< MySQL, PHP Code, Basic Analysis and Security Engine (BASE) and ADODB | Java & Friends  | Testing Snort and BASE with Errors Troubleshooting >


 

 

BASE, Snort Tables and PEAR

 

 

What do we have in this session?

  1. Editing BASE’s Config File

  2. Adding Additional Snort Database Tables for BASE

  3. Download and Install Additional PHP Extensions

 

 

 

 

 

Editing BASE’s Config File

 

Next is to set up BASE configuration file. As usual, make a copy of c:\inetpub\wwwroot\base\base_conf.php.dist file (for example: base_conf.phpold.dist), then renamed base_conf.php.dist to base_conf.php, in the same directory.

 

The BASE config file

 

Open base_conf.php in any unformatted text editor; then make the following modifications based on our setup. Change accordingly if yours are different.

 

Define the paths and database credentials based on our setup:

 

set $BASE_urlpath = '/base-1.4.5'
set $DBlib_path = 'c:\php\adodb5'
set $alert_dbname = 'mysnort';
set $alert_host = 'localhost';
set $alert_user = 'setangedik';
set $alert_password = '134@Atu4aR';

 

The BASE URL path.

 

/*

 Set the base_urlpath to the url location that is the root of your BASE install.

 This must be set for BASE to function! Do not include a trailing slash!

 But also put the preceding slash. e.g. Your URL is http://127.0.0.1/base

 set this to /base

 

 */

$BASE_urlpath = '/base-1.4.5';

 

The ADODB path.

 

/* Path to the DB abstraction library

 *  (Note: DO NOT include a trailing backslash after the directory)

 *   e.g. $foo = '/tmp'      [OK]

 *        $foo = '/tmp/'     [OK]

 *        $foo = 'c:\tmp'    [OK]

 *        $foo = 'c:\tmp\'   [WRONG]

 */

$DBlib_path = 'c:\php\adodb5';

 

The Snort database credentials.

 

/* Alert DB connection parameters

 *   - $alert_dbname   : MySQL database name of Snort alert DB

 *   - $alert_host     : host on which the DB is stored

 *   - $alert_port     : port on which to access the DB

 *   - $alert_user     : login to the database with this user

 *   - $alert_password : password of the DB user

 *

 *  This information can be gleaned from the Snort database

 *  output plugin configuration.

 */

$alert_dbname   = 'mysnort';

$alert_host     = 'localhost';

$alert_port     = '3306';

$alert_user     = 'setangedik';

$alert_password = '134@Atu4aR';

 

Also for the archive database.

 

/* Archive DB connection parameters */

$archive_exists   = 1; # Set this to 1 if you have an archive DB

$archive_dbname   = 'archive';

$archive_host     = 'localhost';

$archive_port     = '3306';

$archive_user     = 'setangedik';

$archive_password = '134@Atu4aR';

 

Adding Additional Snort Database Tables for BASE

 

BASE also requires some additional tables that need to be added to Snort database (mysnort), so to create those additional tables, use the following mysql command line to run the following script (the SQL script already given to us which can be found under %base-1.4.5%sql subfolder):

 

The additional tables needed by BASE generated by running the BASE SQL script

 

Run the following mysql command.

 

mysql> USE mysnort;

mysql> SOURCE C:\Inetpub\wwwroot\base-1.4.5\sql\create_base_tbls_mysql.sql

 

 

 

 

 

 

 

 

 

 

------------------------------------------------------------------

Adding additional tables to mysnort database

 

Repeat the same step for archive database.

 

mysql> USE archive;

mysql> SOURCE C:\Inetpub\wwwroot\base-1.4.5\sql\create_base_tbls_mysql.sql

 

Adding additional table to Snort archive MySQL database

 

Download and Install Additional PHP Extensions

 

The final step is to download additional PHP graphing packages from PEAR used by BASE. This step is optional if you don’t intend to use the graphs that BASE offers however some PEAR packages are needed such as Mail_mime. In our case, on the localhost, change directory to c:\php then runs the following command:

 

C:\>PHP>go-pear

 

At the prompt, press Enter to install system-wide, press Enter on the next prompt (taking defaults), finally accept the suggestion to update php.ini include path, if offered. When complete, run the following commands, one at a time:

 

pear install snortmysqlphperliisoinkmasterwinxp_Color

pear install Log

pear install Numbers_Roman

pear install http://pear.php.net/get/snortmysqlphperliisoinkmasterwinxp_Canvas

pear install http://pear.php.net/get/Numbers_Words-0.15.0

pear install http://download.pear.php.net/package/snortmysqlphperliisoinkmasterwinxp_Graph-0.7.2.tgz

pear install -a -f Mail Mail_mime

 

Installing additional PHP extensions (PEAR) needed by BASE

 

Installing snortmysqlphperliisoinkmasterwinxp_Color, Log, Number_Roman and  snortmysqlphperliisoinkmasterwinxp_Canvas PHP extensions

 

Installing Numbers_Word and snortmysqlphperliisoinkmasterwinxp_Graph PHP extensions

 

The following options are used for the next PEAR package installation.

 

Option

Meaning

-a

install all required and optional dependencies

-f

will overwrite newer installed packages

 

 

Installing Mail, MAil_mime and related PHP extensions

 

 

 

 

 


 

< MySQL, PHP Code, Basic Analysis and Security Engine (BASE) and ADODB | Java & Friends  | Testing Snort and BASE with Errors Troubleshooting >