Building an IDS/IPS on a Linux machine Part 1 – Preparation work

I am learning how to build an IDS/IPS machine from Centos 6.3 minimal installation from a friend, so here’s the preparation work. I claim no credit for this post, this is the instruction by my great friend William.

For CentOS 6.2 minimal installation I will need libcap-ng, libcap-ng-devel, libdnet, file and file-devel, magic and magic-devel, pkgconfig, glib, gcc, pcre and pcre-devel, libyaml, libyaml-devel, libpcap and libpcap-devel, zlib-devel. To configure the suricata source code I would need magic.h.

I created sub directories to place my suricata, mkdir /opt/cyruslab/nids/.

The default repo list does not contain magic rpm, so I downloaded the repo list with rpm -ivh

then I execute yum update, I install magic and magic-devel (source code), yum install magic magic-devel.

If you have this problem:
Configure Error: magic.h not found install file and file-devel by using yum install file file-devel if you are using Centos, redhat or fedora.

Configure, make and install suricata ./configure --prefix=/opt/cyruslab/nids && make all install && ldconfig.

Make symbolic link of the contents from /opt/cyruslab/nids/bin and /opt/cyruslab/nids/sbin to /usr/bin

cd /usr/bin ; for A in /opt/cyruslab/nids/bin/* /opt/cyruslab/nids/sbin/* ; do ln -s $A ; done

Install mysql
yum install mysql mysql-server

Configure mysql root password
Configure the mysql root password: mysqladmin -u root password 'root_password'.
If you want to connect to mysql use mysql -u root -p, a prompt appears to prompt for your root password.

Create user in Mysql database

mysql>CREATE USER 'admin'@'localhost'
     ->IDENTIFIED BY 'admin_password';


Create Database, create user, and grant database to user

Login as root in mysql mysql -u root -p.
Create database in mysql CREATE DATABASE nids;.

You must activate the database before it can be granted to user use nids;

Grant user admin to database nids:

GRANT SELECT, INSERT, DELETE ON nids.* TO 'admin'@'localhost' IDENTIFIED BY 'admin_password';

Flush the privilege to activate the above grant flush privileges;.

To remove the grant from user use:

REVOKE SELECT, INSERT, DELETE ON nids.* FROM 'admin'@'localhost';



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s