Friday, October 29, 2010

Fall Personal Project: Update 3

As promised today's post will be about some of the things I learned during the installation of Snort on my Ubuntu box. The things I learned are more about the process of the setup more than anything else and the correct order in which to run the installs. You have to love dependencies right? Let's get started.

Acquired Knowledge Bit #1: Client install over Server install
The client install went a little better for me on the Zino for one reason only, I have to install a second NIC. On the Zino that is an issue because of it's form factor and the lack of a second ethernet port. I used the Cisco 300M USB to RJ45 adapter. This functions as a second NIC. Although all the documentation I read said that this would work hands down on the server install, I could only get it to work easily in the client install of ubuntu. This is not to say it will not work, just that I could not get it to work in a reasonable amount of time. On the client install the process was simple. I plugged it in, scanned for new hardware, and let the updater download and install the drivers. This was my primary reason for sticking with the client install over the server install. Installation on the Zino was nice, fast, and easy.

Acquired Knowledge Bit #2: LAMP, Package Manager, and apt-get
The nice thing about a server install for the ubuntu distro is that it comes ready to install LAMP. In fact it's a toggle option during package selection. For those of you who do not know LAMP is an acronym for Linux Apache MySQL PhP. The four basic packages which will accomplish most anything. On the client this is not an option but the installation of the necessary components can be run after the OS is running. If you want a decent install guide, there's an app...un site for that...head over to to get some guidance. Now here is what I learned in my post install LAMP, nothing works quite right unless you learn to love the apt-get command. Learn to use this over the package manager in the GUI. The command is faster, easier to script and chain, and leaves nothing to question. I found that the feedback from the terminal session was more informative than that of the GUI. Stick to apt-get install, you will be thankful.

Acquired Knowledge Bit #3: LAPM 
LAMP should really be called LAPM. The order matters. I like to make sure things are working. Apache 2.0 first. Be sure to check the browser first to make sure the host is responding on that port and that you can see the default index.html page in your browser. PHP is second. This is critical in my opinion. Installing PHP next will allow you to make sure that it is working and that you can install the necessary tools you will need to maintain your MySQLDB, mainly phpmyadmin. Even if you are missing some dependencies, you will want to follow Apache with PHP. Next you will want to create the phpinfo.php page with the following code:

This will show you all the php configurations you have running. A great tool to use when trying to install LAMP (LAPM).  Call this page (phpinfo.php or whatever you called it) in your browser. This will verify that Apache and PHP are talking and that you have PHP installed correctly.

MySQL deserves it's own time, so I will talk about that in the next installment as well as setting the snort.conf file and some of the pitfalls I learned there as well. So in the meantime have a great one!

Friday, October 22, 2010

Fall Personal Project: Update 2

And working!....The Snort home project is a success. At least the setup and configuration of the project is a success. I have not tried to mess with the rules yet, but I will get there. I'm sidetracked at the moment by a layoff, contract work, classes, and job hunting. Honestly I'm surprised I got any of it done at all.

All said and done this is pretty sweet, and I would like to thank the guys at the snort forums and on the snort mailing list for all the help. I would also like to thank the guide writer for the in depth guide. 

Here is a list of the equipment I used: 
1. Dell Zino (aka Inspirion 400)
2. 1 Router (any type with a built in switch)
3. 1 unmanaged hub or a switch which you can set as a repeater (I used a Netgear DS108)
3. 1 Cisco USB to Ethernet dongle (USB 300M)
4. Ubuntu 10.4 or higher
5. UTP patch cables
6. 1 UPS for the networking equipment.

I will go through the configuration in an upcoming post, but needless to say it does work. There are some tricks I learned outside of the guide which will help along the way.

Here some photos of the setup all completed:

I have cleared the DB several times and started traffic over and it is working like a charm. The next post will cover the guide, software installs, and getting LAMP running.