PLATFORM_HINTSThis file lists platform specific hints on how to install weasel on different plattforms: * Ubuntu Server 6.10 * Debian Etcg * MacOS X 10.4 * Solaris 10 The information here is not yet complete, if you have some hints to share, please mail them to email@example.com, or use the web board.
Ubuntu Server 6.10Thanks to Marc Lifart Webserver: If you install a fresh copy of Ubuntu Server, then select the LAMP option during installation. Otherwise you can still add the webserver later: $ apt-get install apache2 $ apt-get install php5-mysqli $ apt-get install php5-pgsql Database: If you want to use PostgreSQL: $ apt-get install postgresql-8.1 $ apt-get libpq-dev If you want to use MySQL: $ apt-get install pcregrep $ apt-get install libpcre3-dev $ apt-get install libmysqlclient15-dev $ apt-get install mysql-client-5.0 $ apt-get install mysql-server-5.0 Snort: In order to be able to compile snort, you will need several software packages: $ apt-get install patch $ apt-get install gcc $ apt-get install build-essential $ apt-get install libpcap0.8-dev $ apt-get install libpcre3-dev You should now be ready to install weasel, just follow the INSTALL instructions.
Debian EtchThanks to Roman Ammann Database: If you want PostgreSQL: $ apt-get install postgres If you want MySQL $ apt-get install mysql-server Console (Webserver): $ echo 'deb http://192.168.1.154/~ray/debian/etch i386/' >> /etc/apt/sources.list $ apt-get update $ apt-get install weasel If you want to use the system exclusivly as weasel console run $ a2ensite weasel $ a2dissite default $ /etc/init.d/apache2 restart otherwise configure /etc/apache2/sites-available/weasel first If you want to use sensor on other systems edit /etc/mysql/my.conf and change the line bind = 127.0.0.1 to bind = 0.0.0.0 Make sure you're using good passwords for the weasel user and the root database user. Sensor (Snort): $ echo 'deb http://192.168.1.154/~ray/debian/etch i386/' >> /etc/apt/sources.list $ apt-get update $ apt-get install snort-weasel Configure the database in /etc/snort/snort.conf. Download the rulesets from www.snort.org and extract them to /etc/snort. Try to run snort for testing purposes directly $ snort -c /etc/snort/snort.conf -i eth0 -u snort -g snort
Mac OS X 10.4Webserver: OS X comes already with a webserver. Enable "Personal Web Sharing" in the "Sharing" Section of the System Preferences. You still need to install php5 though, luckily Marc Liyanage has made available a fine package, available here: http://www.entropy.ch/software/macosx/php/ Your Document Root is /Library/WebServer/Documents, and each user has a personal website under ~/Sites, accessible via http://localhost/~USERNAME Database: If you want PostgreSQL: Install Marc Liyanages Postgres Package: http://www.entropy.ch/software/macosx/postgresql/ If you want MySQL: Download the normal mysql binary distribution from mysql.com Snort: OS X comes already with all the libraries needed to build snort. Just follow the normal build instructions found in INSTALL. MySQL is installed in /usr/local/mysql and Postgres is installed in /usr/local/pgsql. You will need to supply these paths on the ./configure line: ./configure --with-mysql=/usr/local/mysql --with-postgresql=/usr/local/pgsql --enable-pthread
Solaris 10 / SPARCThanks to Stefan Burschka To build the sensor, you will need these packages from http://www.SUNFreeware.com: * make * patch * gcc * mysql * libpcap * pcre * tar * (gdb) Follow the build instruction, but use the GNU version of the patch and tar utilities that have been installed in /usr/local/bin, i.e. use: # /usr/local/bin/patch -p1 instead of just # patch -p1 The interfaces on solaris have chipset spefific names ! (eri0, hme0, etc...) Be sure to check what you have with ifconfig -a