Snorby Installation on Ubuntu 11.04

snorby is a ruby ​​application that is used to display / report the results of detection of intrusion detection software such as Snort, Sagan, and suricata. Snorby has an attractive appearance and layout, it is neat and easy to use, making snorby become one great option, beside anval, base, and the standard snortreport as snort reporting sotware to user. if you want to install snort, on a previous post i have written about the basic installation of Snort, which is one of the standard and widely IDS used.

Snorby is a ruby ​​application, because of that its installation process us a little bit new for me. Snorby installation tutorials have been written and published on the internet. It is also displayed on the main page of http://snorby.org, but the installation tutorials is not comprehensive enough. so if you are looking for the comprehensive one, you can go to snorby.org wiki pages. There is snorby installation in ubuntu without the use of RVM. The installation tutorial is complete enough to be followed if we want to install snorby on ubuntu machine.

snorby installation:

1. install dependencies
[php]

sudo apt-get install gcc g++ build-essential libssl-dev libreadline5-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt-dev libxml2-dev imagemagick libmysqlclient-dev libmagick9-dev git-core mysql-server wkhtmltopdf[/php]

2. download and install ruby
[php]

sudo wget ftp://ftp.ruby-lang.org//pub/ruby/1.9/ruby-1.9.2-p0.tar.gz
tar -xvzf ruby-1.9.2-p0.tar.gz
cd ruby-1.9.2-p0/
sudo ./configure –prefix=/usr/local/ruby && sudo make && sudo make install[/php]

3. add ruby ​​bin folder to the environment
[php]

sudo nano /etc/environment
PATH=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/ruby/bin”
source /etc/environment[/php]

4. add a symbolic link ruby ​​and gem
ln -s /usr/local/ruby/bin/ruby /usr/bin/ruby
ln -s /usr/local/ruby/bin/gem /usr/bin/gem

5. check ruby ​​version
ruby -v
if it displays “ruby 1.9.2p0″ means it’s appropriate to make sure the source has not gained true and correct symbolic link

6. gem install packages
[php]

sudo gem install tzinfo builder memcache-client rack rack-test erubis mail text-format bundler thor i18n sqlite3-ruby
sudo gem install rack-mount -v 0.4.0
sudo gem install rails -v 3.0.0[/php]

add a symbolic link to rails and rake
ln -s /usr/local/ruby​​/bin/rails /usr/bin/rails
ln -s /usr/local/ruby​​/bin/rake /usr/bin/rake

7. Installation snorby

download source via git snorby
git clone git://github.com/Snorby/snorby.git
or if it does not work try
git clone http://github.com/Snorby/snorby.git

if the clone or the download is completed there will be a new folder that contains the source snorby snorby, perform the database configuration
nano config/database.yml
fill in the username and password root

do configuration files snorby
nano config/snorby_config.yml

do email configuration
nano config/initializers/mail_config.rb

setup do
rake snorby:setup RAILS_ENV=production

do install jre if not installed or there is error “Jammit Warning: Asset compression disabled – Java unavailable”
sudo apt-get install default-jre-headless

do the installation / update rake if there is error “uninitialized constant Rake:: DSL”
sudo gem update rake

8. Start the application
rails server -e production
to check whether the application has started open

http://yourdomain.com:3000

log in with
user email: snorby@snorby.org
pass : snorby

this step by step intallation is obtained at:

https://github.com/Snorby/snorby/wiki/Ubuntu-1.9.2-without-RVM-by-Eric-Peters

with little change in command in step 7

this tutorials is already quite complete, but sometimes there are problems that arise, among others:

1. login error

user and log in if you are using a standard installation from source is snorby
user: snorby@snorby.org
password: snorby

it should display message when authentication success, but sometime when we enter the authentication we just get an error message logged. this error is probably caused by installing wrong software version.
solution
before running setup make sure all the software version is right
or
if you have verified you software version
run the setup once again

2. does not display any log

if we can log in to snorby and had to start snorby worker should be able to walk and began to display log-log packets captured by the interface snort. but an error in setting the database resulted in snorby not show any log, to make sure that the database settings correctly. snort/barnyard2 database settings and standards are as follows:

database name: snort
user: snort
password: yourpassword

whereas when we set up snorby, snorby will create a database snorby with user snorby. the solution can be done by replacing all the snort databases on the previous installation with the database snorby and replace all the usernames into snorby. or another solution can be done by simply replacing the database name alone, but coupled with providing grants to all users snort to the database snorby

mysql-u root-p
password:

grant all privileges on snorby .* to ‘snort’@’localhost’ identified by ‘yoursnortdatabasepassword’ with grant option;

steps above should be able to resolve installation issues snorby.

Tags

One thought on “Snorby Installation on Ubuntu 11.04

  1. Denis

    I have problem (((

    If I try

    rake snorby:setup

    or

    rake snorby:setup RAILS_ENV=production

    I have error

    rake aborted!
    You have already activated rake 0.9.2.2, but your Gemfile requires rake 0.9.2. Using bundle exec may solve this.

    (See full trace by running task with –trace)

    with –trace

    You have already activated rake 0.9.2.2, but your Gemfile requires rake 0.9.2. Using bundle exec may solve this.
    /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.1.4/lib/bundler/runtime.rb:31:in `block in setup’
    /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.1.4/lib/bundler/runtime.rb:17:in `setup’
    /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.1.4/lib/bundler.rb:107:in `setup’
    /var/www/snorby/config/boot.rb:8:in `’
    /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require’
    /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require’
    /var/www/snorby/config/application.rb:1:in `’
    /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require’
    /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require’
    /var/www/snorby/Rakefile:4:in `’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/rake_module.rb:25:in `load’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/rake_module.rb:25:in `load_rakefile’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:501:in `raw_load_rakefile’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:82:in `block in load_rakefile’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:81:in `load_rakefile’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:65:in `block in run’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:63:in `run’
    /usr/local/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/bin/rake:33:in `’
    /usr/local/bin/rake:23:in `load’
    /usr/local/bin/rake:23:in `’

     
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>