Snort - the de facto standard for intrusion detection/prevention
the de facto standard in IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences
next up previous
Next: 4 Rules and Alerts Up: 3 Configuring Snort Previous: 3.21 How do I

3.22 How do I build this ACID thing?

Read carefully through all the docs for each package. Getting ACID to work is a lot of work, since it depends on many packages. You need a working Apache, a working PHP, a working GD (and the many libraries GD depends on), the ADODB package, and Phplot. This is a lot of stuff to configure.

A typical sequence to get this all working on Solaris 8: Use some binary packages from a trusted Sun freeware site (sunfreeware.com). The most problems were with PHP and the GD library. GD itself needs a bunch of packages and libraries to work also. It needs the libpng stuff, the libjpeg stuff (if you want jpeg), etc, etc. Read through the readme for GD. So you either need to get these and compile them also, or get some binary packages. PHP is the most difficult thing to get compiled correctly. The PHP package needs to be compiled with lots of ``-with'' flags for GD to work properly, otherwise it gets lots of run-time unresolved reference errors. Just using a ``with'' for GD isn't sufficient. You also need to "with" each library which GD uses also, or PHP can't find the functions it needs. Here's the ``configure'' line you can use to get PHP working: 

    ./configure --with-mysql --with-apxs=/usr/apache/bin/apxs --with-gd
    --enable-sockets --with-jpeg-dir=/usr/local/lib --with-png-dir=/usr/local/
    lib --with-zlib-dir=/usr/local/lib --with-xpm-dir=/usr/local/lib
These `with' statements basically have the effect of the Makefile including -L and -R statements for each library so that both the compile and run time linkers can find all the functions needed to find in the Apache module environment. Apache doesn't seem to consult the LD_LIBRARY_PATH when running a module (or PHP doesn't, or there's some config item in the Apache conf files, but you can just use the ``withs'').

Basically, you need to work from the bottom up. So you need to obtain/compile any libraries that GD needs and install them, and any libraries/packages those packages need. Then once you get GD compiled properly and installed, compile PHP. Then make a PHP script that calls phpinfo() (this is referenced in the ACID install) and carefully examine the page produced. Once satisfied PHP is working, then the 'foundation' is ready for the other stuff. Install PHplot and run a few of the tests. If they succeed, then install ADODB and ACID, tweak the config files, and it should all work. (heh, heh)

Also make sure you read the ACID FAQ on the web site. There's some stuff not in the ACID install guide that should probably be there. Namely the fact that the PHP ``register_globals'' option must be turned on in the php.ini file (it's off in the default PHP configurations).

ACID FAQ: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html

next up previous
Next: 4 Rules and Alerts Up: 3 Configuring Snort Previous: 3.21 How do I
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.