White paper network ids and ips deployment Strategies Nicholas Pappas




Download 2,67 Mb.
Pdf ko'rish
bet21/25
Sana14.05.2024
Hajmi2,67 Mb.
#233760
1   ...   17   18   19   20   21   22   23   24   25
Barnyard Installation
Barnyard is a nice program that takes unified output from programs like Snort 
and inputs log or event information into a useful format. For this prototype, we want 
Nicholas Pappas
48
@ 2021 SANS Institute
Author Retains Full Rights

© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Barnyard to take the unified output from Snort and insert it into the MySQL database.
cd /usr/local/share
wget http://www.snort.org/dl/barnyard/barnyard-0.2.0.tar.gz
tar -xvzf barnyard-0.2.0.tar.gz
rm barnyard-0.2.0.tar.gz
cd barnyard-0.2.0
To prevent the loss of MySQL connection(s). We need to patch Barnyard source 
before compiling it.
cd barnyard-0.2.0
Now edit the file named “src/output-plugins/op_acid_db.c” by adding the following 
just before a line containing: "while(mysql_ping(mysql) != 0)"
mysql->reconnect=1;
The final function should look exactly like this:
--start of snip--
int MysqlExecuteQuery(MYSQL *mysql, char *sql)
{
int mysqlErrno;
int result;
while((result = mysql_query(mysql, sql) != 0))
{
mysqlErrno = mysql_errno(mysql);
if(mysqlErrno < CR_MIN_ERROR)
{
if(pv.verbose)
LogMessage("MySQL ERROR(%i): %s. Aborting Query\n",
mysql_errno(mysql), mysql_error(mysql));
return result;
}
if((mysqlErrno == CR_SERVER_LOST)
|| (mysql
Errno == CR_SERVER_GONE_ERROR))
{
LogMessage("Lost connection to MySQL server. Reconnecting\n");
/* MySQL reconnect line inserted to fix the MySQL idle disconnect issue. */
mysql->reconnect=1;
Nicholas Pappas
49
@ 2021 SANS Institute
Author Retains Full Rights

© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
while(mysql_ping(mysql) != 0)
{
if(BarnyardSleep(15))
return result;
}
LogMessage("Reconnected to MySQL server.\n");
}
else
{
/* XXX we could spin here, but we do not */
LogMessage("MySQL Error(%i): %s\n", mysqlErrno, mysql_error(mysql));
}
}
return result;

--end of snip--
Ok now we're clear to compile Barnyard.
./configure –enable-mysql
make
make install
cp /usr/local/share/barnyard-0.2.0/etc/barnyard.conf /etc/snort/

Download 2,67 Mb.
1   ...   17   18   19   20   21   22   23   24   25




Download 2,67 Mb.
Pdf ko'rish
Bosh sahifa
Aloqalar
    Bosh sahifa
Dərs
Mühazirə
Qaydalar
Referat
Xülasə
Yazı


White paper network ids and ips deployment Strategies Nicholas Pappas

Download 2,67 Mb.
Pdf ko'rish