Snort and Basic Anaylsis and Security Engine 1.4.4 help!

[Theory5]

These programs have been one headache after another, I couldnt install them correctly in synaptic so I did it manually with the latest versions BASE-1.4.4 and the latest snort. I followed the PDF for installing snort 2.8.4.1 and I just changed that to snort 2.8.5 whenever the program name was needed. But after I went on my browser and setup BASE, I removed the setup directory like it says (its in the trash so i can retreive it) and now I don't know what to do! was that it for the browser part? How do I check the databases now?

by the way I am talking about the Basic Analysis and Security Engine.

Browse BASE Files on SourceForge.net

[Qfwfq]

I couldnt install them correctly in synaptic so I did it manually

Isn't that blasphemous?

 

I'm on the verge of chucking ubuntu out the window, in the sense that it seems even worse than Windoze (!!!!!!) only that with the Linux installation that Acer sells this book with firefox was behaving even worse. However, I'm beginning to hate this APT thing especially as it won't work right, with the proxy on the wifi net I'm using.

 

Well I don't know the software you're mentioning but I think I've got a lot of cursing and swearing to go through before I get the Eclipse products running, which are the main reason I bought this darn thing. Might be better to use another Linux but I'd like to be sure before razing and installing from scratch.

[Theory5]

Oops double post, plz delete this one

[Theory5]

Have you looked at documentation on the eclipse site? Usually somebody has written how to install them manually through the CLI or deb packages. That was easy enough for me but now the setup is giving me all sorts of trouble. I like synaptic, but i hate how I have to add third party sources for it to update certain programs like Open Office.

 

I do like Ubuntu cause its soo easy to change stuff. In windows you have a built in wireless manager unless your OEM gives you another one, and you still cant get rid of the one bulit in. With Linux and ubuntu, everything is pretty much swappable, even the GUI.

[freeztar]

Theory5:

Intrusion Detection: Snort, Base, MySQL, And Apache2 On Ubuntu 7.10 (Gutsy Gibbon) | HowtoForge - Linux Howtos and Tutorials

 

Note: This is for 7.10, but it may work for whatever version you are running.

 

Q:

Eclipse in Ubuntu howto

 

Btw, what version of Ubuntu are you both running? A lot of my frustrations with Ubuntu went away after the upgrade to 9.04.

[Qfwfq]

A lot of my frustrations came with ubuntu 9.04 :) It was the shop that installed it in lieu of Linpus which Acer supplied. It did not completely solve the troubles.

 

Anyway I've managed to run the Eclipse stuff I had downloaded and also I found APT works after I ran "apt-get update" on a connection with no proxy. I managed to install Opera with APT, it has it's pros and cons but I can use my bank's website with it despite this darn proxy. One annoyance with Opera is that it seems to ignore the target attribute, always making a new tab and I can't find a setting that fixes this.

 

Thanks anyway Freeztar, but Eclipse was no problem once I got APT to install Java, I had feared a lot worse, and trouble with applets might be due to the stupid proxy. I'll be trying the different Eclipse versions (including the modelling one with UML) where I just extracted them, before deciding on an actual installation. Couldn't do that with Opera cuz its scripting has some absolute paths in it, dem dumb folks! :doh:

 

With Linux and ubuntu, everything is pretty much swappable, even the GUI.

It isn't Linux I'm railing against, just that I'd like a better one. In fact I've got the impression ubuntu is much less configurable than other Linux versions and all these specific instructions for ubuntu just go to show. Damn nuissance that you can't log into the GUI as root, you can only use sudo. :hihi:

 

I don't like it. I'm wondering if Red Hat or something would be better. :phones:

[Theory5]

It isn't Linux I'm railing against, just that I'd like a better one. In fact I've got the impression ubuntu is much less configurable than other Linux versions and all these specific instructions for ubuntu just go to show. Damn nuissance that you can't log into the GUI as root, you can only use sudo. :)

 

Quit hijacking this thread :-P

 

anyways, you can log into the CLI as root. I have a root CLI and a regular terminal CLI in my applications menu, I think you can add it by right clicking on the menu and clicking edit menu's.

This is just for security purposes, Ubuntu is supposed to have more security features, I think so the newer users dont leave themselves open to attack.

BTW I am running 9.04, I want to use 9.10 but i dont want to have to screw with the beta during class if it messes up.

 

Well freetar, I need somebody to help me with the setup of B.A.S.E, cause I have some specific questions. I will browse that though, thanks.

[freeztar]

Well freetar, I need somebody to help me with the setup of B.A.S.E, cause I have some specific questions. I will browse that though, thanks.

Well, I wish I could help more, but I've never set it up before. Though, I'd like to, for fun and practicality. So, if you start working through it, post your process and results so (at least) I can follow along and jump in when I get up to speed. :)

 

A lot of my frustrations came with ubuntu 9.04 :hihi: It was the shop that installed it in lieu of Linpus which Acer supplied. It did not completely solve the troubles.

 

Ah yes, version upgrades are always a "close your eyes and push enter" type event. I hope to one day get past this by compiling my own kernel and selectively upgrading, but for now, I just trust the good dev folks and hope to Zeus that everything doesn't get snuffed. For example, when I upgraded to 9.04, my wireless and video problems were gone, finally. Of course, now my headphone jack doesn't work anymore. :hihi:

 

Anyway I've managed to run the Eclipse stuff I had downloaded and also I found APT works after I ran "apt-get update" on a connection with no proxy. I managed to install Opera with APT, it has it's pros and cons but I can use my bank's website with it despite this darn proxy. One annoyance with Opera is that it seems to ignore the target attribute, always making a new tab and I can't find a setting that fixes this.

Ok, I'm curious, why is this proxy set up?

 

Thanks anyway Freeztar, but Eclipse was no problem once I got APT to install Java, I had feared a lot worse, and trouble with applets might be due to the stupid proxy. I'll be trying the different Eclipse versions (including the modelling one with UML) where I just extracted them, before deciding on an actual installation. Couldn't do that with Opera cuz its scripting has some absolute paths in it, dem dumb folks! :doh:

Another curiousity. I'm assuming you tried FF first and it didn't work?

 

It isn't Linux I'm railing against, just that I'd like a better one. In fact I've got the impression ubuntu is much less configurable than other Linux versions and all these specific instructions for ubuntu just go to show.

 

Ubuntu is based on Debian and should be just as configurable, AFAIK.

If you're feeling brave, you might give slackware a try. I found it refreshing, but have abandoned it for now partly due to laziness and partly due to incompetentness. ;)

 

Damn nuissance that you can't log into the GUI as root, you can only use sudo. :rant:

 

You *can*, but it is highly *not recommended* by those in the know. I'd recommend getting comfortable with sudo and Ubuntu before trying to login as root or even run everything under root.

 

That said, check here:

http://help.ubuntu.com/community/RootSudo

and here

Root login via GUI [Archive] - Ubuntu Forums

 

You might find the "drag and drop" method useful.

I don't like it. I'm wondering if Red Hat or something would be better. :phones:

 

No harm in trying different distros. Just use gparted to partition everything neatly and be able to keep your Ubuntu install intact.

[Qfwfq]

Well I've been using sudo at the command line (is that what Th means by the CLI?) and also su sometimes, I even set root's password once I had figured it out, but it's still a damn nuissance. Thanks for that link Freez, I saved it after a quick look, it might show a road for improvement. You see, although I've had some experience using Unix and Linux systems I'm still an essentially Windoze nerd so since getting this thing and having ubuntu on it I've been needing to be able to configure things by navigating the GUI rather than by knowing all the command line tricks. Matter of habit, old dog and new tricks type o'thing.:phones:

[alexander]

Pshht, Q, all you need to do in ubu to run as root is call sudo su, type in your user password, and you are now working as root :hihi:

 

as for snort and other stuff here

 

Why did snort from apt fail? i have seen packages fail due to unresolved dependencies, but knowing how popular snort is, i would doubt that ubu guys could get away with snort being broken in apt, so a question comes up, why did it not install in ubuntu in the first place... I just installed snort on this workstation and had no problems...

 

Secondly, what are your problems with installing base? As far as i can see it's just a php-based tool, which means you need to have apache and php running and working together to use this tool, not sure if you need the database, but it doesnt seem all too trivial at all to set this all up, be it on ubu or any other distro. None of this interacts with hardware, so i don't see where one could have a problem, other then not knowing how to configure something, but then that's what the documentation and tutorials are for :dog:

 

What issues exactly are you having with these packages? ( absolute paths can be followed by every browser)

 

Also, freezy, slacks, really, for someone who has difficulty installing snort and base on ubu...?

[Qfwfq]

Pshht, Q, all you need to do in ubu to run as root is call sudo su, type in your user password, and you are now working as root :hihi:

But I've been doing that kind of thing at the command line, it's just simpler if you can use the GUI as root as well, like in a real linux. Don't take me for the kind of guy that would always be logging in as root....

 

As for:

Why did snort from apt fail?

I suggested upstream to try doing apt-get update, mine worked ok after I was able to to it.

[alexander]

lol you gotta remember that for gui i use xfce... and i rarely use menus :hihi:

[Qfwfq]

Well I'm not sure I'll be trying it quite today even though I've been quite irked by heaviness here to, another thing I'm finding almost as bad as in Windoze (specially with firefox)

 

and i rarely use menus :hyper:

Now next you'll be telling us you surf the web and post on Hypography with a command line browser! No! Wait! You use telnet! Even I've done it for the laugh, type in the request, with its headers and perhaps body, then hit return twice in a row and see the headers and HTML the server throws you back. You, of course, scan through the HTML and just see the graphic page in your head. :phones:

[alexander]

i have browsed hypo with lynx before, but i often have to use a non-graphical browser on the servers to find/download something...

 

btw, i hate telnet (the protocol), its so old, wrong, and never been fixed...

[Theory5]

Pshht, Q, all you need to do in ubu to run as root is call sudo su, type in your user password, and you are now working as root :P

 

as for snort and other stuff here

 

Why did snort from apt fail? i have seen packages fail due to unresolved dependencies, but knowing how popular snort is, i would doubt that ubu guys could get away with snort being broken in apt, so a question comes up, why did it not install in ubuntu in the first place... I just installed snort on this workstation and had no problems...

 

Secondly, what are your problems with installing base? As far as i can see it's just a php-based tool, which means you need to have apache and php running and working together to use this tool, not sure if you need the database, but it doesnt seem all too trivial at all to set this all up, be it on ubu or any other distro. None of this interacts with hardware, so i don't see where one could have a problem, other then not knowing how to configure something, but then that's what the documentation and tutorials are for ;)

 

What issues exactly are you having with these packages? ( absolute paths can be followed by every browser)

 

Also, freezy, slacks, really, for someone who has difficulty installing snort and base on ubu...?

 

Yea I am having trouble with the base setup, not installation. at one point after installing base and configuring it, it says you can delete the setup directory in the base folder, but when I do that, I cant access base and when I put it back, it goes back to the setup.

 

And is there a synaptic log or something? synaptic gave my specific errors but I couldnt cut and past them, and I couldn't find a log.

And synaptic does not have the latest version of Snort, and i couldn't find a package source anywhere.

 

When i do update synaptic, I get a few errors, but that was only from other third party package sources for open office.

The database is supposed to provide easier access to snort, I couldnt find anything about a Snort GUI.

 

What do you use to manage snort Alexander?

[freeztar]

I tried setting this all up to see if I could help, but something messed up with mysql and I'm getting the following message when trying to start it.

 

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'

 

I'm not sure what that means or how to fix it.

 

Sorry...I tried. :P

[alexander]

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'

uh, well, you might want to :

install mysql server

make sure mysql server is started

and make sure whatever it is that is trowing this error, has all the proper credentials to connect to mysql :evil:

 

Theory, usually i use emacs to manage the configuration, and usually ACID for analysis...