SnortSMS Quick Installation Guide

 

 

  1. System Requirements

  2. Installing the SnortSMS Website

    1. Extract the SnortSMS archive files to a preferred web-root location.
    2. Insure that the subdirectory "conf/" and the file "conf/conf.php" are read/writeable by the webserver (www).
      # chown :www conf/ conf/conf.php
      # chmod 775 conf/
      # chmod 664 conf/conf.php
    3. PHP configuration might need some tweaking. Adjust a few settings in your 'php.ini' file:
      max_execution_time = 120
      max_input_time = 120
      memory_limit = 100M 
      post_max_size = 20M
      upload_max_filesize = 20M
      include_path = ".:/usr/local/share/pear"
    4. SnortSMS needs a temporary place to write file. Remember this location for your Global Configuration Settings. We suggest you create a subdirectory within your system's temp directory:
      # mkdir /var/tmp/snortsms
      # chmod 1777 /var/tmp/snortsms

  3. Creating the SnortSMS Database

    1. Create a new database, preferably 'SNORTSMS'.
    2. Create the DB tables. Use the supplied MySQL dump to restore the tables.
      # mysql -u root -p < ./contrib/SNORTSMS.mysql
    3. Create a new database user 'snortsms' (or use an existing user) and grant permissions to the SNORTSMS database. Take note of the username and password you have choosen.

  4. Installing the SnortSMS Agent Module (Remote Sensor)

      5. The SnortSMS Agent is designed to reside on the remote Snort sensor. It allows the SnortSMS website server to communicate and remotely control the sensor.

      Prerequsite: The SnortSMS Agent is written in the Webmin API, which means you must have Webmin installed on the remote sensor. You should have also installed Snort and Barnyard (optional) prior to installing the Agent Module.

    1. With a web browser, browse and login to your sensor's Webmin interface.
    2. On the "Webmin" tab, click on the "Webmin Configuration" icon.
    3. Click on the "Webmin Modules" icon.
    4. In the "Install Module" box, enter the source of the "snortsms-agent.tgz" module.
    5. Click the "Install Module" button to install the agent.
    6. Once installed, browse to the "Servers" tab, and click on the "SnortSMS Agent" icon.
    7. Under "Module Config" please enter the full path to the local snort binary, and save.
    8. Create a new Webmin user, preferably 'snortsms'. Allow only access to the "SnortSMS Agent" module for this user. Take note of the username and password you have choosen.
    9. Important: Be sure to disable "Disable session authentication" in Webmin -> Webmin Configuration -> Authentication section. Otherwise SnortSMS CURL will not be able to authenticate into your Webmin.

  5. Configuring SnortSMS

    1. Browse to the SnortSMS web location. If all is well you should see the SnortSMS interface.
    2. On the top menu, under "Settings", click the "SnortSMS Global Settings".
    3. Enter the database settings from the previous database section.
    4. Verify the remainder of the settings insuring all paths are correct for your system.

      Before you can assign configurations to your sensors, you must populate the SnortSMS libraries. The easiest way is to import the Snort default rule snapshot file. You can either download it to your local desktop or import it from the web.

    5. Click on the "Import" link under the "Libraries" menu.
    6. Enter the URL or Snapshot file, then press "Import".

      This will parse the snapshot file, finding all rules and directives, and populate the SnortSMS libraries accordingly. Once this is done, you should be able to browse the libraries and verify the imported resources. You may have to manually add the "Variables" manually.

      Now that your resource libraries are full, we suggest you 1st create at least one rule profile. You cannot assign rules directly to sensors, only rule profiles.

    7. Browse to Libraries -> Rules -> Rule Profiles.
    8. Click on the "New Profile" link, enter and save the new profile.
    9. Click the "Pick" link to browse through the rule library and assign rules to the current profile.

      Create Snort daemon profiles.

      Now you should be ready to create a new sensor entry.

    10. Click on the Sensors -> Administration Console link.
    11. Click "Add Sensor".
    12. Enter the Sensor name and save. Note: Do not include special characters.
    13. Click on the individual tabs to configure the rest of the sensor properties.

  6. Troubleshooting

    7. Issue: I get an error while trying to save the Global Settings.
    Resolution: Be sure the "conf.php" file has read/write permissions by the webserver.
     
    Issue: I cannot connect to the remote agent.
    Resolution: A ton of reasons for this one:
    - Be sure to "Disable session authentication" in Webmin.
    - Are use using the correct protocol (http/https)?
    - Username exits within Webmin and the user has access granted to the SnortSMS Agent module.
     
    Issue: I get an database connection error.
    Resolution: Verify your database server and table installation. Insure you have the correct username and password configured in SnortSMS Global Settings and in your database permissions section.
     
    Issue: "Missing DB.php".
    Resolution: - Be sure the PEAR-DB abstraction layer is properly installed.
    - Check that your PHP "include" path is correct and includes the path to the PEAR files.
     
    Issue: Importing snapshot file failed.
    Resolution: - Verifiy your path setting for temporary files in 'SnortSMS Global Settings'.
    - Verify your temp path is read/writable by your web server userid (chmod 1777 /tmp/path).
    - Verify correct paths for 'curl' & 'tar' on your web server in 'SnortSMS Global Settings'.
    - Verify your max upload, max memory, and max execution parameters in 'php.ini' config file.