Project

General

Profile

Support #541

Updated by Daniel Curtis almost 10 years ago

Snorby is a web frontend for the Snort IDS, and this is a simple guide on installing it on FreeBSD 9.2. This guide only sets up Snorby, as my setup has the Snort agent on remote machine, sending its data to a different remote database. 

 * Update the system 
 <pre> 
 pkg update && pkg upgrade 
 </pre> 

 * Install a few prerequisite packages: 
 <pre> 
 pkg install wget flex pcre libdnet libxml2 libxslt ImageMagick lwp p5-LWP-UserAgent-WithCache p5-Crypt-SSLeay p5-LWP-Protocol-https ruby ruby20-gems wkhtmltopdf 
 </pre> 

 * Install some prerequisite gems: 
 <pre> 
 pkg install rubygem-prawn rubygem-thor rubygem-i18n rubygem-bundler rubygem-tzinfo rubygem-builder rubygem-memcache-client rubygem-rack rubygem-rack-test rubygem-erubis rubygem-mail rubygem-text rubygem-sqlite3 rubygem-rake rubygem-mysql rubygem-rack-mount rubygem-rails 
 </pre> 

 * Get Snorby from the download section or use the latest edge release via git. 
 <pre> 
 cd /usr/local/www 
 git clone git://github.com/Snorby/snorby.git 
 </pre> 

 * Move into the Snorby directory 
 <pre> 
 cd snorby 
 </pre> 

 * Create a database config file: 
 <pre> 
 cp config/database.example.yml config/database.yml 
 </pre> 
 #* Change the database, host, user, and password accordingly 

 * Create and edit Edit the Snorby config: config 
 cp config/snorby_config.yml.example config/snorby_config.yml 
 vi config/snorby_config.yml snorby_config.yml 
 #* And add or modify the following 
 <pre> 
 development: 
 domain: localhost:3000 
 wkhtmltopdf: /usr/local/bin/wkhtmltopdf 
 mailer_sender: 'snorby@snorby.org' 
 rules: 
 - "/Users/mephux/.snort/rules" 
 - "/Users/mephux/.snort/so_rules" 
 test: 
 domain: localhost:3000 
 wkhtmltopdf: /usr/local/bin/wkhtmltopdf 
 mailer_sender: 'snorby@snorby.org' 
 # 
 # Production 
 # 
 # Change the production configuration for your environment. 
 # 
 production: 
 domain: localhost 
 wkhtmltopdf: /usr/local/bin/wkhtmltopdf 
 mailer_sender: 'snorby@snorby.org' 
 geoip_uri: "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz" 
 rules: 
 - "/usr/local/etc/snort/rules" 
 - "/usr/local/etc/snort/so_rules" 
 - "/usr/local/etc/snort/preproc_rules" 
 authentication_mode: database 
 </pre> 

 * Install Gem Dependencies 
 <pre> 
 bundle install 
 </pre> 
 #* *NOTE*: If you get missing gem issues in production use: 
 <pre> 
 bundle install --path vendor/cache 
 </pre> 
 #* If your system gems are updated beyond the gemfile.lock you should use this as an example  
 <pre> 
 bundle exec rake snorby:setup 
 </pre> 
 #* If running @bundle exec {app}@ is painful you can safely install binstubs by: 
 <pre> 
 bundle install --binstubs 
 </pre> 

 * Run The Snorby Setup 
 <pre> 
 rake snorby:setup 
 </pre> 

 h2. Resources 

 * https://github.com/Snorby/snorby 
 * https://github.com/shirkdog/snorby-bsd/blob/master/snorbyInstall.sh 

Back