3) Snort Report 설치

1. Snort Report에 필요한 파일다운

php 설치, php.ini 설정 변경

[root@localhost sn]#  yum install httpd php php-pear*
Loaded plugins: fastestmirror, refresh-packagekit, security

.. 생략

[root@localhost sn]# vim /etc/php.ini

; Default Value: On
; Development Value: Off
; Production Value: Off
; http://www.php.net/manual/en/ini.core.php#ini.short-open-tag
short_open_tag = On

[root@localhost sn]#  service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
                                                           [  OK  ]

jpgraph 다운

[root@localhost html]# wget http://ftp.psu.ac.th/pub/snort/jpgraph-1.27.1.tar.gz
--2016-03-09 00:33:39--  http://ftp.psu.ac.th/pub/snort/jpgraph-1.27.1.tar.gz
Resolving ftp.psu.ac.th... 202.29.148.133
Connecting to ftp.psu.ac.th|202.29.148.133|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4668295 (4.5M) [application/x-gzip]
Saving to: “jpgraph-1.27.1.tar.gz”

100%[======================================>] 4,668,295    552K/s   in 9.9s    

2016-03-09 00:33:50 (461 KB/s) - “jpgraph-1.27.1.tar.gz” saved [4668295/4668295]

snortreport 다운

[root@localhost html]# wget http://ftp.psu.ac.th/pub/snort/snortreport-1.3.3.tar.gz
--2016-03-09 00:34:17--  http://ftp.psu.ac.th/pub/snort/snortreport-1.3.3.tar.gz
Resolving ftp.psu.ac.th... 202.29.148.133
Connecting to ftp.psu.ac.th|202.29.148.133|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44589 (44K) [application/x-gzip]
Saving to: “snortreport-1.3.3.tar.gz”

100%[======================================>] 44,589      82.2K/s   in 0.5s    

2016-03-09 00:34:25 (82.2 KB/s) - “snortreport-1.3.3.tar.gz” saved [44589/44589]

nbtscan 다운

[root@localhost html]# wget nbtscan-source-1.0.35.tgz
--2016-03-09 00:36:51--  http://nbtscan-source-1.0.35.tgz/
Resolving nbtscan-source-1.0.35.tgz... failed: Name or service not known.
wget: unable to resolve host address “nbtscan-source-1.0.35.tgz”
[root@localhost html]# wget http://www.unixwiz.net/tools/nbtscan-source-1.0.35.tgz 
--2016-03-09 00:38:01--  http://www.unixwiz.net/tools/nbtscan-source-1.0.35.tgz
Resolving www.unixwiz.net... 54.183.133.27
Connecting to www.unixwiz.net|54.183.133.27|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 38753 (38K) [application/x-gzip]
Saving to: “nbtscan-source-1.0.35.tgz”

100%[======================================>] 38,753       243K/s   in 0.2s    

2016-03-09 00:38:02 (243 KB/s) - “nbtscan-source-1.0.35.tgz” saved [38753/38753]

[root@localhost html]# ls
index.html             nbtscan-source-1.0.35.tgz
jpgraph-1.27.1.tar.gz  snortreport-1.3.3.tar.gz
[root@localhost html]# 

2. Snort Report 설치

snort report 설치 및 설정 변경

[root@localhost html]# tar -zxvf snortreport-1.3.3.tar.gz 
[root@localhost html]# mv snortreport-1.3.3 sn
[root@localhost sn]# cd sn
[root@localhost sn]# vim srconf.php 
// Put your snort database login credentials in this section
$server = "localhost";
$user = "snortuser";
$pass = "test@1234";
$dbname = "snort";
  
// use either "mysql" or "pgsql" below, depending on your database
$dbtype = "mysql";
  
// Change to FALSE if GD *and* JPGraph are not installed
$haveGD = TRUE;
 
// Relative path to JPGraph
// You need to have jpgraph and jpgraph_pie installed to see the chart.
// Change the variable below to reflect the location of jpgraph relativ    e
// to Snort Report, for example "../jpgraph/", etc.
define("JPGRAPH_PATH", "/var/www/html/jpgraph/src/");

// Path to external utilities
// Enter the correct path (including the binary) to nmap and nbtscan if     you have them installed
// You can also include switches for each binary (see nmap)
define("NMAP_PATH", "/usr/bin/nmap -v");
define("NBTSCAN_PATH", "/usr/local/nbtscan/nbtscan");

jpgraph 설치

[root@localhost html]# tar -zxvf jpgraph-1.27.1.tar.gz 
[root@localhost html]# mv jpgraph-1.27.1 jpgraph

nbtscan 설치

[root@localhost html]# cd /usr/local
[root@localhost local]# mkdir nbtscan
[root@localhost local]# cd nbtscan/
[root@localhost nbtscan]# tar -zxvf /var/www/html/nbtscan-source-1.0.35.tgz
[root@localhost nbtscan]# make

3. Snort Report 웹 페이지로 확인

해당 리눅스 서버의 Firefox에서 http://localhost/sn/alerts.php 로 접속