Snort mailing list archives
Snort installation script
From: "Nelson, Gregg" <Gregg.Nelson () CO RAMSEY MN US>
Date: Thu, 18 Mar 2004 14:09:31 -0600
It seems some sort of error occurred in the targz file I submitted which prevents extraction. I am including the script in its entirety..... Gregg Nelson Ramsey County -----------------File starts on next line ------------------------ #!/bin/bash set -vx #-------------------------------------------------------------------------- # # Snort-Install # ------------- # # Retrieve & install packages needed # to run Snort IDS with ACID on RedHat Linux 9.0. # # This work is derivative of other installation # procedures found on the www.snort.org site. # # In particular, much was borrowed from procedures # by Patrick S. Harper and Roman Danyliw. # # Author: # Gregg.Nelson () Co Ramsey MN US # 26-Oct-2003 #-------------------------------------------------------------------------- # # Variables # SnortPkgs=/SnortInstall/Packages SnortID="Snort-Install" ApacheDir=/usr/local/apache2 MySQLDir=/usr/local/mysql MySQLRootPswd= MySQLSnortPswd= # #-------------------------------------------------------------- # # Ask for required items. # echo "" echo The MySQL installation creates a MySQL root account echo with no password. To secure MySQL you must provide a echo new password for the MySQL root account. echo "" echo Once set, this password must be specified whenever echo the MySQL root account is used to access MySQL. echo "" echo Please enter a password for the MySQL root account. echo -n "MySQL root password: " # For now hard code this value MySQLRootPswd=mysqlrootpswd # read MySQLRootPswd echo "" echo Snort needs a MySQL account to be able to write to the echo MySQL Snort database. Username is "Snort". echo This account and password are also used by echo ACID when accessing the database. echo Please enter a password for the MySQL Snort account. echo -n "MySQL Snort password: " # for now hard code this value MySQLSnortPswd=mysqlsnortpswd # read MySQLSnortPswd # # # Package Description Functions # # >>>> Table information and format was borrowed from # >>>> Roman Danyliw's ACID installation procedure. # >>>> http://www.andrew.cmu.edu/~rdanyliw/snort/acid_config.html # --------------------------------------------------------------- # Only the "Package","Site","Path", & "Tarball" items are used by the # procedure. The rest are for documentation only. # # Package Package name. # Version Version number. # Description Description. # Reason Why package is needed. # Site Download site host name. # DirPath Download directory path. (should begin and end with "/") # Tarball Download package file. # Type Optional or (Required: assumed) declare -a PACKAGE VERSION DESCRIPTION REASON declare -a SITE DIRPATH TARBALL TYPE TOPDIR declare -i i=0 function Package { ((i++));PACKAGE[$i]=$(echo "$1" | tr [:upper:] [:lower:]) let ${PACKAGE[$i]}=$i; } function Version { :; } # descriptive only function Description { :; } # descriptive only function Reason { :; } # descriptive only function Site { SITE[$i]="$1"; } function Dirpath { DIRPATH[$i]="$1"; } function Tarball { TARBALL[$i]="$1"; } function Type { :; } # descriptive only #Array TOPDIR # Top-level directory where # # tar places package files # # # Required Software Components # ----------------------------- # # New versions of the components may be obtained and # installed by changing the Site, Path, or Tarball fields. # # Package MySQL Version 4.0.16 Description Open Source RDBMS to store events Reason Back-end database Site mysql.oregonstate.edu Dirpath /Downloads/MySQL-4.0/ Tarball mysql-standard-4.0.16-pc-linux-i686.tar.gz # Package LibPCap Version 0.7.2 Description Packet Capture Library Reason Used by Snort to promiscuously sniff packets. Site www.tcpdump.org Dirpath /release/ Tarball libpcap-0.7.2.tar.gz # Package Snort Version 2.0.4 Description Network Intrusion Detection System Reason Detects intrusion events Site www.snort.org Dirpath /dl/ Tarball snort-2.0.4.tar.gz # Package PHP Version 4.3.3 Description Web scripting language Reason Implementation language of ACID Site www.php.net Dirpath /distributions/ Tarball php-4.3.3.tar.gz # Package ACID Version 0.9.6b23 Description Analysis Console for Intrusion Databases Reason PHP-based analysis engine to process security events Site acidlab.sourceforge.net Dirpath / Tarball acid-0.9.6b23.tar.gz # Package Apache Server Version 2.0.48 Description HTTP server Reason Web server for ACID/PHP Site apache.oregonstate.edu Dirpath /httpd/ Tarball httpd-2.0.48.tar.gz # Package ADODB Version 4.01 Description PHP database abstraction library Reason Provides standard API between PHP and database Site phplens.com Dirpath /lens/dl/ Tarball adodb401.tgz # Package JPGraph Version 1.8+ Description Object-Oriented class library for PHP. [needs GD] Reason PHP4 graphing library Site members.chello.se Dirpath /jpgraph/jpgdownloads/ Tarball jpgraph-1.13.tar.gz Type optional # Package GD Version 2.0.15 Description Image manipulation library Reason Raw JPEG/PNG/GIF support for creating charts Site www.boutell.com Dirpath /gd/http/ Tarball gd-2.0.15.tar.gz # # The following are GD dependencies: # Package libpng Version 1.2.5 Description PNG library Reason PNG format support for GD Site umn.dl.sourceforge.net Dirpath /sourceforge/libpng/ Tarball libpng-1.2.5.tar.gz # Package libjpeg Version 6b Description JPEG library Reason JPEG format support for GD Site www.ijg.org Dirpath /files/ Tarball jpegsrc.v6b.tar.gz # Package zlib Version 1.1.4 Description compression library Reason Compression support for GD Site umn.dl.sourceforge.net Dirpath /sourceforge/libpng/ Tarball zlib-1.1.4.tar.gz # # # Notes: (from Roman Danyliw) #--------------------------------------------------------------------------- # # PHP must be compiled with MySQL or PostgreSQL support # (--with-mysql or --with-postgresql) # # If graphing functionality is desired, GD support must also be # compiled (--with-gd) and for native whois query support socket # functionality must be enabled (--enable-sockets) # #-------------------------------------------------------------------------- ############################################################################ # # # # Specify package installation order. # ----------------------------------- # declare -a ORDER declare -i i=0 function Order { ((i++)) # just in case somebody uses CAPS ORDER[$i]=$(echo $1 | tr [:upper:] [:lower:]);let $1=$i; } #------------------------------------------------ # The order in which packages appear below # determines the installation order. # # These names must match those in the PACKAGE # array and also the names in the case statement # in the installation script section. #------------------------------------------------ Order zlib Order libpng Order libjpeg Order gd Order mysql Order apache Order php Order libpcap Order snort Order jpgraph Order adodb Order acid ############################################################################ # # # # Download package files. # ----------------------- # j=${#PACKAGE[@]} if [ ! -e $SnortPkgs ]; then mkdir $SnortPkgs ; fi cd $SnortPkgs for((i=1;i<=$j;i++));do if [ -e ${TARBALL[$i]} ]; then continue; fi URL=http://${SITE[$i]}${DIRPATH[$i]}${TARBALL[$i]} wget $URL done ############################################################################ # # # # Decompress and Untar package files. # ----------------------------------- # j=${#PACKAGE[@]} cd $SnortPkgs for((i=1;i<=$j;i++));do # Extract directory name where tar places files. L1=$(tar -ztvf ${TARBALL[$i]} | head -n1) F6=$(echo $L1 | cut -f6 -d\ ) TOPDIR[$i]=$(echo $F6 | cut -f1 -d/) if [ ! -e ${TOPDIR[$i]} ];then tar -zxvf ${TARBALL[$i]};fi # rm ${TARBALL[$i]} # Uncomment to save space. # # However the packages will # # be downloaded each time this # # script is run. done ############################################################################ # # # # Install packages in correct order. # ---------------------------------- # let j=${#ORDER[@]} # OUTER loop processes for((i=1;i<=$j;i++));do # ORDER array in sequence. let k=${#PACKAGE[@]} let PKG=0 # search PACKAGE array for match for((l=1;l<=$k;l++));do # to get Package array index. if [ ${ORDER[$i]} = ${PACKAGE[$l]} ];then let PKG=$l;break;fi;done if [ $PKG -eq 0 ] then echo "PACKAGE entry for ${ORDER[$i]} missing.";continue;fi # # Set up variables for all scripts # echo "!?!? Beginnning installation of ${PACKAGE[$PKG]}." PKGDIR=${TOPDIR[$PKG]} # after unzip, untar PKGPATH=$SnortPkgs/$PKGDIR cd $PKGPATH # # # Installation scripts. # --------------------- # Order is not important here. # The outer loop determines the order in which packages are # installed by processing the ORDER array in sequence. # case ${PACKAGE[$PKG]} in # # zlib ) ./configure; make test; make install ;; # # libjpeg ) ./configure; make install-lib ;; # # libpng ) make -f scripts/makefile.linux test make -f scripts/makefile.linux install ;; # # gd ) ./configure --with-jpeg=/usr/local/bin; make; make install ;; # # mysql ) # Kill any mysqld processes left hanging around for pid in $(ps -A|grep mysqld|cut -c1-5);do kill -9 $pid;done if [ -e $MySQLDir ]; then rm -R $MySQLDir;fi groupadd mysql useradd -g mysql mysql mv ../$PKGDIR $MySQLDir ln -s $MySQLDir mysql cd mysql scripts/mysql_install_db chown -R root $MySQLDir chgrp -R mysql $MySQLDir chown -R mysql $MySQLDir/data cp support-files/my-medium.cnf /etc/my.cnf if [ $(grep "$SnortID" /etc/ld.so.conf | wc -l) = 0 ]; then echo "# Lines added by $SnortID $(date %c)" \ >> /etc/ld.so.conf echo $MySQLDir/lib/mysql >> /etc/ld.so.conf echo /usr/local/lib >> /etc/ld.so.conf echo "# End Snort mods." >> /etc/ld.so.conf ldconfig -v fi $MySQLDir/bin/mysqld_safe --user=mysql & sleep 3 # Allow 3 seconds for MySQL daemon to initialize. if [ $(ps -A | grep mysqld | wc -l) = 0 ] then echo " !!! WARNING !!! MySQL did not start.";fi # # The mysql_install_db script creates the "mysql" database # and "user" table shown below: # # Database=mysql, Table=user # # Host User Password # ----------- ----- -------- # localhost root -none- # -hostname- root -none- # localhost -none- -none- # -hostname- -none- -none- # # To see this table execute this command after the install: # # mysql -e "use mysql;select * from user" # # Note: -hostname- is this host's name as returned by the # "hostname" utility. This name is generally an unqualified # name meaning no domain name is appended. # # This implies the following initial access to mysql: # User Access # ------------------------- --------------------------------- # root on localhost allowed, if no password specified # "root@-hostname-" allowed, if no password specified # any on localhost allowed, if no user or password specified # any on -hostname- allowed, if no user or password specified # cd $MySQLDir PATH=$PATH:"/usr/local/mysql/bin" if [ -e /etc/init.d/mysql ]; then rm /etc/init.d/mysql;fi cp support-files/mysql.server /etc/init.d/mysql cd /etc/init.d chmod 755 mysql if [ -e /etc/rc3.d/S85mysql ]; then rm /etc/rc3.d/S85mysql;fi if [ -e /etc/rc3.d/K85mysql ]; then rm /etc/rc3.d/K85mysql;fi if [ -e /etc/rc5.d/S85mysql ]; then rm /etc/rc5.d/S85mysql;fi if [ -e /etc/rc5.d/K85mysql ]; then rm /etc/rc5.d/K85mysql;fi cd /etc/rc3.d ln -s ../init.d/mysql S85mysql ln -s ../init.d/mysql K85mysql cd /etc/rc5.d ln -s ../init.d/mysql S85mysql ln -s ../init.d/mysql K85mysql ;; # # apache ) # Kill any httpd processes left hanging around for pid in $(ps -A|grep httpd|cut -c1-5);do kill -9 $pid;done if [ -e $ApacheDir ]; then rm -R $ApacheDir;fi # # A bug in recent versions of Apache installation scripts # precludes using "--prefix=/www" as suggested # by Patrick S. Harper. This occurs in versions # 2.0.47 & 2.0.48 and perhaps others. G.L.Nelson, 10-Nov-2003. # ./configure --enable-so; make ; make install if [ -e /etc/init.d/httpd ]; then rm /etc/init.d/httpd;fi cp $ApacheDir/bin/apachectl /etc/init.d/httpd cd /etc/init.d chmod 755 httpd if [ -e /etc/rc3.d/S85httpd ]; then rm /etc/rc3.d/S85httpd;fi if [ -e /etc/rc3.d/K85httpd ]; then rm /etc/rc3.d/K85httpd;fi if [ -e /etc/rc5.d/S85httpd ]; then rm /etc/rc5.d/S85httpd;fi if [ -e /etc/rc5.d/K85httpd ]; then rm /etc/rc5.d/K85httpd;fi cd /etc/rc3.d ln -s ../init.d/httpd S85httpd ln -s ../init.d/httpd K85httpd cd /etc/rc5.d ln -s ../init.d/httpd S85httpd ln -s ../init.d/httpd K85httpd # # Apache is started after PHP is installed. # ;; # # libpcap ) ./configure; make; make install ;; # # snort ) groupadd snort useradd -g snort snort if [ ! -d /etc/snort ] ; then mkdir /etc/snort ;fi if [ ! -d /var/log/snort ]; then mkdir /var/log/snort ;fi ./configure --with-mysql=/usr/local/mysql; make ; make install cp $PKGPATH/rules/* /etc/snort/ cp $PKGPATH/etc/snort.conf /etc/snort/snort.conf cp $PKGPATH/etc/*.config /etc/snort/ # # Modify Snort.conf file. # if [ $(grep "$SnortID" /etc/snort/snort.conf | wc -l) = 0 ]; then mv /etc/snort/snort.conf /etc/snort/snort.conf-snort cat >snortsed <<SNORTEOF1 /^#.*var.*HOME_NET.*10/a\ # Added by $SnortID $(date +%c)\ var HOME_NET any /^var.*RULE_PATH.*rules/s%../rules%/etc/snort% /^# output database: log, mssql/a\ output database: log, mysql, host=localhost dbname=snort user=snort password=$MySQLSnortPswd SNORTEOF1 sed -f snortsed /etc/snort/snort.conf-snort >/etc/snort/snort.conf rm snortsed fi # # Create the Snort MySQL database and # then set account passwords. These tasks # are performed in this order to # simplify the directives. # mysql -u root -e "create database snort" mysqlrt="mysql -u root mysql -e" mysqlpw="mysql -u root -p$MySQLRootPswd mysql -e" $mysqlrt "grant create,insert,select,delete,update on snort.* to snort" $mysqlrt \ "grant create,insert,select,delete,update on snort.* to snort@localhost" $mysqlrt "set password for snort=PASSWORD('$MySQLSnortPswd')" $mysqlrt "set password for snort@localhost=PASSWORD('$MySQLSnortPswd')" $mysqlrt "set password for root=PASSWORD('$MySQLRootPswd')" $mysqlpw "set password for root@localhost=PASSWORD('$MySQLRootPswd')" mysql -u root -p$MySQLRootPswd snort <$PKGPATH/contrib/create_mysql # testing mysqlsn="mysql -u root -p$MySQLRootPswd snort -e" $mysqlsn "show tables" $mysqlsn "describe iphdr" zcat $PKGPATH/contrib/snortdb-extra.gz \ | mysql -u snort -p$MySQLSnortPswd snort cd $PKGPATH # # Modify Snort startup file. # if [ $(grep "$SnortID" contrib/S99snort | wc -l) = 0 ]; then mv contrib/S99snort contrib/S99snort-snort cat >snortsed <<SNORTEOF2 /^CONFIG=/d i\ # Added by $SnortID $(date +%c)\ CONFIG=/etc/snort/snort.conf /SNORT_GID/d i\ # Added by $SnortID $(date +%c)\ SNORT_GID=snort SNORTEOF2 sed -f snortsed contrib/S99snort-snort >contrib/S99snort rm snortsed fi if [ ! -e /etc/init.d/snort ]; then cp $PKGPATH/contrib/S99snort /etc/init.d/snort cd /etc/init.d chmod 755 snort cd /etc/rc3.d ls -s ../init.d/snort S99snort ls -s ../init.d/snort K99snort cd /etc/rc5.d ls -s ../init.d/snort S99snort ls -s ../init.d/snort K99snort fi ;; # # jpgraph ) if [ -e $ApacheDir/htdocs/$PKGDIR ]; then rm -R $ApacheDir/htdocs/$PKGDIR; fi mv ../$PKGDIR $ApacheDir/htdocs cd $ApacheDir/htdocs/$PKGDIR if [ -e README ]; then rm -rf README ; fi if [ -e QPL.txt ]; then rm -rf QPL.txt; fi ;; # # adodb ) if [ -e $ApacheDir/htdocs/$PKGDIR ]; then rm -R $ApacheDir/htdocs/$PKGDIR; fi mv ../$PKGDIR $ApacheDir/htdocs/ ;; # # acid ) if [ -e $ApacheDir/htdocs/$PKGDIR ]; then rm -R $ApacheDir/htdocs/$PKGDIR; fi mv ../$PKGDIR $ApacheDir/htdocs/ cd $ApacheDir/htdocs/$PKGDIR # # Modify the acid_conf.php file. # if [ $(grep "$SnortID" acid_conf.php | wc -l) = 0 ]; then mv acid_conf.php acid_conf.tmp CHARTLIB=${TOPDIR[$jpgraph]} cat >acidsed <<ACIDEOF 4i\ /* Modified by $SnortID $(date +%c) */ /^\$DBlib_path/c\ \$DBlib_path = "$ApacheDir/htdocs/adodb"; /^\$alert_dbname/c\ \$alert_dbname = "snort"; /^\$alert_user/c\ \$alert_user = "snort"; /^\$alert_password/c\ \$alert_password = "$MySQLSnortPswd"; /^\$archive_dbname/c\ \$archive_dbname = "snort"; /^\$archive_user/c\ \$archive_user = "snort"; /^\$archive_password/c\ \$archive_password = "$MySQLSnortPswd"; /^\$ChartLib_path/c\ \$ChartLib_path = "$ApacheDir/htdocs/$CHARTLIB/src"; ACIDEOF sed -f acidsed acid_conf.tmp > acid_conf.php rm acidsed fi ;; # # php ) ./configure --prefix=$ApacheDir/php \ --with-apxs2=$ApacheDir/bin/apxs \ --with-conf-file-path=$ApacheDir/php \ --enable-sockets \ --with-mysql=$MySQLDir \ --with-zlib-dir=/usr/local \ --with-gd make; make install cp php.ini-dist $ApacheDir/php/php.ini # # Modify the httpd.conf file. # if [ $(grep "$SnortID" $ApacheDir/conf/httpd.conf | wc -l) = 0 ]; then mv $ApacheDir/conf/httpd.conf $ApacheDir/conf/httpd.conf-snort cat >httpsed <<HTTPEOF /^#.*LoadModule.*foo_module/a\ # Added by $SnortID $(date +%c)\ LoadModule php4_module modules/libphp4.so /^AddType application.*tgz/a\ AddType application/x-httpd-php .php /^DirectoryIndex.*index\.htm/s% index.htm% index.php index.htm% HTTPEOF sed -f httpsed $ApacheDir/conf/httpd.conf-snort \ >$ApacheDir/conf/httpd.conf rm httpsed fi # # Start Apache # $ApacheDir/bin/apachectl start if [ $(ps -A|grep httpd|wc -l) = 0 ] then echo " !!! WARNING !!! Apache did not start.";fi ;; # # * ) echo This case undefined. ;; esac done exit ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort installation script Nelson, Gregg (Mar 18)