본문 바로가기
조회 수 9094 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print Files
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print Files
How to install Snorby in Kali

https://github.com/snorby/snorby
http://wolfer.blog.com/2013/06/28/how-to-installing-snort-and-snorby-on-debian/
http://blog.beor.co.za/2013/01/installing-snorby-on-ubuntu-1204.html
http://linuxdrops.com/install-snorby-for-snort-and-sagan/

This is not a how-snorby doc for IDS. Most likely useful for Kali on your personal lab for researching purpose.

1. Add repositories
cat > /etc/apt/sources.list <<END
# Regular repositories
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
# Source repositories
deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
END

2. update packages
apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

3. install mysql server and client in case they're not installed previously
apt-get install mysql-server mysql-client -y

4. install snort-mysql package
apt-get install snort-mysql -y

5. start mysql and create DB for snorby
service mysql start
mysql_secure_installation
mysql -uroot -p
CREATE DATABASE snorby DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON snorby.* TO 'snorby_user'@'localhost' IDENTIFIED BY 'gesdjf23tbodfSFE';
exit

Note. snort DB info
Username: snorby_user
Password: gesdjf23tbodfSFE
DB Name: snorby

6. install prerequisites for snorby
apt-get install libyaml-dev git-core default-jre imagemagick libmagickwand-dev wkhtmltopdf build-essential libssl-dev libreadline-gplv2-dev zlib1g-dev linux-headers-$(uname -r) libsqlite3-dev libxslt1-dev libxml2-dev libmysqlclient-dev libmysql++-dev apache2-prefork-dev libcurl4-openssl-dev ruby ruby-dev -y

Note. libcurl4-openssl-dev and apache2-prefork-dev were not be able to installed. needed to add debian repository.
echo "deb http://ftp.de.debian.org/debian sid main" >> /etc/apt/sources.list
apt-get install libcurl4-openssl-dev apache2-prefork-dev -y
vi /etc/apt/sources.list <------- remove the last line

7. install rails (bundler included)
gem install rails --no-ri --no-rdoc
rails -v

8. download source for snorby
cd /var/www/
git clone http://github.com/Snorby/snorby.git

9. set up the configuration files and install gems
cd /var/www/snorby/config/
cp database.yml.example database.yml
cp snorby_config.yml.example snorby_config.yml
sed -i s/"\/usr\/local\/bin\/wkhtmltopdf"/"\/usr\/bin\/wkhtmltopdf"/g snorby_config.yml

vi database.yml
------------------8<--------------------
snorby: &snorby
  adapter: mysql
  username: snorby_user
  password: gesdjf23tbodfSFE
  host: localhost

development:
  database: snorby
  <<: *snorby

test:
  database: snorby
  <<: *snorby

production:
  database: snorby
  <<: *snorby
------------------8<--------------------
cd /var/www/snorby
bundle install
bundle exec rake snorby:setup

Note. ignore the message below as DB had been created previously
ERROR 1007 (HY000) at line 1: Can't create database 'snorby'; database exists

10. reconfigure snort-mysql
dpkg-reconfigure snort-mysql
: enter database info (host, db name, username and password)

Database server hostname: localhost
Database name: snorby
Username for database access: snorby_user
Password for the database connection: gesdjf23tbodfSFE

11. remove the lock file
rm /etc/snort/db-pending-config

12. start snort
service snort start

13. start snorby
cd /var/www/snorby
bundle exec rails server -e production

14. check from browser
http://192.168.1.169:3000
10.png

default credentials:
snorby@snorby.org
snorby

15. test - scan to generate an alert
nmap -A -T5 192.168.1.169
nmap -sS -T5 192.168.1.169

then check web gui
11.png

16. when rebooted, start mysql, snort and rails server
service mysql start
service snort start
cd /var/www/snorby
rails server -e production
./script/delayed_job start

#####################################
# how to change listening interface
#####################################

1. change interface and network arrange (this will stop snort)
dpkg-reconfigure snort-mysql

2. start snort again
service snort start


Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
20 How to Decrypt SSL and TLS Traffic using Wireshark (test with sample file) file Hojung 2015.01.23 2392
19 자바스크립트 난독화 기법 / 분석 방법론 (정리예정) Hojung 2015.01.05 1419
18 Base64 encode/decode with OpenSSL Hojung 2015.01.04 1303
17 Convert ascii to hex and vice versa (hexdump, od, xxd, echo -e) Hojung 2015.01.04 1020
16 Simple ruby script to de-obfuscate with XOR string Hojung 2015.01.01 653
15 Installing yara on CentOS and test with Ruby script Hojung 2014.12.31 1916
14 Installing Yara for ruby on Mac Hojung 2014.12.31 705
13 How to find the original email sender (check X-Originating-IP or Received headers) Hojung 2014.12.29 820
12 Links for FireEye Deployment Check Hojung 2014.12.11 2500
11 Get timezone info from system logs which is /var/log/messages Hojung 2014.12.07 729
10 Analysing NTPd logs file Hojung 2014.12.07 1408
9 Sguil with tcpreplay (Security Onion) file Hojung 2014.12.01 2233
8 Wireshark settings for traffic analysis file Hojung 2014.11.29 1045
7 Security Onion with Snort and Snorby (pulledpork and snort with offline pcap included) file Hojung 2014.11.24 3511
6 Snort on Ubuntu 14 (Barnyard2, PulledPork, BASE, Snort with pcap) file Hojung 2014.11.22 3204
» How to install Snorby in Kali (snort) file Hojung 2014.11.21 9094
4 install geoiplookup on Mac Hojung 2014.08.06 2817
3 DDoS 공격대응 가이드 Hojung 2014.07.29 3948
2 DDoS 분석도구 설치 및 분석 (tcpdstat, ngrep, httpry) Hojung 2014.07.25 3361
1 Perl script to push samples to Virustotal Hojung 2014.02.20 1213
Board Pagination ‹ Prev 1 Next ›
/ 1

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5