Autosnort icon indicating copy to clipboard operation
Autosnort copied to clipboard

Published 20 hours ago verified publisher icon da667

Add entry for iptables and correct permissions in CentOS

Open sniglet opened this issue 12 years ago • 3 comments

A clean install on a CENTOS box required the following additional steps to reach snortreport remotely using a web browser:

chown -R apache /var/www

And the following entry in /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

sniglet avatar Feb 27 '13 18:02 sniglet

So, did you get the script to work or was this after manually running the create schema script?

There's supposed to be an option to run chcon and enable short open tags in the script after it asks you for the snort database user password. This fixes permissions and page render problems. As for the firewall, configure-firewall-tui is a simpler way to allow port 80 inbound. Centos firewall is pretty restrictive by default. On Feb 27, 2013 1:17 PM, "sniglet" [email protected] wrote:

A clean install on a CENTOS box required the following additional steps to reach snortreport remotely using a web browser:

chown -R apache /var/www

And the following entry in /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

— Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/10 .

da667 avatar Feb 27 '13 22:02 da667

The script worked after I hard coded the barnyard version into it (instead of barnyard2* )

After the script completed, I attempted to hit the page once, then applied apache perms to /etc/www, failed accessing the page again, then applied the changes to iptables, it was successful at that point.

On Wednesday, February 27, 2013, da_667 wrote:

So, did you get the script to work or was this after manually running the create schema script?

There's supposed to be an option to run chcon and enable short open tags in the script after it asks you for the snort database user password. This fixes permissions and page render problems. As for the firewall, configure-firewall-tui is a simpler way to allow port 80 inbound. Centos firewall is pretty restrictive by default. On Feb 27, 2013 1:17 PM, "sniglet" <[email protected]<javascript:_e({}, 'cvml', '[email protected]');>> wrote:

A clean install on a CENTOS box required the following additional steps to reach snortreport remotely using a web browser:

chown -R apache /var/www

And the following entry in /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

— Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/10> .

— Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/10#issuecomment-14203134 .

sniglet avatar Feb 27 '13 22:02 sniglet

I'm working on reproducing the issue you ran into on your install. So far, I'm not running into luck. I'm using a CentOS 6.3 32-bit VM, fully patched and updated prior to running the script and run into no issues pulling barnyard2, reading its files, or creating the snort database or schemas. I have a few more questions for you.

  • Are you running 32-bit or 64-bit CentOS? though the arch in this case shouldn't really matter, I want to do my best to reproduce this problem.
  • Regarding the problems you experienced getting the webpage to render, were you running SELinux? There is an option to enable short_open_tags in PHP and fix permissions in SELinux to allow apache to access /var/www. do you remember whether or not you allowed the script to perform these modifications?

Regarding the firewall, There is a message that notifies the user to open the firewall via system-configure-firewall-tui after it modifies the php.ini and changes SELinux settings. I suppose I could include an iptables rule as suggested, but for the time being, I leave it as an exercise to the user.

On Wed, Feb 27, 2013 at 5:07 PM, sniglet [email protected] wrote:

The script worked after I hard coded the barnyard version into it (instead of barnyard2* )

After the script completed, I attempted to hit the page once, then applied apache perms to /etc/www, failed accessing the page again, then applied the changes to iptables, it was successful at that point.

On Wednesday, February 27, 2013, da_667 wrote:

So, did you get the script to work or was this after manually running the create schema script?

There's supposed to be an option to run chcon and enable short open tags in the script after it asks you for the snort database user password. This fixes permissions and page render problems. As for the firewall, configure-firewall-tui is a simpler way to allow port 80 inbound. Centos firewall is pretty restrictive by default. On Feb 27, 2013 1:17 PM, "sniglet" <[email protected]<javascript:_e({}, 'cvml', '[email protected]');>> wrote:

A clean install on a CENTOS box required the following additional steps to reach snortreport remotely using a web browser:

chown -R apache /var/www

And the following entry in /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

— Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/10> .

— Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/10#issuecomment-14203134> .

— Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/10#issuecomment-14203369 .

when does reality end? when does fantasy begin?

da667 avatar Feb 27 '13 23:02 da667