| Howto to install snort + oinkmaster + guardian + base on sme server 7.x
		  Author: MasterSleepy  | 
 | 
|  | |
| Problem:  You want to install snort on sme server 7.x   | |
|  | |
STEP 1: Install Snort
Download and install the contrib
| [root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=270" [root@server root]# rpm -ivh smeserver-snort-2.4.3-1.i386.rpm | 
STEP 2: Start service
Snort will be automatically activate when you restart server, or you can launch it manually
| [root@server root]# service snortd restart | 
STEP 3: Service option
 You can activate or deactivate mysql logging 
  
To deactive mysql plugin 
| [root@server root]# db configuration setprop snortd mysql disabled [root@server root]# service snortd restart | 
To active mysql plugin
| [root@server root]# db configuration setprop snortd mysql enabled [root@server root]# service snortd restart | 
If http_inspect is to restrive, you can deactive it
| [root@server root]# db configuration setprop snortd HttpInspect disabled [root@server root]# service snortd restart | 
To activate http_inspect
| [root@server root]# db configuration setprop snortd HttpInspect enabled [root@server root]# service snortd restart | 
STEP 4: Install Oinkmaster
 Oinkmaster can keep snort rules up-to-date by downloading new rules from internet.
 
  
Download and install the contrib
| [root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=272" [root@server root]# rpm -ivh smeserver-oinkmaster-1.2-1.noarch.rpm | 
STEP 5: Configure Oinkmaster
 Oinkmaster can retrieve snort rules from different web site.
3 differents source have configure for this package:
 
You have to go to snort web site and register
http://www.snort.org/pub-bin/register.cgi
When you are registered, go to your user preferences
https://www.snort.org/reg-bin/userprefs.cgi
At the end of the page you have a table with title "Oink Code", clic button "Get Code".
Now you have a oinkcode that you can give to oinkmaster with the following command
| [root@server root]# db configuration setprop oinkmaster code <code given> [root@server root]# expand-template /etc/oinkmaster.conf | 
| [root@server root]# db configuration setprop oinkmaster community enabled [root@server root]# expand-template /etc/oinkmaster.conf | 
| [root@server root]# db configuration setprop oinkmaster bleeding enabled [root@server root]# expand-template /etc/oinkmaster.conf | 
| [root@server root]# mv /etc/cron.daily/02-oinkmaster /etc/cron.weekly/ | 
STEP 6: Install guardian
 When snort detect some alert, guardian will black list the ip during one day.
 
  
Download and install the contrib
| [root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=274" [root@server root]# rpm -ivh smeserver-guardiand-1.7-1.noarch.rpm | 
STEP 7: Configure guardian service
Guardian service can be deactive using
| [root@server root]# db configuration set guardiand service status disabled | 
Guardian service can be active using
| [root@server root]# db configuration set guardiand service status enabled | 
STEP 8: Install base
Download and install base rpm
| [root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=276" [root@server root]# rpm -ivh smeserver-base-1.2.2-1.noarch.rpm | 
go to url
https://<server-ip>/base