HOWTO Setup BASE with Apache, Snort, and PostgreSQL

From Gentoo Linux Wiki

Jump to: navigation, search

Contents

[edit] Introduction

This document has moved to: HOWTO Apache2 with BASE

If you are wondering what BASE is; it is a web-based front-end to the Snort NIDS. It allows you to organize your Snort logs and alerts into an easily readable format and to graph that data. It is a modern replacement for ACID (which is no longer being developed). BASE also provides some additional features not found in ACID, such as user authentication. If you are familiar with ACID, then you will feel right at home using BASE.

[edit] Abstract

The goal of this document is to walk you though the installation and setup of BASE. The only requirements are that you have Gentoo installed successfully, and you must have administrative privileges. This document will explain how to install and configure any necessary dependencies for BASE to run.

[edit] Procedure

File: /etc/make.conf

USE="+php +session +cli *hardenedphp +gd *pear #apache2 #postgres #mysql **ssl *png #jpeg #gif" 

+  required.
** optional, but highly recommended. 
*  optional, but recommended.
#  optional.

[edit] Install Prerequisite Programs

Code: Install PostgreSQL, Apache, PHP, and Snort 
Install PostgreSQL or Install MySQL
Install Apache
emerge gd
emerge dev-lang/php
Install Snort
If using x86:
echo "dev-php4/jpgraph ~x86" >> /etc/portage/package.keywords
echo "dev-php/PEAR-PEAR ~x86" >> /etc/portage/package.keywords
If using amd64:
echo "dev-php4/jpgraph ~amd64" >> /etc/portage/package.keywords
echo "dev-php/PEAR-PEAR ~amd64" >> /etc/portage/package.keywords
All:
emerge jpgraph
emerge adodb
emerge PEAR-PEAR

[edit] Install mod_ssl (optional)

Code: If using Apache-1, install mod_ssl (recommended). 
Install mod_ssl

[edit] Install BASE

Code: Install BASE 
emerge base

[edit] Setup BASE

File: Verify the '/etc/base/base_conf.php' settings

$alert_dbname = "snort_log";

$alert_host = "localhost";
Or enter the ip-adress of the remote host running the database.
$alert_port = "";
Only change this if you've set the database to use a non-standard port.

$alert_user = "snort";
$alert_password = "[the password you entered when you created the snort user]";

Code: Navigate to base_db_setup.php (e.g., https://localhost/base/base_db_setup.php)

click the "Setup AG" button.

You're done! You can access BASE by navigating to 'base_main.php' (e.g., https://localhost/base/base_main.php).

[edit] BASE Authentication Setup (optional)

Code: Add new roles

Click the 'Administration' link on the main BASE page.
Click the 'Create a Role' link.
Enter role info (e.g., Role ID: 1, Role Name: Admin, Description: Full Access).

Code: Add new users

Click the 'Create a user' link.
Enter the user info.
Verify that the user was added successfully.

File: /etc/base/base_conf.php 
$Use_Auth_System = 1;

[edit] Troubleshooting

Code: Verify cookie support is enabled in the browser (Firefox)

Edit->Preferences->Privacy->Cookies->
Check "Allow sites to set cookies"
Click "OK"

Code: Verify proper USE flags are set (i.e., dev-lang/php requires '+cli', '+gd' and '+pear' for chart support) 
emerge -pv postgresql apache gd dev-lang/php jpgraph snort base
Code: Check the logs for any clues 
less /var/log/messages || less /var/log/everything/current
less /var/lib/postgresql/data/postgresql.log
less /var/log/apache2/error_log || less /var/log/apache2/ssl_error_log
Code: Verify permissions and content of '/etc/base/base_conf.php' (it should be -rw-r----- root apache) 
ls -l /etc/base/base_conf.php

[edit] References

/usr/share/doc/base-1.2.2/README.gz
BASE homepage
Snort homepage
PostgreSQL homepage
PHP homepage
Apache homepage
exklusve's guide to Snort, MySQL, and ACID (In the Gentoo Forums)
MySQL homepage
ACID homepage

Retrieved from "http://www.gentoo-wiki.com/HOWTO_Setup_BASE_with_Apache%2C_Snort%2C_and_PostgreSQL"
Personal tools