I am learning how to build an IDS/IPS machine from Centos 6.3 minimal installation from a friend, so here’s the preparation work. I claim no credit for this post, this is the instruction by my great friend William.
For CentOS 6.2 minimal installation I will need libcap-ng, libcap-ng-devel, libdnet, file and file-devel, magic and magic-devel, pkgconfig, glib, gcc, pcre and pcre-devel, libyaml, libyaml-devel, libpcap and libpcap-devel, zlib-devel. To configure the suricata source code I would need magic.h.
I created sub directories to place my suricata,
The default repo list does not contain magic rpm, so I downloaded the repo list with
rpm -ivh http://mirror.nus.edu.sg/Fedora/epel/6/i386/epel-release-6-7.noarch.rpm.
then I execute
yum update, I install magic and magic-devel (source code),
yum install magic magic-devel.
If you have this problem:
Configure Error: magic.h not found install file and file-devel by using
yum install file file-devel if you are using Centos, redhat or fedora.
Configure, make and install suricata
./configure --prefix=/opt/cyruslab/nids && make all install && ldconfig.
Make symbolic link of the contents from /opt/cyruslab/nids/bin and /opt/cyruslab/nids/sbin to /usr/bin
cd /usr/bin ; for A in /opt/cyruslab/nids/bin/* /opt/cyruslab/nids/sbin/* ; do ln -s $A ; done
yum install mysql mysql-server
Configure mysql root password
Configure the mysql root password:
mysqladmin -u root password 'root_password'.
If you want to connect to mysql use
mysql -u root -p, a prompt appears to prompt for your root password.
Create user in Mysql database
mysql>CREATE USER 'admin'@'localhost' ->IDENTIFIED BY 'admin_password'; mysql>
Create Database, create user, and grant database to user
Login as root in mysql
mysql -u root -p.
Create database in mysql
CREATE DATABASE nids;.
You must activate the database before it can be granted to user
Grant user admin to database nids:
GRANT SELECT, INSERT, DELETE ON nids.* TO 'admin'@'localhost' IDENTIFIED BY 'admin_password';
Flush the privilege to activate the above grant
To remove the grant from user use:
REVOKE SELECT, INSERT, DELETE ON nids.* FROM 'admin'@'localhost';