Finally getting somewere.

Got my password working and sorted out my Warning: Unknown(): open_basedir restriction in effect problem by doing the following:

In WHM turn off in Tweak Security/php open_basedir Tweak/php open_basedir Protection

php open_basedir Protection was causing my error.

I moved the acid dir from the var/www/ to usr/local/apache/htdocs/ and then changed the httpd.conf to read as follows:


Now, I did the password by doing the following:

/etc/httpd/conf/httpd.conf
#### Add the following in below the section where "Alias"'s are listed:

Alias /acid /usr/local/apache/htdocs/acid

AuthType Basic
AuthName "SnortIDS"
AuthUserFile /usr/local/apache/htdocs/acid/.htpasswd
Require user acid


Then running:
/usr/local/apache/bin/htpasswd -c .htpasswd acid
#then enter password you would like to use for acid twice

Now thats me sorted, acid up and running, htpasswd working. Now I have to find out why the graphs are not updating although I have loads of IP's and text in the alert file.

Regards.

Ok,
In acid AG Maintenance/cache and status Im getting the following:

PHP Logging level: (2039) [E_ERROR] [E_WARNING] [E_PARSE] [E_CORE_WARNING] [E_CORE_ERROR] [E_COMPILE_ERROR] [E_COMPILE_WARNING]


Anyone?

Could be the reason Im not getting any updates.

Laters

Hello,

I have installed Snort/ACID according to these instructions, and everything went as planned (except the secure login).

As detailed by a few other users, the system is not recording and details, even though I generated some manually.

Has anyone got this working, or could point me in the right direction to get it working?

Many thanks
Graeme

Thanks for the great howto. I was also having the problem of nothing logged, so I ran snort -c /etc/snort/snort.conf, and it had an error complaining about a missing unicode.map file. I copied this file from the source to the /etc/snort/ directory, and it worked like a charm after that. Thanks again for the great HowTo.

anyone got a howto for setting this up on redhat enterprise 3 ?


cheers

I followed these instructions and have it up and running on Redhat E3. The only additional thing you need to do is copy the unicode file as I stated above (not sure if this is specific to E3 or not, but mine would not work without doing it).

Hey folks...

I just did this on Redhat E3, and all seemed to go well. No errors on install.

But when I go to http://myip/acid/

I'm getting a 500 internal server error. It does prompt me for username and password, and when I enter it I get the above error.

There are no specific errors mentioned on the page, database connection, etc.

I rechecked my file edits, and they appear to be correct....

Suggestions on where to start looking for errors? Thx.

check out your apache error log. Are you sure that PHP works on your server? If so, are the include permissions set up correctly to allow you to include files from the acid directory? Just a few of the things that come to mind.

HHHmmmmm....

Thanks for the reply. Yes PHP is working. (I had tested a php script while setting up some security & anti spam measures.)

I just tried what was posted above, moving the acid directory, to /usr/local/apache/htdocs/acid then changing httpd.conf to the correct paths.

And resetting the password. However now when I try to access the page, I am not able to authenticate, and just get a 401 error, as it will not take username and password.

Ugh. Any ideas?

OK... At this point I followed ideas from both blaze64's problems, and Realist as it seemed like they were having similar problems.

I now get different errors based on the way I change the config.

I tried removing the password requirement all together, but still get a 403 forbidden error, and a 404 error.

I copied /acid/ to /usr/local/apache/htdocs/ and still get a 404.

I most recently tried this in my httpd.conf

Alias /acid "/usr/local/apache/htdocs/acid"

AuthType Basic
AuthName "SnortIDS"
Order allow,deny
Allow from all
#AuthUserFile /usr/local/apache/acid .htpasswd
#Require user acid



And here's what I get:

Forbidden
You don't have permission to access /acid/acid_main.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I'm wondering if trying to password protect this in different directories, have I caused some problems?!?

I tried this:

Alias /acid "/usr/local/apache/htdocs/acid"

AuthType Basic
AuthName "SnortIDS"
AuthUserFile /usr/local/apache/htdocs/acid/.htpasswd
Require user acid


But it wont accept my password. After several tries I get a 401 bad password error.

Help!?!

Everything went smoothly during the install... no errors, database was built OK, I just cant get to http://myipaady/acid/ no matter what I do!

OK...

For some reason it looks like a permissions problem for the acid directory, reguardless of where I point it.

I created an alias to a new directory on /usr/local/apache/htdocs/
and it worked fine. I corrected to point to the acid directory, and got a permissions error.

I then removed acid completely from /usr/local/apache/htdocs/, removed the entry from httpd.conf and tried the acid directory... I got the normal 404 error.

So far so good...

(I had been restarting httpd in betwwen changes FYI)

I again placed acid in /usr/local/apache/htdocs/ and added the following to httpd.conf


AuthType Basic
AuthName "SnortIDS"
Order allow,deny
Allow from all



which should allow access to acid, without requiring a password, right.

Nope... I get a permission denied error, stating I do not have rights to the directory.

So... Where is it looking for permissions for acid that I have missed? Is it trying to authenticate from my original install when it was in /var/www/http/ ??

Any input is appreciated.

BTW... it looks like snort is actually working, when I check the /snort/ directory, I see several IP's, and when I look at alerts, I can see a BUNCH. However I am not getting alerts e-mailed to me. Is this from Acid not being completed, or for another reason?

Thanks again.

I dont have libmysqlclient, can I just wget it and put it in the directory, or is there configuring to do?

Does this guide still work for cPanel using RedHat Enterprise 3/4 ??

Thanks.

How to install the v2.6.0 in the cPanel servers ?