Setting up Snort & BASE (Basic Analysis and Security Engine)
Introduction
Snort is what we call an IDS (Intrusion Detection System) and more specifically a passive NIDS (Network Intrusion Detection System). It can therefore detect who is trying to compromise your system.
Currently it’s not perfect, but it’s still less expensive than some IPS (Intrusion Prevention System). Snort coupled with BASE provides real convenience for intrusion detection.
Installation and configuration
Documentation on installing and configuring Base and Snort
Using Debian packages
For my part, I only followed a small portion since I used Debian packages directly (advantage of automatic updates). For those who want to take the same route:
|
|
Explanations for beginners:
- Snort is the tool that will listen in promiscuous mode on one or more of your network cards and thus detect potential intrusion attempts
- BASE/AcidBase is the one that will read the results of Snort recorded in the SQL database (or other)
It’s mentioned in the documentation, but for people like me who prefer to read between the lines, here’s the command to test your snort configuration:
|
|
FAQ
BASE: Database ERROR: Table ‘snort.iphdr’ doesn’t exist
If you encounter this problem after an update or reinstallation, you just need to reimport an SQL file. Better practice than long explanations:
|
|
That’s it! So it wasn’t really a big deal, and BASE is running again :-)
Resources
Last updated 10 Feb 2008, 10:43 +0200.