Snort and Snorby Installation (Ubuntu 10.04) INCOMPLETE

This guide will show you how to fully install & configure the Snort Intrusion Detection System (IDS) with Barnyard 2 to work with the new Snorby 2.0 on Ubuntu 10.04.

This guide assumes you have a bare-bones Ubuntu Server installation

Install some packages

apt-get install gcc g++ build-essential libssl-dev libreadline5-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt-dev libxml2-dev

Whew! Ok let's install Ruby 1.9.2 if you want to have multiple versions of ruby installed you can try Ruby Version Manager

wget http://ftp.ruby-lang.org//pub/ruby/1.9/ruby-1.9.2-p0.tar.gz
tar -xvzf ruby-1.9.2-p0.tar.gz
cd ruby-1.9.2-p0
./configure
make && make install

Ruby 1.9.2 comes with Ruby gems but before installing the gems we need for Snorby we need to install MySQL, git support and Image Magick.

apt-get install imagemagick git-core libmysqlclient-dev mysql-server libmagickwand-dev 

Ok, now we can install the gems.

gem install tzinfo builder memcache-client rack rack-test erubis mail text-format bundler thor i18n sqlite3-ruby
gem install rack-mount --version=0.4.0
gem install rails --version=3.0.2

We need to get a precompiled version of wkhtmltopdf for PDF generation to work correctly.

wget http://dl.dropbox.com/u/38088/wkhtmltopdf
cp wkhtmltopdf /usr/bin/

Ok we have all the pre-requisites, let's get the new Snorby and create a user to run it!

mkdir -p /var/www/snorby
adduser --system --home /var/www/snorby/ --no-create-home --group --shell /bin/bash snorby
usermod -a -G snorby www-data
git clone http://github.com/Snorby/snorby.git /var/www/snorby
cp /root/database.yml /var/www/snorby/config/database.yml

Once we have that taken care of we can install all the other gems by running the following

cd /var/www/snorby
bundle install

Snorby is installed now let's get Snort installed.

Snort requires the following packages...

apt-get install nmap nbtscan libpcap0.8-dev libpcre3-dev bison flex libpcap-ruby libdumbnet-dev \
apache2-mpm-prefork apache2-prefork-dev libapr1-dev libaprutil1-dev aspell libaspell-dev \
libapache2-mod-xsendfile jsvc openjdk-6-jre-headless apg

We also need to compile the following libraries

cd 
wget http://www.snort.org/dl/snort-current/daq-0.3.tar.gz
tar zxvf daq-0.3.tar.gz
cd daq-0.3
./configure
make && make install

wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz?download
tar zxvf libdnet-1.11.tar.gz?download
cd libdnet-1.11
./configure
make && make install
ln -s /usr/local/lib/libdnet.1 /usr/lib/
ldconfig

Ok! Let's get snort installed.

cd
wget http://www.snort.org/dl/snort-current/snort-2.9.0.2.tar.gz
tar zxvf snort-2.9.0.2.tar.gz
cd snort-2.9.0.2
./configure --with-mysql --enable-gre --enable-reload --enable-linux-smp-stats --enable-zlib
make && make install
mkdir /var/log/snort 
groupadd snort
useradd -g snort snort
chown snort:snort /var/log/snort

Now let's install Barnyard 2

cd
wget http://www.securixlive.com/download/barnyard2/barnyard2-1.8.tar.gz
tar zxvf barnyard2-1.8.tar.gz
cd barnyard2-1.8
./configure --with-mysql
make && make install
cp etc/barnyard2.conf /etc/snort/
mkdir /var/log/barnyard2
chmod 666 /var/log/barnyard2
touch  /var/log/snort/barnyard2.waldo
chown snort:snort /var/log/snort/barnyard2.waldo

Now let's install Apache and Passenger

gem install --no-ri --no-rdoc --version 2.2.15 passenger
/usr/local/lib/ruby/gems/1.9.1/gems/passenger-2.2.15/bin/passenger-install-apache2-module -a
echo "LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-2.2.15/ext/apache2/mod_passenger.so" > /etc/apache2/mods-available/passenger.load
echo "" > /etc/apache2/mods-available/passenger.conf
echo "   PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-2.2.15" >> /etc/apache2/mods-available/passenger.conf
echo "   PassengerRuby /usr/local/bin/ruby" >> /etc/apache2/mods-available/passenger.conf
echo "" >> /etc/apache2/mods-available/passenger.conf
a2enmod passenger
a2enmod rewrite
a2enmod ssl