In this guide, I’ll go through installation and Configuration of Snorby as a front-end of Snort IDS. Before this, Snort must be installed and configured. If that’s not done yet, please follow following link:
– Install and Configure Snort HIDS with Barnyard2, Base & MySQL on Ubuntu
– Installing Snort Sensor on Windows Host with Remote Snort +MySQL using WinIDS
Let us start installation of Snorby, first Pre-requisites:
Prerequisites:
Update OS First:

# apt-get update

# apt-get update

Installing Required Pre-Requisites:

apt-get install mysql-server apache2 libyaml-dev git-core default-jre imagemagick libmagickwand-dev wkhtmltopdf gcc g++ build-essential libssl-dev libreadline-gplv2-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt1-dev libxml2-dev libmysqlclient-dev libmysql++-dev apache2-prefork-dev libcurl4-openssl-dev -y

Install Ruby & Its addons:

apt-get install ruby1.9.3 ruby-text-format

gem install bundler

gem install rails

gem install rake –version=0.9.2

Install Snorby:

cd /var/www/

git clone http://github.com/Snorby/snorby.git

cd /var/www/snorby/config/

cp database.yml.example database.yml

cp snorby_config.yml.example snorby_config.yml

sed -i s/”/usr/local/bin/wkhtmltopdf”/”/usr/bin/wkhtmltopdf”/g /var/www/snorby/config/snorby_config.yml

Configure snorby database username and password:

vim /var/www/snorby/cofig/database.yml

Edit the settings to match your MySQL installation, in my network, it is given below as an example:

cd /var/www/snorby/

bundle install –deployment

rake snorby:setup

Setup Apache:
Setup Apache to work with Snorby. First we need to install required module of Apache:

gem install passenger

passenger-install-apache2-module

Copy the lines provided at the end of the installation script in Apache config file.

vim /etc/apache2/apache2.conf

The lines should look something like this at the end of the file

Include of directories ignores editors’ and dpkg’s backup files,

see README.Debian for details.

LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-3.0.18/ext/apache2/mod_passenger.so
PassengerRoot /var/lib/gems/1.9.1/gems/passenger-3.0.18
PassengerRuby /usr/bin/ruby1.9.1

Include generic snippets of statements

Include conf.d/

Include the virtual host configurations:

Include sites-enabled/
Now add the website as follows:

vim /etc/apache2/sites-available/snorby

Add the following lines (change the ServerAdmin and Servername to something of your choice):
<VirtualHost *:80>
ServerAdmin snorby@localhost
ServerName snorby.localnet
DocumentRoot /var/www/snorby/public
<Directory “/var/www/snorby/public”>
AllowOverride all
Order deny,allow
Allow from all
Options -MultiViews



Enable the new website and disable the default site:

a2dissite default

a2ensite snorby

service apache2 reload

Browse to the new website at: http://snorby.localnet (in my example) and login with the following default credentials:
Note: For this, we need to add DNS host entry to either DNS Server (if have access to), or else to hosts file.
Credentials:
Username: snorby@snorby.org
Password: snorby
You should see a page that looks something like this:

---

Posted on Utopian.io - Rewarding Open Source Contributors

---