SnortReport Presentation


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SnortReport Presentation

  1. 1. Installation of SNORT, APACHE, PHP, MYSQL and SnortReport. <ul><li>Presented By </li></ul><ul><li>Ositadimma Maxwell Ejelike </li></ul><ul><li>Bahman Radjabalipour </li></ul>
  2. 2. HARDWARE AND SOFTWARE <ul><li>Operating System: Windows 2003 Server Enterprise Edition and Microsoft Windows XP </li></ul><ul><li>Hardware: Compaq 1600 Pentium III dual Processor Server and Pentium IV workstation </li></ul><ul><li>Software Installed </li></ul><ul><ul><li>Apache_1.3.24-win32-x86-src.msi </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li>Snort_243_Installer.exe </li></ul></ul><ul><ul><li>WinPcap_3_1.exe </li></ul></ul><ul><ul><li>Snortrules_snapshot_CURRENT [1].tar.gz </li></ul></ul><ul><ul><li>Snortreport-1.3.1.tar.gz </li></ul></ul><ul><ul><li>Jpgraph-1.20.3.tar.gz </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li>Winrar </li></ul></ul>
  3. 3. SOFTWARE INSTALLTION DIRECTORIES <ul><li>Operating System: E: drive. </li></ul><ul><li>Snort: F:Snortapps </li></ul><ul><li>Apache: E:Program FilesApache GroupApache </li></ul><ul><li>SnortReport: E:Program FilesApache GroupApachehtdocssnortreport </li></ul><ul><li>JPGraph:E:Program FilesApache GroupApachejpgraph-1.20.3 </li></ul><ul><li>GD:E:Program FilesApache GroupApachegd-2.0.33 </li></ul><ul><li>MYSQL:E:in mysql </li></ul><ul><li>PHP:F:Snortappsphp </li></ul><ul><li>Ethereal:E:Program FilesEthereal </li></ul>
  4. 4. WINPCAP <ul><li>It captures packets from the network cables and throws them to snort </li></ul><ul><li>It’s a Windows version of libpcap used in Linux for running snort </li></ul><ul><li>The WinPcap gets information about the network adapters in the network. </li></ul>
  5. 5. SNORT <ul><li>Open sourced, lightweight, network intrusion detection system </li></ul><ul><li>Uses easy to learn rules to detect and log the signatures of possible attacks </li></ul><ul><li>It can also be use as a Sniffer </li></ul><ul><li>It’s a free utility with active community support </li></ul>
  6. 6. MYSQL <ul><ul><li>SQL based database software </li></ul></ul><ul><ul><li>Most supported platform for storing snort alerts </li></ul></ul><ul><ul><li>Stores all IDS alerts triggered from our snort sensors. </li></ul></ul><ul><ul><li>Snort can log directly to MYSQL natively, as the alerts come in. </li></ul></ul>
  8. 8. MYSQL CONTD. <ul><li>Winmysqladmin </li></ul><ul><li>Edit my.ini file </li></ul><ul><ul><li>Ran winmysqladmin from a command prompt </li></ul></ul><ul><ul><li>Bind MySQL to the system localhost IP address, we use </li></ul></ul><ul><ul><li>Set the communication port; it's 3306 for a typical MySQL installation. </li></ul></ul><ul><ul><li>Set the key_buffer setting for snort data, we choose 64M </li></ul></ul>
  9. 9. MYSQL CONTD. <ul><li>Cleaning MYSQL and creating DB for Snort </li></ul><ul><ul><li>mysql -u root –p </li></ul></ul><ul><ul><li>delete from user where host = &quot;%&quot;; </li></ul></ul><ul><ul><li>delete from user where user = &quot;“ </li></ul></ul><ul><ul><li>select * from user </li></ul></ul><ul><ul><li>drop database test </li></ul></ul><ul><ul><li>show databases </li></ul></ul><ul><ul><li>create database snort </li></ul></ul><ul><ul><li>create database archive </li></ul></ul><ul><ul><li>Grant INSERT, SELECT, UPDATE on snort.* to snort@localhost identified by &quot;snortdba&quot;; </li></ul></ul>
  10. 10. APACHE WEB SERVER <ul><li>Web Server of choice for most websites </li></ul><ul><li>The sole purpose is for hosting the SnortReport web-based console </li></ul>
  11. 11. APACHE WEB SERVER FOR SNORT <ul><li>LoadModule php4_module F:/Snortapps/php/sapi/php4apache.dll </li></ul><ul><li>AddModule mod_php4.c </li></ul><ul><li>Addtype application/x-httpd-php .php .phtml </li></ul><ul><li>Order deny, allow Deny from all Allow from </li></ul>
  12. 12. PHP <ul><ul><li>General-purpose scripting language for web development </li></ul></ul><ul><ul><li>Support for a database-enabled web page </li></ul></ul><ul><ul><li>Provides support for SnortReport </li></ul></ul>
  13. 13. PHP FOR SNORT <ul><li>Copy &quot;F:snortappsphpphp4ts.dll&quot; to &quot; E:WINDOWSsystem32&quot; . </li></ul><ul><li>Copy &quot;C:snortappsPHPsapiphp4apache4.dll&quot; to &quot;E:Program FilesApache GroupApacheModules&quot; </li></ul><ul><li>Copy the file &quot;E:snortappsphpphp.ini-dist&quot; to our ROOT Folder (E:WINDOWS) and renamed it to &quot;php.ini&quot;. </li></ul><ul><li>Edit the php.ini </li></ul><ul><li>max_execution_time = 60 session.save_path = E:/windows/temp removed the ; in front of &quot;; extension=php_gd.dll&quot; doc_root = E:program filesapache groupapachehtdocssnortreport extension_dir = F:Snortappsphpextensions </li></ul>
  14. 14. JDGRAPH AND GD 2.0.11 <ul><li>A general graphics library that supports PNG images </li></ul><ul><li>It is used to display the nice pie graph in SnortReport </li></ul><ul><li>Uncompress it to the directory where Apache is installed </li></ul>
  15. 15. SNORTREPORT <ul><li>Snort Report is an add-on module for the Snort Intrusion Detection System. </li></ul><ul><li>It provides real-time reporting from the MySQL database generated by Snort. </li></ul><ul><li>It’s a Web-based application for viewing all IDS alerts </li></ul><ul><li>All sensor information is consolidated here for viewing </li></ul>
  16. 16. SNORTREPORT INSTALLATION <ul><li>Uncompress SnortReport </li></ul><ul><li>Navigate to the snortreport folder and choose srconf.php. Edit the variables below: $server = &quot;localhost&quot;; </li></ul><ul><ul><li>$user = &quot;snort&quot;; </li></ul></ul><ul><ul><li>$pass = &quot;snortdb&quot;; </li></ul></ul><ul><ul><li>$dbname = &quot;snort&quot;; </li></ul></ul><ul><ul><li>define(“Path of JDGRAPH&quot;, “Path of GD&quot;); </li></ul></ul><ul><li>Reboot the machine </li></ul><ul><li>Start your browser and type: http://localhost/snortreport </li></ul>
  17. 17. Configuring snort.conf <ul><li>var HOME_NET </li></ul><ul><li>output database: alert, mysql, user=snort dbname=snort password=PASSWORD host= port=3306 sensor_name=maxserver </li></ul><ul><li>include $RULE_PATH/bahman_Maxwell.rules </li></ul><ul><li>Include F:Snortappsetcclassification.config </li></ul><ul><li>Include F:Snortappsetc eference.config </li></ul>
  18. 18. Configuring Snort as a Service <ul><li>snort /SERVICE /INSTALL -de -c F:snortappsetcsnort.conf -l F:snortappslog -i 2 </li></ul><ul><li>/SERVICE: Windows command to access the Services commands </li></ul><ul><li>/INSTALL: The command that installs the program as a Window service </li></ul>
  19. 19. Running Snort as a service
  20. 20. Snort Report
  21. 21. Ethereal sniffing the packets