Support #541
Updated by Daniel Curtis about 9 years ago
Snorby is a web frontend for the Snort IDS, and this is a simple guide on installing it on FreeBSD 9.2. This guide only sets up Snorby, as my setup has the Snort agent on remote machine, sending its data to a different remote database. * Update the system <pre> pkg update && pkg upgrade </pre> * Install a few prerequisite packages: <pre> pkg install wget flex pcre libdnet libxml2 libxslt ImageMagick lwp p5-LWP-UserAgent-WithCache p5-Crypt-SSLeay p5-LWP-Protocol-https ruby ruby20-gems wkhtmltopdf </pre> * Install some prerequisite gems: <pre> pkg install rubygem-prawn rubygem-thor rubygem-i18n rubygem-bundler rubygem-tzinfo rubygem-builder rubygem-memcache-client rubygem-rack rubygem-rack-test rubygem-erubis rubygem-mail rubygem-text rubygem-sqlite3 rubygem-rake rubygem-mysql rubygem-rack-mount rubygem-rails </pre> * Get Snorby from the download section or use the latest edge release via git. <pre> cd /usr/local/www git clone git://github.com/Snorby/snorby.git </pre> * Move into the Snorby directory <pre> cd snorby </pre> * Create a database config file: <pre> cp config/database.example.yml config/database.yml </pre> #* Change the database, host, user, and password accordingly * Create and edit Edit the Snorby config: config cp config/snorby_config.yml.example config/snorby_config.yml vi config/snorby_config.yml snorby_config.yml #* And add or modify the following <pre> development: domain: localhost:3000 wkhtmltopdf: /usr/local/bin/wkhtmltopdf mailer_sender: 'snorby@snorby.org' rules: - "/Users/mephux/.snort/rules" - "/Users/mephux/.snort/so_rules" test: domain: localhost:3000 wkhtmltopdf: /usr/local/bin/wkhtmltopdf mailer_sender: 'snorby@snorby.org' # # Production # # Change the production configuration for your environment. # production: domain: localhost wkhtmltopdf: /usr/local/bin/wkhtmltopdf mailer_sender: 'snorby@snorby.org' geoip_uri: "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz" rules: - "/usr/local/etc/snort/rules" - "/usr/local/etc/snort/so_rules" - "/usr/local/etc/snort/preproc_rules" authentication_mode: database </pre> * Install Gem Dependencies <pre> bundle install </pre> #* *NOTE*: If you get missing gem issues in production use: <pre> bundle install --path vendor/cache </pre> #* If your system gems are updated beyond the gemfile.lock you should use this as an example <pre> bundle exec rake snorby:setup </pre> #* If running @bundle exec {app}@ is painful you can safely install binstubs by: <pre> bundle install --binstubs </pre> * Run The Snorby Setup <pre> rake snorby:setup </pre> h2. Resources * https://github.com/Snorby/snorby * https://github.com/shirkdog/snorby-bsd/blob/master/snorbyInstall.sh