Building an IDS/IPS on a Linux machine Part 1 – Preparation work

I am learning how to build an IDS/IPS machine from Centos 6.3 minimal installation from a friend, so here’s the preparation work. I claim no credit for this post, this is the instruction by my great friend William.

For CentOS 6.2 minimal installation I will need libcap-ng, libcap-ng-devel, libdnet, file and file-devel, magic and magic-devel, pkgconfig, glib, gcc, pcre and pcre-devel, libyaml, libyaml-devel, libpcap and libpcap-devel, zlib-devel. To configure the suricata source code I would need magic.h.

I created sub directories to place my suricata, mkdir /opt/cyruslab/nids/.

The default repo list does not contain magic rpm, so I downloaded the repo list with rpm -ivh http://mirror.nus.edu.sg/Fedora/epel/6/i386/epel-release-6-7.noarch.rpm.

then I execute yum update, I install magic and magic-devel (source code), yum install magic magic-devel.

If you have this problem:
Configure Error: magic.h not found install file and file-devel by using yum install file file-devel if you are using Centos, redhat or fedora.

Configure, make and install suricata ./configure --prefix=/opt/cyruslab/nids && make all install && ldconfig.

Make symbolic link of the contents from /opt/cyruslab/nids/bin and /opt/cyruslab/nids/sbin to /usr/bin

cd /usr/bin ; for A in /opt/cyruslab/nids/bin/* /opt/cyruslab/nids/sbin/* ; do ln -s $A ; done

Install mysql
yum install mysql mysql-server

Configure mysql root password
Configure the mysql root password: mysqladmin -u root password 'root_password'.
If you want to connect to mysql use mysql -u root -p, a prompt appears to prompt for your root password.

Create user in Mysql database

mysql>CREATE USER 'admin'@'localhost'
     ->IDENTIFIED BY 'admin_password';
mysql>

Reference: http://dev.mysql.com/doc/refman/5.1/en/assigning-passwords.html

Create Database, create user, and grant database to user

Login as root in mysql mysql -u root -p.
Create database in mysql CREATE DATABASE nids;.

You must activate the database before it can be granted to user use nids;

Grant user admin to database nids:

GRANT SELECT, INSERT, DELETE ON nids.* TO 'admin'@'localhost' IDENTIFIED BY 'admin_password';

Flush the privilege to activate the above grant flush privileges;.

To remove the grant from user use:

REVOKE SELECT, INSERT, DELETE ON nids.* FROM 'admin'@'localhost';

Reference: http://kb.mediatemple.net/questions/788/HOWTO%3A+GRANT+privileges+in+MySQL#dv
http://www.abbeyworkshop.com/howto/lamp/my_createdb/index.html
http://dev.mysql.com/doc/refman/5.1/en/grant.html

Advertisements
This entry was posted in IDS/IPS, Security and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s