SNĒZ is free software: you can redistribute it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. SNĒZ is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/. Do not allow SNEZ to be accessed from the Internet or an untrusted or insecure network. The catch-phrase, ‘you’ll hack me… when pigs fly’, is just that, a catch-phrase and not a guarantee.
FEATURES :
- Filter alerts on combination of signature, date, ip addresses, and sensor
- Filters can be used to classify alerts; filters are sortable and comments can be edited
- Can set up alerts on various combinations of alerts, addresses, etc. as ‘warnings’
- Analyis view of source addresses for most signatures, events, destination ports
- All code server side PHP, easy installation with one simple config file
- Uses snort db directly
- Monitor up/down status of snort and barnyard2 processes
- Packet display and the ability to do a short real-time packet dump
- All activity related to filtering and deleting alerts logged
- Dismissed alerts can be retrieived by overriding filters
- DNS lookup with cut/paste to your favorite DNS lookup site (configurable)
- Configurable page performance and security parameters
SECURITY
While SNEZ is tested with web vulnerability scanners, do not allow SNEZ to be accessed from the Internet
or an untrusted or insecure network.
REQUIREMENTS and PRE-REQS
Snort, Apache, MySQL, PHP.
When configuring Snort, output type must be MySQL or barnyard2 to MySQL.
NEW INSTALL (See below for upgrades)
Create SNEZ database and install package-
1. mkdir /opt/SNEZ
2. cd /opt/SNEZ
3. cp [download location]/SNEZ-[ver].[rel].tar.gz ./
4. tar -xzvf SNEZ-[ver].[rel].tar.gz
5. cd SNEZ-[ver].[rel]
6. ./SNEZcreate or bash SNEZcreate (This will create and populate your SNEZ db.
Supply password for root@localhost when prompted;
then supply a password for access to your SNEZ DB when prompted.
You will enter this password in the config file in the next step).
7. vi ./SNEZconfig.php. Add the SNEZ database password selected in the previous step to the line
SNEZ.password=
Modify other parameters as needed, especially your sniffer interface (See CONFIG FILE later in the README)
8. ./SNEZinstall or bash SNEZinstall
Create logins-
1. In a browser- http://[ip address of server]/SNEZ/SNEZlogin.php
2. Login as ‘admin’ using password of ‘admin’
3. Click on the Admin Functions link and add an administrator
that can add users (be sure to check the box)
4. From the browser, log off and log on with the new administrator id from step 3.
5. Go to Admin Functions and delete user admin.
UPGRADES
1. cd /opt/SNEZ
3. cp [download location]/SNEZ-[ver].[rel].tar.gz ./
4. tar -xzvf SNEZ-[ver].[rel].tar.gz
5. cd SNEZ-[ver].[rel]
6. ./SNEZinstall or bash SNEZinstall
If config file SNEZconfig.php exists, it will not be overwritten (ie. upgrade)
(steps 7 and 8 only if config file needs changed)
7. vi ./SNEZconfig.php and add and/or modify the following lines-
php.max.execution.time = 120 overrides php.ini max execution time
sniffer.interface = eth1 sniffer interface for optional use of tcpdump (*Note)
min.user.pwd.len = 8minimum password length for users
encrypt = none replace none with an existing, installed PHP hash function
whois = http://network-tools.com/ whois lookup, used for cut and paste; select your personal favorite
8. ./SNEZconfiginstall
CONFIG FILE
Settings in the SNEZconfig.php file-
[settings]
encrypt = none none or an existing, installed php hash function for password
NOTE: if you change this on a running system, login first,
run SNEZconfiginstall, and immediately add new users
inactive = 900 page timeout
SNEZ.password password to the SNEZ database chosen at install time; must be set
gmt= -5 GMT offset; default to USA Eastern
max.rowlimit=10000default maximum db rows read before page displayed
dns.rowlimit=1000default max db rows read before page displayed when DNS resolution used;
(can be lowered for speed)
summary.rowlimit = 10000number of db rows to read before fully collapsed summary view page displayed
php.max.execution.time = 120 overrides php.ini max execution time
sniffer.interface = eth1 sniffer interface for optional use of tcpdump (*Note)
min.user.pwd.len = 8minimum password length for users
whois = http://network-tools.com/ whois lookup, used for cut and paste; select your personal favorite
*Note- Use visudo to make the additions and changes so certain root commands can be executed. (Caution! Read the sudo and visudo documentation.
Mistakes here can render your system inoperable. Never edit the sudoers file with vi or another editor. You skip this if you don’t
want to use the tcpdump capabilities of SNEZ, or are uncomfortable making the changes, or concerned about security implications of allowing
a non-root user running tcpdump).
hostname (get hostname of your system)
visudo (add the following lines, adjusting for your system appropriately)
apache hostname=NOPASSWD:/usr/sbin/tcpdump (substitue your host name for hostname)
apache hostname=NOPASSWD:/bin/ps
apache hostname=NOPASSWD:/bin/kill
(comment out the following line)
Defaults requiretty
!wq (or q! if you make mistakes and want to start over)
UNINSTALL
Can be used to uninstall product permanently or clean for fresh install
./opt/SNEZ/SNEZ-[ver].[rel]/SNEZuninstall
Download Latest Version :
Find Other version |
Read more Righht Here : http://geneguinter.com/
Our Post Before :
- http://seclist.us/2012/10/update-snez-bleeding-edge-v-1-6-and-snez-v-1-5-3.html
- http://www.seclist.us/2012/07/update-snez-v-15.html
- http://www.seclist.us/2012/05/update-snez-v-141.html
- http://www.seclist.us/2012/04/update-snez-v-14.html
- http://www.seclist.us/2012/03/snez-v131-intrusion-detection-system.html