[Snort-users] Base setup

Carl Huth carlhuth at gmail.com
Tue Aug 28 12:49:44 EDT 2018


In Ubuntu, you can check the mods that are enabled by using :
ls /etc/apache2/mods-enabled
or /etc/apache2/mods-available if you want to see which ones are available.

Your PHP settings are in /etc/php/5.6/apache2/php.ini

service apache2 reload should be enough for the module to load but you may
need to do a full restart,s*ervice apache2 restart*


It should just work for you at this point.  The instructions I had read
from the snort site, do say to install apache using apt-get and a ppa for
the PHP 5.6, but in case you are missing any dependencies:

https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/122/original/Snort_2.9.9.x_on_Ubuntu_14-16.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20180828%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180828T163354Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=a00e58932244b7289e87399a70de3a12aca5df094c547ed0072b5aae64dda400


You should make sure that your adodb libraries are built and installed
properly btw. :)

Now edit the config file: sudo vi /var/www/html/base/base_conf.php with the
following settings (*note that the trailing slash on line 80 is required,
despite the instructions in the configuration file*):
$BASE_urlpath = '/base'; # line 50
$DBlib_path = '/var/adodb/'; #line 80
$alert_dbname = 'snort'; # line 102
$alert_host = 'localhost';
$alert_port = '';
$alert_user = 'snort';
$alert_password = 'MySqlSNORTpassword'; # line 106


On Tue, Aug 28, 2018 at 12:41 PM Ryan via Snort-users <
snort-users at lists.snort.org> wrote:

> Here are my build notes for PHP5....this is what you probably
> missed...because I missed it too. :)
>
> a2enmod php5.6
>
>
> # Notes
> # Download ADODB
>
> https://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-520-for-php5/adodb-5.20.13.zip
>
> # Install ADODB per directions (google)
> adodb-5.20.13.zip
>
> # Install PHP5
> apt-get install ca-certificates apt-transport-https
> wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
> echo "deb https://packages.sury.org/php/ stretch main" | sudo tee
> /etc/apt/sources.list.d/php.list
>
> apt-get update
> apt-get install php5.6
> apt-get install php5.6-cli php5.6-common php5.6-curl php5.6-mbstring
> php5.6-mysql php5.6-xml
> apt-get install libapache2-mod-php5.6 php5.6-mysql php5.6-common php5.6-gd
> php5.6-cli php-pear
>
> pear install -f Image_Graph
>
> service apache2 reload
>
> a2dismod php7.0
>
> a2enmod php5.6
>
> systemctl restart apache2
>
>
> -Ryan
>
>
>
>
>
> On Tue, Aug 28, 2018 at 8:58 AM Eric Albert <ealbert at wilsons.ca> wrote:
>
>> Took a bit more than I thought, but a php -v shows that it's running
>> php5.6.32.  Still can't get on the base site though, not sure what else it
>> could be.  I can get on the apache site no problem, just the base link
>> doesn't want to work.
>>
>>
>>
>> *Eric Albert **Network & Infrastructure Specialist*
>>
>> *902-237-7889 | help at wilsons.ca  <help at wilsons.ca>*
>>
>> On Tue, Aug 28, 2018 at 11:43 AM, Ryan <ryan95842 at gmail.com> wrote:
>>
>>> Hi Eric,
>>>
>>> I just completed this build on Debian 9 a couple of weeks ago and had to
>>> install PHP 5.6 for BASE to work. It was an easy install. Set the preferred
>>> PHP to use version 5 (or unistall 7) and BASE worked perfectly.
>>>
>>> -Ryan
>>>
>>>
>>>
>>> On Tue, Aug 28, 2018 at 4:27 AM Eric Albert <ealbert at wilsons.ca> wrote:
>>>
>>>> So I installed PHP, but I think the problem is that base is supposed to
>>>> use PHP5, and PHP7 is installed because 16.04 uses it by default.  It did
>>>> say in the docs to install the proper PPA to get around it, but I don't
>>>> think it works.  I can get to the apache page, but as soon as I try to go
>>>> to base_main.php the page cannot be found.  I made the changes that the doc
>>>> said to make in the base_conf.php, is there some other change to some
>>>> config file that needs to be done so that apache knows where to go when
>>>> that page is requested?
>>>>
>>>>
>>>>
>>>> *Eric Albert **Network & Infrastructure Specialist*
>>>>
>>>> *902-237-7889 | help at wilsons.ca  <help at wilsons.ca>*
>>>>
>>>> On Mon, Aug 27, 2018 at 3:57 PM, Eric Albert <ealbert at wilsons.ca>
>>>> wrote:
>>>>
>>>>> Right, the docs didn't say to install apache and I had to do that, but
>>>>> I didn't think about PHP support, I'll give it a go
>>>>>
>>>>> Thx
>>>>>
>>>>>
>>>>>
>>>>> *Eric Albert **Network & Infrastructure Specialist*
>>>>>
>>>>> *902-237-7889 | help at wilsons.ca  <help at wilsons.ca>*
>>>>>
>>>>> On Mon, Aug 27, 2018 at 3:53 PM, Jason Gates <
>>>>> jason.gates at longmontcolorado.gov> wrote:
>>>>>
>>>>>> Probably missing PHP support on your webserver. Don’t forget to
>>>>>> restart your webserver if you did install PHP.
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Jason Gates
>>>>>>
>>>>>> Security Analyst
>>>>>>
>>>>>> Enterprise Technology Services
>>>>>>
>>>>>> City of Longmont
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Snort-users <snort-users-bounces at lists.snort.org> *On Behalf
>>>>>> Of *Eric Albert
>>>>>> *Sent:* Monday, August 27, 2018 12:40 PM
>>>>>> *To:* snort-users at lists.snort.org
>>>>>> *Subject:* [Snort-users] Base setup
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'm playing around with snort for the first time and I followed the
>>>>>> doc to install on ubuntu with no problem except this last part.  I'm
>>>>>> getting the attached when I try to finish the web install, and I'm not sure
>>>>>> where I went wrong.  Has anyone had this particular issue?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Eric Albert  **Network & Infrastructure Specialist*
>>>>>>
>>>>>> *902-237-7889 | help at wilsons.ca  <help at wilsons.ca>*
>>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.snort.org
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.snort.org/mailman/listinfo/snort-users
>>>>
>>>>         To unsubscribe, send an email to:
>>>>         snort-users-leave at lists.snort.org
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>> Please follow these rules:
>>>> https://snort.org/faq/what-is-the-mailing-list-etiquette
>>>>
>>>
>> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
>         To unsubscribe, send an email to:
>         snort-users-leave at lists.snort.org
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180828/900bc818/attachment.html>


More information about the Snort-users mailing list