There are several different ways to get notified by nagios when there is a problem. The most common way is via email. This is usally just fine, except when the service that goes down is the mailserver. There are ways to mitigate this of course.
One simple was is to get your notifications via growl. I really like this, it lets me know almost instantly when some is going on and I don’t have to worry about keeping my eyes on my email program while I’m busy on something else.
The way I implemented it was from a great script and good write up on the Nagios-users mailing list, you can see it all right here: Notify via Growl
I’m checking the snort basically like i’m checking most processes, if you’ve been following allong then you’ll already have a check_procs setup.
So I simply edit my localhost.cfg and add:
Edit the commands.cfg and add:
command_line $USER1$/check_procs -c $ARG1$ -C $ARG2$
reload nagios and thats it.
To get base up and going with snort already installed I did the following.
1. Downlaod ADOdb (database abstraction library for PHP) : http://sourceforge.net/projects/adodb/files/
The version I got was adodb510.tgz
2. Unzip and untar the file
tar -xvzf adodb510.tgz
3. Move the folder
cp -R adodb5/ /Library/WebServer/Documents/adodb5/
4. Download base: http://sourceforge.net/projects/secureideas/ The version I got was: base-1.4.4.tar.gz
5. Unzip and tar the file
tar -xvzf base-1.4.4.tar.gz
6. You should now have a folder: base-1.4.4/
7. Copy the base folder to your webserver folder
cp base-1.4.4/ /Library/WebServer/Documents/base/
change the owner on the folder
sudo chown -R _www:_www /Library/WebServer/Documents/base/
With this version there was a known problem with the file: base_state_citems.inc.php on some setups, mine included.
So I had to download the fixed version from CVS
You can also download it from the website, follow the link from here:
it goes in your /base/templates/
8. Now install the needed pear extensions for graphs to work in base
On my system it was as follows:
First I had to update pear to the rest of the packages would work:
sudo /usr/local/php5/bin/pear install PEAR-1.9.0
Then the following packages:
sudo /usr/local/php5/bin/pear install Image_Color
sudo /usr/local/php5/bin/pear install Image_Canvas-0.3.2
sudo /usr/local/php5/bin/pear install Image_Graph-0.7.2
9. Open up base in your browser:
You should get the page up with the settings, if you have any errors you need to fix them first with their suggestions.
Once you answer all the setup questions you should have a working base install.
1 Download Snort2 Download pcre
3 Untar pcre
4 Cd to pcre
(NOTE: Install prefix ……………… : /usr/local)
6 Untar Snort
7 CD to snort
8 ./configure -enable-dynamicplugin –with-mysql –with-mysql-includes=/opt/local/include/mysql5/ –with-mysql-libraries=/opt/local/lib/mysql5/mysql/
10 sudo make install
/usr/bin/install -c -m 644 ‘./snort.8’ ‘/usr/local/man/man8/snort.8’
test -z “/usr/local/lib/pkgconfig” || /bin/sh ./mkinstalldirs “/usr/local/lib/pkgconfig”
/usr/bin/install -c -m 644 ‘snort.pc’ ‘/usr/local/lib/pkgconfig/snort.pc’
11. Get the rules from the snort site and untar them
I used snorttemp as the folder
12. Make a folder for the rules
13. Copy the rules over
cp * /opt/local/etc/snort/rules/
I also copied over the etc folder
cp * /opt/local/etc/snort/
14. Edit the Snort configuration
change “var HOME_NET any” to “var HOME_NET 192.168.0.0/24” or whatever your home network is
change “var EXTERNAL_NET any” to “var EXTERNAL_NET !$HOME_NET” This is everything except your home network
change “var RULE_PATH ../rules” to “var RULE_PATH /opt/local/etc/snort/rules”
goto the line that starts with “# output database: log, mysql, user=” and remove the # from the begining of the line
enter your user password and db name
15. mysql setup
log in to mysql as root
mysql -u root -p
create a snort database
mysql> create database snort;
create a user and password to match your mysql setup in the snort config:
mysql> CREATE USER ‘snort’@’localhost’ IDENTIFIED BY ‘somepassword’;
give that user access to the database
mysql> GRANT ALL PRIVILEGES ON snort.* TO ‘snort’@’localhost’;
Import the snort schema into the database.
mysql -D snort -u root -p < /schemas/create_mysql
16. Start it up
snort -c /opt/local/etc/snort/snort.conf
If it works it should look something like:
–== Initialization Complete ==–
,,_ -*> Snort! <*-
o” )~ Version 220.127.116.11 (Build 114)
”” By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
You can use ctrl+c to stop it.
Last week I had a need to create a debian boot disk. The computer I needed to use it on doesn’t have a CD and I didn’t feel like purchasing a USB CD reader just for the purpose of loading debian, and I didn’t feel like waiting until I could go to down or have it shipped.
So I had to make a boot disk. I’ve done it in Linux several times before but never from OSX. So the commands aren’t exactly the same, here are my notes taken from a couple places on the web, which should serve as a reminder for the next time I have do to it.
First I downloaded the debian image I wanted to use from there site.
Next I stuck the thumb drive in the box.
from the termial (I use iTerm)
mine was listed as /dev/disk1
#diskutil unmountDisk /dev/disk1
#bzcat debian.img | dd of=/dev/disk1
#diskutil eject /dev/disk1
It was a simple as that. To test i stuck it in my handy netbook and reboot and I was at the lovely command prompt. Then of course other things happened that required my attention so I haven’t gotten back to that project of getting the box installed yet.