-
Notifications
You must be signed in to change notification settings - Fork 225
CentOS 5.5 64bit by RISC427
This document is intended to provide direction on how to install Snorby 2.0 (Snort IDS front end) on a clean install of CentOS 5.5 64-bit. It is assumed that Apache and MySQL are already available on the system, including their respective devel packages. We’re using mod_passenger (mod_rails) with Apache to make Snorby accessible via the browser.
Requirements:
Apache, MySQL, Snort, Barnyard2
Package pre-reqs:
gcc, openssl, openssl-devel, fontconfig-devel, libtool-ltdl-devel, xz
ImageMagick
Due to the CentOS repos having a fairly old version of ImageMagick we’ll need to pull down ImageMagick and it’s associated devel package directly from imagemagick.org:
wget http://www.imagemagick.org/download/linux/CentOS/x86_64/ImageMagick-6.6.6-3.x86_64.rpm
wget http://www.imagemagick.org/download/linux/CentOS/x86_64/ImageMagick-devel-6.6.6-3.x86_64.rpm
Install the ImageMagick packages via YUM to resolve dependencies:
yum install ImageMagick-6.6.6-3.x86_64.rpm ImageMagick-devel-6.6.6-3.x86_64.rpm –nogpgcheck
Ruby
Again the CentOS repos have an old version of Ruby so we’ll need to grab the Ruby source directory from ruby-lang.org:
wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.2-p0.tar.gz
Extract the archive and compile the Ruby source.
tar -xvzf ruby-1.9.2-p0.tar.gz
cd ruby-1.9.2-p0
./configure
make && make install
git
In order to pull down the Snorby 2 code you’ll need git. This doesn’t appear to be in the default CentOS repos so we can use the rpmforge repo.
yum install git
Download Snorby 2
Grab Snorby 2 and then update to make sure we have the latest code:
git clone git://github.com/Snorby/snorby.git
git pull
We should now have a ‘snorby’ directory in the location which we ran the above commands.
Gem bundler
Now install bundler which is a Ruby application (gem) dependency manager. (i.e. yum for gems):
http://gembundler.com/
gem install bundler
Snorby gems
Install Snorby 2 required gems. This needs to be ran from the snorby root directory:
bundle install
Phusion Passenger
Install the Phusion Passenger gem aka mod_rails. This provides us with an Apache module we’ll use deploy the Snorby application: http://www.modrails.com/
gem install passenger –-no-rdoc –-no-ri
Once the gem is installed we’ll need to build the Apache module. This will likely point out some missing packages which you should install as needed.
passenger-install-apache2-module
When the module is finished building it will note that the following needs to be added to your Apache config. This allows Apache to load the passenger module and defines locations for passenger and ruby:
LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.1/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.1
PassengerRuby /usr/local/bin/ruby
Additionally we’ll need to create a virtual host for the Snorby application. Add the following to your Apache config :
<VirtualHost *:80>
ServerName www.yourhost.com
DocumentRoot /var/www/snorby/public # <-- be sure to point to 'public'!
<Directory /var/www/snorby/public>
AllowOverride all # <-- relax Apache security settings
Options -MultiViews # <-- MultiViews must be turned off
</Directory>
</VirtualHost>
Database
When building Snorby it attempts to create a DB in MySQL. To make sure this happens correctly we need to set our MySQL credentials in ‘/snorbyRoot/config/database.yml’. Set the following per your MySQL installation:
snorby: &snorby
adapter: mysql
username: snorby
password: snorby
host: localhost
Snorby Install
Now we need to install/make Snorby. From your snorby root run the following:
rake snorby:setup
Snorby is now built and almost ready for use. Before using Snorby we’ll want to create a snorby specific user in MySQL that has appropriate access to the snorby DB.
mysql -u username -p
use snorby;
grant all privileges on *.* to 'username'AT'localhost';
We’ll again need to modify the snorby database.yml file and set the credentials based on the user we just created.
Up until now I’ve done all of my building and installing in ‘/opt/snorby’. In order to make Snorby available to Apache I’ll move snorby to ‘/var/www/’. We can then set our virtual host to use ‘/var/www/snorby/public/’ as it’s root. (we did this just after the passenger install)
cp -rf /var/www/
We can now start or restart apache and try hitting the Snorby application via http://xxx.xxx.xxx.xxx.
Errors
Upon hitting Snorby for the first time you may receive the following error:
"http://github.com/mephux/ezprint.git (at rails3) is not checked out. Please run `bundle install` (Bundler::GitError)"
If so, simply issue the following from your Snorby root directory:
bundle pack
bundle install –path vender/cache
This issue was addressed on Github and is still available for reference under the closed issues.
https://github.com/Snorby/snorby/issues/closed
Export to PDF
In order to use the export to PDF functionality we’ll need to grab ‘wkhtmltopdf’. http://code.google.com/p/wkhtmltopdf/
wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.10.0_rc1-static-amd64.tar.lzma
xz -d wkhtmltopdf-0.10.0_rc1-static-amd64.tar.lzma
tar -xvf wkhtmltopdf-0.10.0_rc1-static-amd64.tar
cp wkhtmltopdf-amd64 /usr/local/bin/wkhtmltopdf
**This was done in this fashion because using PDFkit seems to be broken. Upon running ‘pdfkit –install-wkhtmltopdf’ we receive an error – ’ File format not recognized’