Skip to content

CentOS 5.5 64bit by RISC427

Jump to bottom Edit New page
mephux edited this page Dec 15, 2010 · 13 revisions

This document is intended to provide direction on how to install Snorby 2.0 (Snort IDS front end) on a clean install of CentOS 5.5 64-bit. It is assumed that Apache and MySQL are already available on the system, including their respective devel packages. We’re using mod_passenger (mod_rails) with Apache to make Snorby accessible via the browser.

Requirements:
Apache, MySQL, Snort, Barnyard2

Package pre-reqs:
gcc, openssl, openssl-devel, fontconfig-devel, libtool-ltdl-devel, xz

ImageMagick
Due to the CentOS repos having a fairly old version of ImageMagick we’ll need to pull down ImageMagick and it’s associated devel package directly from imagemagick.org:

wget http://www.imagemagick.org/download/linux/CentOS/x86_64/ImageMagick-6.6.6-3.x86_64.rpm
wget http://www.imagemagick.org/download/linux/CentOS/x86_64/ImageMagick-devel-6.6.6-3.x86_64.rpm

Install the ImageMagick packages via YUM to resolve dependencies:

yum install ImageMagick-6.6.6-3.x86_64.rpm ImageMagick-devel-6.6.6-3.x86_64.rpm –nogpgcheck

Ruby

Again the CentOS repos have an old version of Ruby so we’ll need to grab the Ruby source directory from ruby-lang.org:

wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.2-p0.tar.gz

Extract the archive and compile the Ruby source.

tar -xvzf ruby-1.9.2-p0.tar.gz cd ruby-1.9.2-p0 ./configure make && make install

git

In order to pull down the Snorby 2 code you’ll need git. This doesn’t appear to be in the default CentOS repos so we can use the rpmforge repo.

yum install git

Download Snorby 2

Grab Snorby 2 and then update to make sure we have the latest code:

git clone git://github.com/Snorby/snorby.git
git pull

We should now have a ‘snorby’ directory in the location which we ran the above commands.

Gem bundler

Now install bundler which is a Ruby application (gem) dependency manager. (i.e. yum for gems):
http://gembundler.com/

gem install bundler

Snorby gems
Install Snorby 2 required gems. This needs to be ran from the snorby root directory:

bundle install

Phusion Passenger
Install the Phusion Passenger gem aka mod_rails. This provides us with an Apache module we’ll use deploy the Snorby application: http://www.modrails.com/

gem install passenger –-no-rdoc –-no-ri

Once the gem is installed we’ll need to build the Apache module. This will likely point out some missing packages which you should install as needed.

passenger-install-apache2-module

When the module is finished building it will note that the following needs to be added to your Apache config. This allows Apache to load the passenger module and defines locations for passenger and ruby:

LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.1/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.1
PassengerRuby /usr/local/bin/ruby

Additionally we’ll need to create a virtual host for the Snorby application. Add the following to your Apache config :

<VirtualHost *:80>
ServerName www.yourhost.com
DocumentRoot /var/www/snorby/public # <-- be sure to point to 'public'!
<Directory /var/www/snorby/public>
AllowOverride all # <-- relax Apache security settings
Options -MultiViews # <-- MultiViews must be turned off
</Directory>
</VirtualHost>

Database
When building Snorby it attempts to create a DB in MySQL. To make sure this happens correctly we need to set our MySQL credentials in ‘/snorbyRoot/config/database.yml’. Set the following per your MySQL installation:

snorby: &snorby
adapter: mysql
username: snorby
password: snorby
host: localhost

Snorby Install
Now we need to install/make Snorby. From your snorby root run the following:

rake snorby:setup

Snorby is now built and almost ready for use. Before using Snorby we’ll want to create a snorby specific user in MySQL that has appropriate access to the snorby DB.

mysql -u username -p
use snorby;
grant all privileges on *.* to 'username'AT'localhost';

We’ll again need to modify the snorby database.yml file and set the credentials based on the user we just created.

Up until now I’ve done all of my building and installing in ‘/opt/snorby’. In order to make Snorby available to Apache I’ll move snorby to ‘/var/www/’. We can then set our virtual host to use ‘/var/www/snorby/public/’ as it’s root. (we did this just after the passenger install)

cp -rf /var/www/

We can now start or restart apache and try hitting the Snorby application via http://xxx.xxx.xxx.xxx.

Errors
Upon hitting Snorby for the first time you may receive the following error:

"http://github.com/mephux/ezprint.git (at rails3) is not checked out. Please run `bundle install` (Bundler::GitError)"

If so, simply issue the following from your Snorby root directory:

bundle pack
bundle install –path vender/cache

This issue was addressed on Github and is still available for reference under the closed issues.
https://github.com/Snorby/snorby/issues/closed

Export to PDF
In order to use the export to PDF functionality we’ll need to grab ‘wkhtmltopdf’. http://code.google.com/p/wkhtmltopdf/

wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.10.0_rc1-static-amd64.tar.lzma
xz -d wkhtmltopdf-0.10.0_rc1-static-amd64.tar.lzma
tar -xvf wkhtmltopdf-0.10.0_rc1-static-amd64.tar
cp wkhtmltopdf-amd64 /usr/local/bin/wkhtmltopdf

**This was done in this fashion because using PDFkit seems to be broken. Upon running ‘pdfkit –install-wkhtmltopdf’ we receive an error – ’ File format not recognized’

Add a custom footer
Add a custom sidebar
Clone this wiki locally