Ubuntu 11.10 by Andrea Modesto Rossi

mephux edited this page Feb 27, 2012 · 4 revisions


Snorby is a Ruby on Rails based frontend for IDS such as snort.

This tutorial explains how to install Snorby 2.3.10 from sources on a Ubuntu 11.10 (32bit) Linux Box

Snorby Requirements

* Ruby >= 1.9.2
* Rails >= 3.0.0
* ImageMagick >= 6.6.4-5

Install dependencies / prerequisites for Snorby

  1. Fresh Installation of Ubuntu 11.10 with OpenSSH e LAMP(both apache2 and mysql) packages;

  2. Make sure your system is up to date :

    apt-get update && apt-get upgrade

  3. Install some prerequisites available from the packages:

    apt-get install git-core default-jre

  4. Reboot the Server


  5. Install required packages:

    apt-get install imagemagick libmagickwand-dev wkhtmltopdf

    apt-get install gcc g++ build-essential libssl-dev libreadline-gplv2-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt1-dev libxml2-dev libmysqlclient-dev libmysql++-dev


Download and install Ruby (1.9.2):

cd /usr/local/src/
wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.2-p290.tar.gz
tar xvzf ruby-1.9.2-p290.tar.gz
ln -s ruby-1.9.2-p290 ruby
rm -rf ruby-1.9.2-p290.tar.gz
chown root:root -R ruby-1.9.2-p290/
cd ruby/
make install
cd /usr/local/src/ruby/ext/openssl
ruby extconf.rb
make && make install

Run "ruby – v" and verify that it returns the correct version :

 cd /usr/local/src/ruby && ruby -v 
  ruby 1.9.2p290 (2011-07-09 revision 32553) [i686-linux]



Install dependencies (including Rails) with gem:

    cd /usr/local/src/ruby
gem install thor i18n bundler tzinfo builder memcache-client rack rack-test erubis mail text-format sqlite3
gem install rack-mount 
gem install rails
gem install rake

Run "rails – v" and verify that it returns the correct version :

rails -v
  Rails 3.1.1 


Install rubygems:

gem install rubygems-update

Edit and change data format field (line 9) from "2011-09-18 00:00:00.000000000Z" to "2011-09-18" in these 2 files:

- /usr/local/lib/ruby/gems/1.9.1/specifications/json-1.6.1.gemspec
- /usr/local/lib/ruby/gems/1.9.1/specifications/tilt-1.3.3.gemspec

Update rubygems:


Installation of Snorby

bundle install

Download snorby source files:

cd /var/www/
git clone http://github.com/Snorby/snorby.git

Then edit database information and change the password to access your mysql server:

 vi /var/www/snorby/config/database.yml

Edit the snorby configuration file: /var/www/snorby/config/snorby_config.yml and change the path of the wkhtmktopdf script:

    sed -i s/"\/usr\/local\/bin\/wkhtmltopdf"/"\/usr\/bin\/wkhtmltopdf"/g /var/www/snorby/config/snorby_config.yml

If needed, change the production configuration for your environment (Domain Name and mail sender options).

Install all required dependencies as specified in Gemfile:

 bundle install --deployment

Then install Snorby by issuing:

rake snorby:setup

Installation of PASSENGER

Install following dependencies:

apt-get install apache2-prefork-dev libcurl4-openssl-dev
    chown www-data:www-data /var/www/snorby -R

Install passenger module for apache2

gem install passenger

Add these lines at the end of the file /etc/apache2/apache2.conf:

Edit Apache configuration file, and add these lines:

LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.9/ext/apache2/mod_passenger.so PassengerRoot /usr/local/lib/ruby/gems/1.9.1/passenger-3.0.9 PassengerRuby /usr/local/bin/ruby

Integrate Snorby with Apache

We want the snorby frontend to be reachable using virtualhost supersic-58.darkstar.ros :

Create a file "supersic-58" under /etc/apache2/sites-available :

# vi /etc/apache2/sites-available/supersic-58

And modify it as follows:

<VirtualHost *:80>
        ServerAdmin amrossi@darkstar.ros
        ServerName supersic-5b.darkstar.ros
        DocumentRoot /var/www/snorby/public

        <Directory "/var/www/snorby/public">
                AllowOverride all
                Order deny,allow
                Allow from all
                Options -MultiViews


Enable the new web site:

# ln -s /etc/apache2/sites-available/supersic-58 /etc/apache2/sites-enabled/supersic-58

Apply changes by restarting Apache:

# /etc/init.d/apache2 restart