Snorby / Barnyard2 Install with PfSense
-
Hi All,
Can somebody point me to an up-to date guide or instructions on how install Barnyard2 and ultimately Snorby to use with Snort on PfSense?I've looked about but find the following issues:-
They also install snort - but with PfSense snort is already installed
They are way out of date
Not specific to PfSenseI've seen that barnyard2 can be installed on the same box as PfSense but it seems that Snorby cannot.
I have an Ubuntu VM spun up whereby i intended to install Barnyard2 and Snorby and point snort on PfSense to that but nearly every guide i look at assumes that snort is on the same box as Barnyard2 which in this case its not.Any help would be appreciated here.
-
I've never found a guide either. What I did was install Snorby (on Ubuntu in my case). Then you just enable Barnyard2 in the Snort setup on pfSense (provide the DB credentials and DB host). It should work, but expect periodic problems. Barnyard2 took a wrong turn (my opinion only!) with the 2.1.3 release in terms of how it interacts with a MySQL database. I so many irritating issues on my personal firewall with Barnyard2 that I just disabled it for now.
Bill
-
Ah,
Thanks Bill, so am i right in saying that you don't actually have to install Barnyard2 then? You just install Snorby on Ubuntu then point your PfSense to the Ubuntu box with Snorby running by clicking the Barnyard2 box in PfSense and filling in the details there?Thanks
-
Yes, that is correct. Barnyard2 comes as part of the Snort package on pfSense. Click the Barnyard tab for the Snort interfaces(s) you wish to use Barnyard for logging.
Bill
-
Well based on you advice i managed to get Snorby up and running, although i haven't started to connect Snort yet from PfSense.
Here is what i did so for in case it helps. Your mileage may (and probably will) vary.
cd /usr/local/bin
$ sudo apt-get install curl
$ \curl -L https://get.rvm.io | bash -s stable –ruby
source /usr/local/rvm/scripts/rvm
$ rvm get stable --autolibs=enable
$ rvm install ruby-1.9.3-p551
$ rvm --default use ruby-1.9.3apt-get install imagemagick
gem install wkhtmltopdf
gem install bundler
#apt-get install libxml2-dev
#apt-get install libxslt-dev#mysql -u root -p
create database snorby;
create user 'snorby'@'localhost' IDENTIFIED BY 'XXXXXXXXX';
grant all privileges on snorby.* to 'snorby'@'localhost' with grant option;
FLUSH PRIVILEGES;
quit:/usr/local/bin/snorby# cd config
:/usr/local/bin/snorby/config# cp database.yml.example ./database.yml
:/usr/local/bin/snorby/config# cp snorby_config.yml.example ./snorby_config.yml
<edited database.yml,="" changing="" username="" to="" snortuser,="" password="" snortuser's="" pw=""><edited snorby_config.yml,="" changing="" domain="" to="" localhost:3000="">#nano GemfileREMOVE LINE - gem 'devise_cas_authenticatable', :git => 'https://github.com/Snorby/snorby_cas_authenticatable.git'
ADD LINE - gem 'devise_cas_authenticatable', '~> 1.5'#bundle install
#bundle exec rake snorby:setup
#bundle exec rails server -e production</edited></edited>