Integrating Snort with Webmin

Problem

You have already set up a Unix management system using Webmin. You would like to integrate Snort with this management system.

Solution

  1. Download the Snort Webmin module from MSB Networks (available at: http://www.msbnetworks.net/snort). This allows you to configure, monitor, and maintain Snort from within Webmin.
  2. Once you have downloaded the module, insert it into Webmin through the web interface by selecting the Webmin Configuration icon from the main screen (Figure 5-34).

    Figure 5-34. Webmin main screen

     
  3. Select the Webmin Modules icon (Figure 5-35). This will show the information in the Webmin Modules (Figure 5-36).

    Figure 5-35. Webmin Configuration

     

    Figure 5-36. Webmin Modules

     
  4. In the Install Module box, select the From uploaded file radio button, and click the Browse button to navigate to the file that you downloaded.
  5. Click the Install Module button. You will get a confirmation screen (Figure 5-37).

Figure 5-37. Install Module

 

Discussion

Webmin is a web-based system-administration interface for Unix. It allows you to manage your Unix system and softwarein this case, Snort. Once you have installed the Snort Webmin Module, you need to configure the various settings by clicking on the Snort IDS Admin link in the Install Module window, or by navigating to the plug-in through the Webmin interface. On first use, you are presented with a screen prompting for the details of your Snort installation (Figure 5-38). Note that Webmin can handle only the control of one Snort daemon running on the machine.

Figure 5-38. Initial configuration

You need to set the full path to your Snort executable, the Snort configuration file, the rules directory, and the Snort PID file. Optionally, you can set the command to start Snort and set the URL to your ACID installation. Once you have filled in the information, click Save.

There are five main sections to the Webmin interface to Snort: Rulesets, Network Settings, PreProcessors, Alerts & Logging, and Edit Config File (Figure 5-39). Start in the Rulesets screen to select which rules you wish to enable. Note that changes will take effect only once you have restarted Snort. To facilitate this, there is a Restart Snort button at the bottom of this screen.

Figure 5-39. Snort IDS

The Network Settings screen allows you to set the various network options, including your Home and External networks, various servers, and port selections (Figure 5-40).

Figure 5-40. Network settings

The PreProcessors screen allows you to enable and disable the various preprocessors, along with setting required options (Figure 5-41).

Figure 5-41. Preprocessors

The Alerts & Logging screen allows you to enable, disable, and set the options on the assorted output plug-ins (Figure 5-42).

Figure 5-42. Alerts & Logging

The final screen, Edit Config File, allows you to directly edit the Snort configuration file by hand (Figure 5-43).

Figure 5-43. Edit Config File

In all the screens, you should set up Snort per your requirements, following the recommendations that we have provided in the other recipes in this book.

See Also

http://www.msbnetworks.net/snort

http://www.webmin.com

Administering Snort with HenWen

Категории