Introduction
Snorby is a Ruby on Rails based frontend for IDS such as snort.
This tutorial explains how to install Snorby 2.3.10 from sources on a Ubuntu 11.10 (32bit) Linux Box
Snorby Requirements
* Ruby >= 1.9.2
* Rails >= 3.0.0
* ImageMagick >= 6.6.4-5
Install dependencies / prerequisites for Snorby
1) Fresh Installation of Ubuntu 11.10 with OpenSSH e LAMP(both apache2 and mysql) packages;
2) Make sure your system is up to date :
apt-get update && apt-get upgrade
3) Install some prerequisites available from the packages:
apt-get install git-core default-jre
4) Reboot the Server
reboot
5) Install required packages:
apt-get install imagemagick libmagickwand-dev wkhtmltopdf
apt-get install gcc g++ build-essential libssl-dev libreadline-gplv2-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt1-dev libxml2-dev libmysqlclient-dev libmysql++-dev
RUBY and RAILS
Download and install Ruby (1.9.2):
cd /usr/local/src/
wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.2-p290.tar.gz
tar xvzf ruby-1.9.2-p290.tar.gz
ln -s ruby-1.9.2-p290 ruby
rm -rf ruby-1.9.2-p290.tar.gz
chown root:root -R ruby-1.9.2-p290/
cd ruby/
./configure
make
make install
cd /usr/local/src/ruby/ext/openssl
ruby extconf.rb
make && make install
Run "ruby – v" and verify that it returns the correct version :
cd /usr/local/src/ruby && ruby -v
ruby 1.9.2p290 (2011-07-09 revision 32553) [i686-linux]
OK!!!!
GEMS
Install dependencies (including Rails) with gem:
cd /usr/local/src/ruby
gem install thor i18n bundler tzinfo builder memcache-client rack rack-test erubis mail text-format sqlite3
gem install rack-mount
gem install rails
gem install rake
Run "rails – v" and verify that it returns the correct version :
rails -v
Rails 3.1.1
OK!!!!
Install rubygems:
gem install rubygems-update
Edit and change data format field (line 9) from "2011-09-18 00:00:00.000000000Z" to "2011-09-18" in these 2 files:
- /usr/local/lib/ruby/gems/1.9.1/specifications/json-1.6.1.gemspec
- /usr/local/lib/ruby/gems/1.9.1/specifications/tilt-1.3.3.gemspec
Update rubygems:
update_rubygems
Installation of Snorby
bundle install
Download snorby source files:
cd /var/www/
git clone http://github.com/Snorby/snorby.git
Then edit database information and change the password to access your mysql server:
vi /var/www/snorby/config/database.yml
Edit the snorby configuration file: /var/www/snorby/config/snorby_config.yml and change the path of the wkhtmktopdf script:
sed -i s/"\/usr\/local\/bin\/wkhtmltopdf"/"\/usr\/bin\/wkhtmltopdf"/g /var/www/snorby/config/snorby_config.yml
If needed, change the production configuration for your environment (Domain Name and mail sender options).
Install all required dependencies as specified in Gemfile:
bundle install --deployment
Then install Snorby by issuing:
rake snorby:setup
Installation of PASSENGER
Install following dependencies:
apt-get install apache2-prefork-dev libcurl4-openssl-dev
chown www-data:www-data /var/www/snorby -R
Install passenger module for apache2
gem install passenger
passenger-install-apache2-module
Add these lines at the end of the file /etc/apache2/apache2.conf:
Edit Apache configuration file, and add these lines:
LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.9/ext/apache2/mod_passenger.so PassengerRoot /usr/local/lib/ruby/gems/1.9.1/passenger-3.0.9 PassengerRuby /usr/local/bin/ruby
Integrate Snorby with Apache
We want the snorby frontend to be reachable using virtualhost supersic-58.darkstar.ros :
Create a file "supersic-58" under /etc/apache2/sites-available :
# vi /etc/apache2/sites-available/supersic-58
And modify it as follows:
<VirtualHost *:80>
ServerAdmin amrossi@darkstar.ros
ServerName supersic-5b.darkstar.ros
DocumentRoot /var/www/snorby/public
<Directory "/var/www/snorby/public">
AllowOverride all
Order deny,allow
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
Enable the new web site:
# ln -s /etc/apache2/sites-available/supersic-58 /etc/apache2/sites-enabled/supersic-58
Apply changes by restarting Apache:
# /etc/init.d/apache2 restart
ENJOY!!!!
