This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected [...]

Everybody knows the problem, you have a IDS tool(s) installed and every tool has his own interface. Prelude will allow to log all of the events to the prelude database and be consulted using one interface (prewikka). This howto will describe how to install and configure the different tools that will make up the complete [...]

BASE web page setup Open your favorite web browser and go to: http://www.example.com/base-1.2.5/setup If all is setup okay you should see the BASE Setup Program page: Click on Continue step 1 of 5: Enter the path to ADODB (/var/www/adodb): click on Submit Query step 2 of 5: Enter the needed info on the next screen: [...]

Installing Lets start with: LIBPCAP. Make sure that you are in the directory that you downloaded all files. cd /root/snorttemp cd into the libcap map: cd libpcap-0.9.4 and make / install LIBPCAP: ./configure make make install Next is PCRE. Again, make sure that you are in the directory that you downloaded all files. cd /root/snorttemp [...]

LIBPCAP Go to: http://www.tcpdump.org/ and select a download link for Libpcap (at time of writing this it is libpcap-0.9.4.tar.gz) cd back to the snorttemp map: cd /root/snorttemp and download the libpcap-0.9.4.tar.gz file: wget http://www.tcpdump.org/release/libpcap-0.9.4.tar.gz Untar the file: tar -xvzf libpcap-0.9.4.tar.gz Remove the file: rm libpcap-0.9.4.tar.gz BASE (Basic Analysis and Security Engine ) Go to: http://secureideas.sourceforge.net/ [...]