How Do You Install OSSEC on Any Type of Linux?

0 Comments

Problem scenario
You have Debian/Ubuntu, RedHat (including CentOS and Fedora), and SUSE distributions of Linux.  You want to install OSSEC on each server (to protect them with host-based intrusion detection systems, IDSes).  You want to use the same script to install OSSEC on each server. How do you do this?

Solution
1.  Create a script such as this /tmp/ossec.sh.

#!/bin/bash
# Written by www.continualintegration.com

ossecversion=3.1.0 

Continue reading “How Do You Install OSSEC on Any Type of Linux?”

How Do You Deal with An “hwloc library not found” Error?

1 Comments

Problem scenario
You are trying to install Snort on Ubuntu.  You have installed hwloc (because you know the command hwloc-info works).  But when you try to run a configure script (e.g., configure_cmake.sh), you get this error:

“– Could NOT find PkgConfig (missing:  PKG_CONFIG_EXECUTABLE)
CMake Error at cmake/FindHWLOC.cmake:6 (message):

        ERROR! hwloc library not found.

        Get it from https://www.open-mpi.org/projects/hwloc/

Call Stack (most recent call first):
 

Continue reading “How Do You Deal with An “hwloc library not found” Error?”

How Do You Use Tripwire Commands without the “Keyfile Read/Write error”?

0 Comments

Problem scenario
You created a tripwire keyfile.  You perform a tripwire (e.g., twprint) command but you get this error:

### Error: Keyfile Read/Write error.
### /etc/tripwire/site.key
### Exiting…

What should you do?

Solution
Use sudo before the tripwire command.  This error can happen when the Linux user has insufficient permissions to perform the tripwire (e.g., twprint) command

Continue reading “How Do You Use Tripwire Commands without the “Keyfile Read/Write error”?”

How Do You Troubleshoot the Problem “No package ‘Luajit’ Found” When Attempting to Install Snort?

0 Comments

Problem scenario
You install the Lua Just-In-Time package named luajit (e.g., with sudo apt-get -y install luajit).  You are trying to install Snort.  When you run the ./configure script, you get this error:


— Checking for module ‘luajit’
—   No package ‘luajit’ found
CMake Error at /usr/share/cmake-3.5/Modules/FindPackageHandleStandardArgs.cmake:148 (message):

/usr/bin/luajit-2.0.4
/usr/share/luajit-2.0.4/jit

You tried this:

./configure_cmake.sh –with-luajit-libraries=/usr/share/luajit-2.0.4/jit/ –with-luajit-includes=/usr/bin

But that command failed too.

Continue reading “How Do You Troubleshoot the Problem “No package ‘Luajit’ Found” When Attempting to Install Snort?”

How Do You Install Snort on RHEL 7.x?

0 Comments

Problem scenario
You want to install Snort on a Red Hat Enterprise Linux server.  How do you do this?

Solution
1.  Log into the server.
2.  Create a file /tmp/snortinstaller.sh with the following content:

yum -y install libdnet

yum -y install https://www.snort.org/downloads/snort/daq-2.0.6-1.f21.x86_64.rpm

curl https://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/l/libnghttp2-1.28.0-1.fc28.x86_64.rpm libnghttp2-1.28.0-1.fc28.x86_64.rpm

rpm -ivh libnghttp2-1.28.0-1.fc28.x86_64.rpm

yum -y install https://www.snort.org/downloads/snort/snort-2.9.11-1.f25.x86_64.rpm

ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1

3. 

Continue reading “How Do You Install Snort on RHEL 7.x?”

How Do You Get Snort Working to Test It Out?

0 Comments

Problem scenario
You have a Linux server, and you want to install Snort use its basic functionality.  How do you do this?

Background
It is advisable to place Snort on every machine (Upguard).  This way if one server is compromised, you have Snort’s features on all other servers.  When alerting but not logging, running Snort usually consumes a negligible amount of resources (RAM,

Continue reading “How Do You Get Snort Working to Test It Out?”

How to Install Suricata on an AWS Instance of SUSE Linux

0 Comments

These “directions” to install Suricata on SUSE Linux include a script and how to run it.  The script was designed to install Suricata 3.1dev on an AWS instance of SUSE 12 SP1.  This script was based on these here. This script requires that your AWS SUSE Linux server is in a security group that has access to the Internet.  The script takes approximately five minutes to run.  But bandwidth and resources on your instance may vary.

Continue reading “How to Install Suricata on an AWS Instance of SUSE Linux”

How to Install Suricata on an AWS Instance of Ubuntu Linux

0 Comments

Updated on 11/28/17

Problem scenario
You want to install Suricata on Ubuntu Linux.  How do you do this?

Solution
These directions to install Suricata include a script and how to run it.   The optional script in 2.c was based on these here.  The optional script in 2.c script requires that your AWS Ubuntu Linux server is in a security group that has access to the Internet. 

Continue reading “How to Install Suricata on an AWS Instance of Ubuntu Linux”

How to Install Suricata on an AWS Instance of RedHat Enterprise Linux Server

0 Comments

Updated 11/29/17

These directions will allow you to install Suricata.  The script in step 2 was designed to install Suricata 4.0.1 on an AWS instance of RHEL 7.4.  This script requires that your AWS RedHat Enterprise Linux server is in a security group that has access to the internet.  You do not need a subscription to RedHat packages. 

Step #1  Log into the Red Hat Enterprise Linux server. 

Continue reading “How to Install Suricata on an AWS Instance of RedHat Enterprise Linux Server”