Page 30 of 31 FirstFirst ... 2028293031 LastLast
Results 291 to 300 of 309

Thread: Intrusion Detection

  1. #291
    Join Date
    Oct 2009
    Location
    Louisiana
    Beans
    120
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Intrusion Detection

    How do I get adodb installed to work with base? When I setup base and it asks for the adodb path, I enter what you provided, but this didn't work. It tells me file not found.

  2. #292
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by espressobeanie View Post
    How do I get adodb installed to work with base? When I setup base and it asks for the adodb path, I enter what you provided, but this didn't work. It tells me file not found.
    Did you install adobd ?
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #293
    Join Date
    Dec 2006
    Beans
    216

    Re: Intrusion Detection

    My set up was working fine until I upgraded to LTS. Now I get the following error messages:
    Deprecated: Function ereg_replace() is deprecated in /var/www/base/includes/base_state_common.inc.php on line 184

    Deprecated: Function ereg_replace() is deprecated in /var/www/base/includes/base_state_common.inc.php on line 184

    Deprecated: Function ereg_replace() is deprecated in /var/www/base/includes/base_state_criteria.inc.php on line 255

    I know you mentioned not to run new versions of base, but 1.4.4 was working fine for me. Any idea what happened?

  4. #294
    Join Date
    Dec 2006
    Beans
    216

    Re: Intrusion Detection

    Seems I need to apply a patch discussed here:
    https://sourceforge.net/tracker/?fun...48&atid=635584
    Can you help me with this? I have not applied patches before.

  5. #295
    Join Date
    Jun 2010
    Location
    Arkansas
    Beans
    66
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Intrusion Detection

    For wireless you recommended airsnort. I clicked on the link and it said that it was old an no longer supported. The site said there are better alternatives and gave 1 or 2 recommendations. Should I stick with airsnort or look for something else? I have an older laptop, Toshiba Satellite Pro 6100, P4 1.6GHz cpu, 1Gb mem, and a 40Gb hard drive. Will Apache be too much for me? If so, what NID and HID would you recommend?
    Last edited by baguahsing; July 17th, 2010 at 01:40 AM.

  6. #296
    Join Date
    Oct 2009
    Location
    Louisiana
    Beans
    120
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Intrusion Detection

    I'm running into problems with starting snort:

    dave@dms:~$ sudo /etc/init.d/snort start
    And a pop-up box comes up and says:

    Snort failed to start...
    Not sure where I went wrong. Everything after 'make install' worked fine and there were two errors that I encountered. The first was when I was installing updated packages, like mysql-server-5.1, and I got this error:

    libphp-adodb is no longer installed in /usr/share/adodb. New installation path is now /usr/share/php/adodb.

    Please update your php.ini file. Maybe you must also change your web-server configuraton.
    And the second was that I couldn't import the mysql schemas for snort. I kept getting this error:

    ERROR 1045 (28000): Access denied for user 'snort'@'localhost' (using password: YES)
    A file create_mysql is already there.

    Not sure how to fix these problems. Also, snort has updated to version 2.8.6.1 and already includes your startup script.

    Bodhi, I was able to fix that other issue above. one of the php5 packages changed the way it referenced adobd and I failed to realize it.
    Last edited by espressobeanie; July 24th, 2010 at 01:07 AM.

  7. #297
    Join Date
    Dec 2006
    Beans
    216

    Re: Intrusion Detection

    You are going to have to update the php files stated during the install process. But I do not think snort issue is related to that. I would suggest you test each component separately. ( you are doing that actually ) try to start snort, and have it report to screen. You can see the alerts go by, or collect them into a file. Once you know you are generating alerting alerts, then you can collect them into the mysql database. You can run snort in test mode, or use another switch to send the alerts to a file or console. Once you see alerts, then you should specify the location of your snort.conf file, which is the command that author of this document gave us. You snort.conf file causes snort to report to the mysql. Then you can jump in the mysql, and run a query to see if your alerts make it to your database. Once you are sure that is happening, then the fun begins with php new paths etc. I hope this helps. It may seem a lot of work, but it is fun as heck and in the end you come out with a great understanding of how this valuable tool works.

    Quote Originally Posted by espressobeanie View Post
    I'm running into problems with starting snort:

    And a pop-up box comes up and says:

    Not sure where I went wrong. Everything after 'make install' worked fine and there were two errors that I encountered. The first was when I was installing updated packages, like mysql-server-5.1, and I got this error:

    And the second was that I couldn't import the mysql schemas for snort. I kept getting this error:

    A file create_mysql is already there.

    Not sure how to fix these problems. Also, snort has updated to version 2.8.6.1 and already includes your startup script.

    Bodhi, I was able to fix that other issue above. one of the php5 packages changed the way it referenced adobd and I failed to realize it.

  8. #298
    Join Date
    Feb 2010
    Location
    White Plume Mountain
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Intrusion Detection

    The following code will attempt to start SNORT and send any errors to a newly created snort_errors file in your /home folder. You do not have to create the file. The terminal will create it for you. Then you can post the contents of the folder here. Most likely the problems is coming from a conflicting SNORT rule. Hopefully this will show what that rule is.
    Code:
    sudo /etc/init.d/snort start 2> snort_errors
    Thank you for your contributions. "So long and thanks for the fish!"

  9. #299
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by espressobeanie View Post
    I'm running into problems with starting snort:

    And a pop-up box comes up and says:

    Not sure where I went wrong. Everything after 'make install' worked fine and there were two errors that I encountered. The first was when I was installing updated packages, like mysql-server-5.1, and I got this error:

    And the second was that I couldn't import the mysql schemas for snort. I kept getting this error:

    A file create_mysql is already there.

    Not sure how to fix these problems. Also, snort has updated to version 2.8.6.1 and already includes your startup script.

    Bodhi, I was able to fix that other issue above. one of the php5 packages changed the way it referenced adobd and I failed to realize it.
    OK, so you fixed the adodb error by updating the path.

    The second error looks like a mysql problem. Did you set up the mysql database and edit /etc/snort/snort.conf ?

    Did you make a mysql user, "snort" ? Did you make a database ?

    Can you connect to mysql using snort ?

    Code:
    mysql -u snort -p
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #300
    Join Date
    Oct 2009
    Location
    Louisiana
    Beans
    120
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Intrusion Detection

    Woohoo! I figured it out. Bodhi, I did create a user named snort, and all of that. It seemed that importing the schemas was the problem. When you did that mysql command, I kept using my login password and not the mysql one. Now, I get snort is running successfully while whitelisting those two ip addresses.

Page 30 of 31 FirstFirst ... 2028293031 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •