Barnyard2 Installation Linux: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Vorbereitung= *apt-get install -y mysql-server libmysqlclient-dev mysql-client autoconf libtool *apt-get install libpcap-dev libprelude-dev =Edit /etc/snort/s…“) |
|||
| (10 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 3: | Zeile 3: | ||
*apt-get install libpcap-dev libprelude-dev | *apt-get install libpcap-dev libprelude-dev | ||
=Edit /etc/snort/snort.conf= | =Edit /etc/snort/snort.conf= | ||
| + | *change | ||
<pre> | <pre> | ||
| − | # | + | #output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types |
| − | + | output unified2: filename snort.log, limit 128, mpls_event_types, vlan_event_types | |
| − | + | </pre> | |
| − | |||
| − | + | =Compile and Install Barnyard2= | |
| − | + | *git clone git://github.com/firnsy/barnyard2.git | |
| − | + | *cd barnyard2 | |
| − | + | *./autogen.sh | |
| − | output database log,mysql, user=snort password=snort dbname=snort host=localhost | + | *CFLAGS='-lpthread' |
| + | *./configure --with-mysql-libraries=/usr/lib/x86_64-linux-gnu | ||
| + | *apt-get install libdumbnet-dev | ||
| + | *ln -s /usr/include/dumbnet.h /usr/include/dnet.h | ||
| + | *ldconfig | ||
| + | *make | ||
| + | *make install | ||
| + | *cp etc/barnyard2.conf /etc/snort/ | ||
| + | *touch /var/log/snort/barnyard2.waldo | ||
| + | =Settings barnyard2.conf= | ||
| + | *cat /etc/snort/barnyard2.conf | ||
| + | <pre> | ||
| + | config reference_file: /etc/snort/reference.config | ||
| + | config classification_file: /etc/snort/classification.config | ||
| + | config gen_file: /etc/snort/gen-msg.map | ||
| + | config sid_file: /etc/snort/sid-msg.map | ||
| + | config logdir: /var/log/barnyard2 | ||
| + | config waldo_file: /var/log/snort/barnyard2.waldo | ||
| + | config archivedir: /var/log/snort | ||
| + | input unified2 | ||
| + | output alert_fast: stdout | ||
| + | output database: log, mysql, user=snort password=snort dbname=snort host=localhost | ||
</pre> | </pre> | ||
| + | =Test= | ||
| + | ==snort== | ||
| + | *snort -u snort -g snort -c /etc/snort/snort.conf -i guest-bridge | ||
| + | ==barnyard2== | ||
| + | *barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -g snort -u snort | ||
| + | ==mysql== | ||
| + | *mysql> select * from data limit 5 ; | ||
| + | <pre> | ||
| + | +-----+-----+------------------------------------------------------------------------------------------------------------------+ | ||
| + | | sid | cid | data_payload | | ||
| + | +-----+-----+------------------------------------------------------------------------------------------------------------------+ | ||
| + | | 1 | 1 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | ||
| + | | 1 | 2 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | ||
| + | | 1 | 3 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | ||
| + | | 1 | 4 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | ||
| + | | 1 | 5 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | ||
| + | +-----+-----+------------------------------------------------------------------------------------------------------------------+ | ||
| + | 5 rows in set (0.00 sec) | ||
| + | </pre> | ||
| + | |||
| + | =Database Settings= | ||
| + | *sudo mysql -u root -p | ||
| + | *mysql > create database snort; | ||
| + | *mysql > use snort; | ||
| + | *mysql > source /root/barnyard2/schemas/create_mysql | ||
| + | *mysql > CREATE USER 'snort'@'localhost' IDENTIFIED BY 'snort'* | ||
| + | *mysql > grant create, insert, select, delete, update on snort.* to 'snort'@'localhost'; | ||
| + | =Systemd= | ||
| + | *cat /etc/systemd/system/barnyard2.service | ||
| + | <pre> | ||
| + | [Unit] | ||
| + | Description=Barnyard2 Daemon | ||
| + | After=syslog.target network.target | ||
| + | |||
| + | [Service] | ||
| + | Type=simple | ||
| + | ExecStart=/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -q -w /var/log/snort/barnyard2.waldo -g snort -u snort -D -a /var/log/snort/archived_logs | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | </pre> | ||
| + | *systemctl enable barnyard2 | ||
| + | *systemctl daemon-reload | ||
| + | *systemctl start barnyard2 | ||
Aktuelle Version vom 16. Oktober 2018, 11:52 Uhr
Vorbereitung
- apt-get install -y mysql-server libmysqlclient-dev mysql-client autoconf libtool
- apt-get install libpcap-dev libprelude-dev
Edit /etc/snort/snort.conf
- change
#output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types output unified2: filename snort.log, limit 128, mpls_event_types, vlan_event_types
Compile and Install Barnyard2
- git clone git://github.com/firnsy/barnyard2.git
- cd barnyard2
- ./autogen.sh
- CFLAGS='-lpthread'
- ./configure --with-mysql-libraries=/usr/lib/x86_64-linux-gnu
- apt-get install libdumbnet-dev
- ln -s /usr/include/dumbnet.h /usr/include/dnet.h
- ldconfig
- make
- make install
- cp etc/barnyard2.conf /etc/snort/
- touch /var/log/snort/barnyard2.waldo
Settings barnyard2.conf
- cat /etc/snort/barnyard2.conf
config reference_file: /etc/snort/reference.config config classification_file: /etc/snort/classification.config config gen_file: /etc/snort/gen-msg.map config sid_file: /etc/snort/sid-msg.map config logdir: /var/log/barnyard2 config waldo_file: /var/log/snort/barnyard2.waldo config archivedir: /var/log/snort input unified2 output alert_fast: stdout output database: log, mysql, user=snort password=snort dbname=snort host=localhost
Test
snort
- snort -u snort -g snort -c /etc/snort/snort.conf -i guest-bridge
barnyard2
- barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -g snort -u snort
mysql
- mysql> select * from data limit 5 ;
+-----+-----+------------------------------------------------------------------------------------------------------------------+ | sid | cid | data_payload | +-----+-----+------------------------------------------------------------------------------------------------------------------+ | 1 | 1 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | 1 | 2 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | 1 | 3 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | 1 | 4 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | | 1 | 5 | 5E40BF5B00000000E9F3060000000000101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 | +-----+-----+------------------------------------------------------------------------------------------------------------------+ 5 rows in set (0.00 sec)
Database Settings
- sudo mysql -u root -p
- mysql > create database snort;
- mysql > use snort;
- mysql > source /root/barnyard2/schemas/create_mysql
- mysql > CREATE USER 'snort'@'localhost' IDENTIFIED BY 'snort'*
- mysql > grant create, insert, select, delete, update on snort.* to 'snort'@'localhost';
Systemd
- cat /etc/systemd/system/barnyard2.service
[Unit] Description=Barnyard2 Daemon After=syslog.target network.target [Service] Type=simple ExecStart=/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -q -w /var/log/snort/barnyard2.waldo -g snort -u snort -D -a /var/log/snort/archived_logs [Install] WantedBy=multi-user.target
- systemctl enable barnyard2
- systemctl daemon-reload
- systemctl start barnyard2