the snort host, and my main server as the web- and mysqlserver. Been working on it for a while now. First snort complained about missing libmysqlclient* libraries, so I finally had to emerge mysql on the router. Then I had to change the my.cnf on the main server to allow other IPs to connect to the mysqlserver. Then the authentication method was outdated or something on the router, so I had to figure that out. Now I can connect with mysql -h 192.168.1.40 -u snort -p and get access to the remote mysqlserver, but snort still wont work. Heres the line I changed in snort.conf:
output database: log, mysql, user=snort password=secretpass dbname=snort host=192.168.1.40
When running /etc/init.d/snort start it says [ OK ], but the program doesnt run. When doing snort -i eth0 -c /etc/snort/snort.conf I get the following:
(..lots of text..)
X-Link2State Config:
Ports: 25 691
database: compiled support for ( mysql )
database: configured to use mysql
database: user = snort
database: password is set
database: database name = snort
database: host = 192.168.1.40
database: sensor name = 192.168.1.1
Illegal instruction
mysql is running on the default port btw.
Does anyone have a clue of what needs to be fixed?
Thanks |
|
| Back to top |
|
|
phoric
n00b
Joined: 07 Mar 2004
Posts: 54
Location: Seattle, WA
|
| Posted: Fri Jun 23, 2006 5:32 pm Post subject: |
|
|
I used this guide but am getting the following error when trying to access http://localhost/base ...
| Code: | | Database ERROR:Database ERROR:Table 'snort.base_users' doesn't exist |
I doubled-checked the MQSql tables as suggested in the guide:
| Code: | mysql> show tables;
+------------------+
| Tables_in_snort |
+------------------+
| data |
| detail |
| encoding |
| event |
| icmphdr |
| iphdr |
| opt |
| reference |
| reference_system |
| schema |
| sensor |
| sig_class |
| sig_reference |
| signature |
| tcphdr |
| udphdr |
+------------------+
16 rows in set (0.00 sec) |
_________________
phoric |
|
| Back to top |
|
|
phoric
n00b
Joined: 07 Mar 2004
Posts: 54
Location: Seattle, WA
|
| Posted: Fri Jun 23, 2006 5:55 pm Post subject: |
|
|
The tutorial must be a little out of date now, as I am using base 1.2.5. I solved my own problem by browsing to:
http://localhost/base/setup/
This loaded a setup wizard of sorts, that will create the necessary tables for you. After that BASE seems to be working now for me. Probably should add this to the tutorial.
_________________
phoric |
|
| Back to top |
|
|
kare
n00b
Joined: 06 Jun 2004
Posts: 26
Location: Friedberg, Germany
|
| Posted: Fri Jun 30, 2006 7:26 am Post subject: |
|
|
| My snort database becomes very big. Is there a script to delete old records? |
|
| Back to top |
|
|
echo6
Guru
Joined: 04 Jan 2003
Posts: 587
|
|
| Back to top |
|
|
kernelOfTruth
Watchman
Joined: 20 Dec 2005
Posts: 6111
Location: Vienna, Austria; Germany; hello world :)
|
|
| Back to top |
|
|
[ToXiC]
n00b
Joined: 29 Jul 2003
Posts: 46
Location: Fresno, CA
|
| Posted: Sun Feb 24, 2008 9:46 pm Post subject: |
|
|
This post has been quiet for a while but for anyone still out there reading this:
When I started base and then went to configure the backend I got this message:
"Fatal error: Call to undefined function session_start() in /var/www/localhost/htdocs/base/base_conf.php on line 20"
Anyone? |
|
| Back to top |
|
|
sLumpia
Tux's lil' helper
Joined: 10 Jul 2006
Posts: 120
Location: troller land
|
| Posted: Wed May 28, 2008 6:00 am Post subject: |
|
|
^have you try to enable session USE flag for dev-lang/php?
_________________
I love it |
|
| Back to top |
|
|
guinness.stout
Apprentice
Joined: 26 Aug 2006
Posts: 237
Location: Maryland
|
| Posted: Mon Dec 29, 2008 4:22 pm Post subject: |
|
|
Just wanted to add an update for those trying to follow this howto today.
| Quote: |
Snort
net-analyzer/snort-2.4.3
Code:
ACCEPT_KEYWORDS="~x86" emerge snort |
Should be
| Code: | | EXTRA_ECONF="--enable-dynamicplugin" emerge snort |
Dynamic plugins did not seem to emerge when I ran the other command. If these are not installed you will see something similiar to the errors below in your /var/log/messages.
| Code: | Dec 29 12:07:50 copper snort[27286]: /etc/snort/snort.conf(573) unknown dynamic preprocessor "ftp_telnet"
Dec 29 12:07:50 copper snort[27286]: /etc/snort/snort.conf(577) unknown dynamic preprocessor "ftp_telnet_protocol"
Dec 29 12:07:50 copper snort[27286]: /etc/snort/snort.conf(591) unknown dynamic preprocessor "ftp_telnet_protocol"
Dec 29 12:07:50 copper snort[27286]: /etc/snort/snort.conf(596) unknown dynamic preprocessor "ftp_telnet_protocol"
Dec 29 12:07:50 copper snort[27286]: /etc/snort/snort.conf(622) unknown dynamic preprocessor "smtp"
Dec 29 12:07:50 copper snort[27286]: /etc/snort/snort.conf(777) unknown dynamic preprocessor "dcerpc"
Dec 29 12:07:50 copper snort[27286]: /etc/snort/snort.conf(795) unknown dynamic preprocessor "dns" |
| Quote: |
Now we need to create the database structure for snort by issuing this command:
Code:
zcat /usr/share/doc/snort-2.4.3/schemas/create_mysql.gz | mysql -p snort |
Should be
| Code: | | bzcat /usr/share/doc/snort-2.6.1.3-r1/schemas/create_mysql.bz2 | mysql -p snort |
Additionally I had to edit my /etc/snort/snort.conf to point to the dynamicplugins directory. This was line 197 for me. You should be able to run ls on /usr/lib/snort_dynamicpreprocessor and see several lib files.
| Code: | | dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ |
BASE
To get BASE up and running I had to edit the following files.
This must point to your base_conf.php file which is in /var/www/localhost/htdocs/base
This must contain your snort DB and your snort archive DB, make sure you set the password for both, this got me hung up for a minute until I scrolled further down the conf file and saw another DB config to set.
|
|
| Back to top |
|
|
yoosty69
n00b
Joined: 03 Jan 2004
Posts: 35
|
| Posted: Wed Apr 08, 2009 1:27 am Post subject: |
|
|
Another update for those interested in setting this up..
I just installed snort-2.8.3.1 (needs to be unmasked) and base-1.4.1 and it seems to be working fine. A few notes about USE flags for the packages:
*) snort-2.8.3.1 doesn't like having ipv6 enabled
*) snort-2.8.3.1 has a USE flag for dynamic plugins
*) base-1.4.1 uses the ctype functions from php for graphing, so php should have the ctype USE flag enabled
Here's the relevant part of my /etc/make.conf (I doubt kerberos is strictly necessary):
| Code: | USE="-X -gtk apache2 ctype dynamicplugin gd kerberos mysql xml"
|
I disabled ipv6 for snort in /etc/portage/package.use:
| Code: | | net-analyzer/snort -ipv6 |
Other than that, following the 1st post and the notes from guinness.stout got me through the setup! Thanks guys! |
|
| Back to top |
|
|
indica
n00b
Joined: 21 Nov 2004
Posts: 2
Location: detroit
|
| Posted: Wed Aug 26, 2009 6:09 pm Post subject: |
|
|
thx mate,
took a little tweaking with the versions of PEAR apps but it was a great HOWTO!
got everything up and running in about an hour, now to just to get snort tweaked and some more of the rules running!
thx again!
-Todd |
|
| Back to top |
|
|
Killerchronic
Tux's lil' helper
Joined: 24 Apr 2007
Posts: 91
Location: UK
|
| Posted: Tue Apr 20, 2010 3:35 pm Post subject: |
|
|
Pearl packages are installed via portage now once base was unmasked.
Already had apache, php and mysql setup and running fine so can't comment on the guide for that.
Only thing i really had to change was the path in base_path.php as it wasn't pointing to any base_conf.php.
Other than that were no obvious flaws, surprised me really, most gentoo Guides go out of date in no time 
Thanks. |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
