699 ps aux | grep mysql 700 kill25800 701 kill 25800 702 ps aux | grep mysql 703 kill 25831 704 , ok 705 yum update 706 cd /etc/sysconfig/network-scripts/ 707 ls 708 vi ifcfg-eth0 709 vi ifcfg-eth1 710 service network restart 711 vi ifcfg-eth1 712 ifconfig -a 713 vi ifcfg-eth1 714 ls 715 mv ifcfg-Auto_eth1 ifcfg-eth1 716 service network restart 717 ifconfig -a 718 ls 719 vi ifcfg-eth0 720 vi ifcfg-eth1 721 service network restart 722 ifconfig -a 723 yum install sqlite-devel 724 yum install libyaml 725 gem install libyaml 726 cd /support 727 ls 728 wget http://dl.dropbox.com/u/38088/wkhtmltopdf 729 ls -al 730 chmod 733 wkhtmltopdf 731 ls -al 732 chmod 744 wkhtmltopdf 733 ls -al 734 cp wkhtmltopdf /usr/bin/ 735 cd /var/www 736 ls 737 mkdir -p /var/www/snorby 738 adduser --system --home /var/www/snorby --no-create-home --group --shell /bin/bash snorby 739 adduser --system --home /var/www/snorby --no-create-home --group snorby --shell /bin/bash snorby 740 usermod -a -G snorby www-data 741 adduser --system --home /var/www/snorby --no-create-home --shell /bin/bash snorby 742 usermod -a -G snorby www-data 743 usermod -a -G snorby snorby 744 users 745 usermod 746 adduser 747 useradd 748 usermod -G snorby 749 rpm -qa | grep http 750 rpm -qa | grep apache 751 service httpd status 752 chkconfig httpd on 753 service httpd status 754 service start httpd 755 service httpd start 756 usermod -a -G apache snorby 757 ls 758 git clone http://github.com/Snorby/snorby.git /var/www/snorby && cd /var/www/snorby 759 ls 760 bundle update 761 gem install nokogiri -v 1.5.5 762 bundle update 763 bundle pack 764 bundle install --path vendor/cache 765 ls -al 766 cd .. 767 ls -al 768 cd .. 769 ls -al 770 cd www/snorby 771 chown -R apache:apache /var/www/snorby 772 service apache restart 773 service httpd restart 774 ls 775 vi /var/www/snorby/config/database.yml 776 ls ./config 777 vi ./config/database.yml.example 778 mv ./config/database.yml.example ./config/database.yml 779 ls 780 ls ./config 781 pwd 782 ls ./config/initializers/ 783 vi ./config/initializers/mail_config.rb 784 vi ./config/snorby_config.yml.example 785 rake snorby:setup RAILS_ENV=production 786 bundle exec rake snorby:setup RAILS_ENV=production 787 mv ./config/snorby_config.yml.example ./config/snorby_config.yml 788 bundle exec rake snorby:setup RAILS_ENV=production 789 mysql -u snort -p -D snort -e "select count(*) from event" 790 mysql -u root -p -D snort -e "select count(*) from event" 791 yum install httd-devel apr-devel apr-util-devel 792 yum install httpd-devel apr-devel apr-util-devel 793 ls /var/www/ 794 ls /var/www/html 795 ls /etc/httpd/conf/ 796 vi /etc/httpd/conf/httpd.conf 797 touch /etc/httpd/conf.d/passenger.conf 798 echo "LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17/ext/apache2/mod_passenger.so" > /etc/httpd/conf.d/passenger.conf 799 echo "" > /etc/httpd/conf.d/passenger.conf 800 echo "PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17" >> /etc/httpd/conf.d/passenger.conf 801 echo "PassengerRuby /usr/local/bin/ruby" >> /etc/httpd/conf.d/passenger.conf 802 cat /etc/httpd/conf.d/passenger.conf 803 echo "LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17/ext/apache2/mod_passenger.so" > /etc/httpd/conf.d/passenger.conf 804 cat /etc/httpd/conf.d/passenger.conf 805 echo "" >> /etc/httpd/conf.d/passenger.conf 806 echo "PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17" >> /etc/httpd/conf.d/passenger.conf 807 echo "PassengerRuby /usr/local/bin/ruby" >> /etc/httpd/conf.d/passenger.conf 808 cat /etc/httpd/conf.d/passenger.conf 809 a2enmod passenger 810 yum install a2enmod 811 ifconfig -a 812 service httpd restart 813 ps -ef | grep httpd 814 cd /var/www 815 ls 816 cd snorby/ 817 ls 818 bundle install 819 bundle pack 820 bundle install --path vendor/cache 821 ls -al /var/www/snorby 822 ls -al /var/www 823 service httpd restart 824 cd /support 825 wget http://pulledpork.googlecode.com/files/pulledpork-0.5.0.tar.gz 826 wget http://pulledpork.googlecode.com/files/pulledpork-0.6.1.tar.gz 827 tar -zxf pulledpork-0.6.1.tar.gz && cd pulledpork-0.6.1 828 cp pulledpork.pl /usr/local/bin && cp etc/*.conf /etc/snort 829 vi /etc/snort/pulledpork.conf 830 echo pcre:fwsam >> /etc/snort/disablesid.conf 831 vi /etc/snort/modifysid.conf 832 /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 833 vi /usr/local/bin/pulledpork.pl 834 perl -MCPAN -e shell 'install LWP::Simple' 835 perl 836 perl -MCPAN -e shell 837 yum install perl-CPAN 838 perl -MCPAN -e shell 'install LWP::Simple' 839 /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 840 perl -MCPAN -e shell 'install LWP::UserAgent' 841 /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 842 perl -MCPAN -e shell 843 /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 844 vi /etc/snort/rules/local.rules 845 vi /etc/snort/snort.conf 846 mysql -u root -p 847 touch /etc/snort/bylog.waldo 848 ping 4.2.2.2 849 ping localhost 850 ping 10.10.1.73 851 mysql -u snort -p -D snort -e "select count(*) from event" 852 /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf \ -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo \ -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map \ -C /etc/snort/classification.config & 853 cd /support/firnsy-barnyard2-2f5d496/ 854 ls 855 cp rpm/barnyard2 /etc/init.d/ 856 chmod +x /etc/init.d/barnyard2 857 ls /etc/sysconfig/ | grep barn 858 ls /etc/sysconfig/ 859 ls /var/log/barnyard2/ 860 ls /var/log/snort 861 touch /var/log/snort/barnyard2.waldo 862 cp /tmp/sid-msg.map /etc/snort/ 863 ls /etc/snort 864 ls -al /var/log 865 chmod 666 /var/log/barnyard2/ /var/log/snort/ 866 ls -al /var/log 867 ls /etc/snort/ 868 vi /etc/snort/barnyard2.conf 869 which barnyard2 870 cd /usr/local/bin 871 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo 872 mysql -u root -p 873 vi /etc/snort/snort.conf 874 pwd 875 ls snort 876 snort -V 877 vi /etc/snort/barnyard2.conf 878 pwd 879 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo 880 ps aux | grep mysql 881 service mysqld status 882 service mysqld stop 883 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=snort --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 884 ps aux | grep mysql 885 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=snort --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 886 /usr/libexec/mysqld --user=snort --basedir=/usr --datadir=/var/lib/mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 887 mysql_upgrade 888 /usr/libexec/mysqld --user=snort --basedir=/usr --datadir=/var/lib/mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 889 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 890 service mysqld start 891 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo 892 service mysqld stop 893 /usr/bin/mysql_secure_installation 894 service mysqld start 895 /usr/bin/mysql_secure_installation 896 mysql -u root -p 897 service mysqld status 898 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo 899 ifconfig 900 ifconfig -a 901 ifconfig eth1 902 ifconfig eth0 903 ifconfig eth2 904 ifconfig eth2 199.124.105.44 netmask 255.255.255.240 905 ping 199.123.105.34 906 ping 199.123.105.46 907 route 908 ifconfig eth2 199.123.105.44 netmask 255.255.255.240 909 route 910 ping 199.123.105.46 911 ping 199.123.105.34 912 ping 199.123.105.35 913 ping 199.123.105.33 914 route 915 exit 916 chkconfig 917 chkconfig vncserver status 918 chkconfig vncserver --status 919 ps -eaf 920 ps -eaf | grep vncserver 921 ps -eaf | grep vnc* 922 vncserver /? 923 vncserver -list 924 vncserver -kill 1,2 925 vncserver -kill :1,:2 926 vncserver -kill :1 :2 927 vncserver -kill :2 928 kill 2374 929 kill 2105 930 vncserver -kill :2 931 vncserver :1 932 vnserver :2 933 vncserver :2 934 ls /var/log/snort 935 history [root@snort ~]# clear [root@snort ~]# history 1 cd /etc/sysconfig 2 ls 3 vi network 4 reboot 5 shutdown -h now 6 cd /etc 7 ls 8 cd sysconfig 9 ls 10 vi networking 11 vi network 12 cd network-scripts/ 13 ls 14 vi ifcfg-eth0 15 reboot 16 cd /etc 17 cd sysconfig/network-scripts/ 18 vi ifcfg-eth0 19 ifup eth0 20 reboot 21 ipconfig 22 ifconfig 23 reboot 24 ifconfig 25 shutdown -H now 26 ifconfig 27 more /etc/modporobe 28 more /etc/modporobe.conf 29 mor e/etc/modprobe.conf 30 more /etc/modprobe.conf 31 cd /etc 32 ls 33 ls mo* 34 cd /sys/class/net/ 35 ls 36 more eth2 37 cd eth2 38 ls 39 system-config-network-tui 40 /etc/system-config-network-tui 41 cd /etc/sysconfig/networking/profiles 42 ls 43 cd default 44 ls 45 cd /etc 46 ls 47 more netconfig 48 ls 49 cd sysconfig 50 ls 51 cd netowrking 52 cd networking 53 ls 54 cd devices 55 ls 56 cd .. 57 cd profile 58 cd /sys/class/net/ 59 ls 60 more eth2 61 cd eth2 62 ls 63 cd queues 64 ls 65 cd .. 66 ls 67 ifconfig -a 68 ls 69 cd .. 70 yum remove bioddevname 71 yum remove biodevname 72 cd /etc/sysconfig/network-scriplts 73 cd /etc/sysconfig/network-scripts 74 ls 75 more ifcfg-eth0 76 vi /etc/udev/rules/70-persistent-net.rules 77 cd /etc/udev 78 ls 79 cd rules.d/ 80 ls 81 vi 70-persistent-net.rules 82 cd /etc/sysconfig/network-scripts 83 ls 84 vi ifcfg-eth0 85 reboot 86 ifconfig 87 cd /etc/udev/rules.d/ 88 ls 89 more 70-persistent-net.rules 90 ifup eth0 91 ifconfig 92 cd /etc 93 ls 94 cd sysconfig 95 ls 96 cd network-scripts 97 ls 98 vi ifcfg-eth0 99 reboot 100 ifconfig 101 vi /etc/sysconfig/network-scripts 102 cd /etc/sysconfig/network-scripts 103 ls 104 vi ifcfg-eth0 105 ifdown eth0 106 ifup eth0 107 ifconfig 108 ping 10.10.1.1 109 ping www.google.com 110 cd /etc 111 vi resolv.conf 112 ping www.google.com 113 ping 10.10.1.1 114 vi network 115 ls 116 cd sysconfig 117 vi network 118 service netowrk restart 119 service network restart 120 ping www.google.com 121 exit 122 ifconfig 123 ifconfig -a 124 cd sysconfig 125 cd /etc/sysconfig 126 ls 127 cd network-scripts 128 ls 129 more ifcfg-eth0 130 vi ifcfg-eth0 131 ifup eht0 132 ifconfig -a 133 cp ifcfg-eth0 ifcfg-eth1 134 rm ifcfg-eth0 135 ifup eth1 136 vi ifcfg-eth1 137 ifup eth1 138 exit 139 cd /etc/sysconfig/network-scripts/ 140 ls 141 vi ifcfg-eth0 142 vi ifcfg-eth1 143 service network restart 144 ls 145 vi /etc/udev/rules.d/70-persistent-net.rules 146 service network restart 147 vi /etc/udev/rules.d/70-persistent-net.rules 148 vi ifcfg-eth0 149 vi ifcfg-eth1 150 service network restart 151 vi ifcfg-eth0 152 vi /etc/sysconfig/network 153 vi ifcfg-eth1 154 ifconfig eth2 down 155 ifconfig eth2 up 156 ifconfig --help 157 service network restart 158 init 6 159 ifconfig -a 160 cd /etc/sysconfig/network-scripts/ 161 ls 162 cat ifcfg-eth1 163 cp ifcfg-eth1 ifcfg-eth0 164 cat /etc/sysconfig/network 165 ls 166 ifconfig -a 167 cat /etc/inittab 168 startx 169 start x 170 yum grouplist 171 yum groupinfo Base 172 yum groupinstall Base -x wireless-tools 173 vi /etc/yum/pluginconf.d/subscription-manager.conf 174 yum clean all 175 yum groupinstall Base 176 yum group install "System administration utilities" 177 yum group install "System administration tools" 178 yum groupinstall "System administration tools" 179 yum groupinfo "System administration tools" 180 yum groupinfo "X Window System" 181 yum groupinstall "X Window System" 182 yum install system-config* 183 ping bc151718 184 cat /etc/inittab 185 startx 186 runlevel 187 keyes 188 gedit & 189 yum install gedit 190 init 3 191 runlevel 192 yum groupinfo "Remote Desktop Clients" 193 yum groupinstall "Remote Desktop Clients" 194 yum --setopt=group_package_types=optional groupinstall "Remote Desktop Clients" 195 yum groupinfo Desktop 196 yum groupinstall Desktop -x pulseaudio* 197 yum groupinfo Desktop 198 yum groupinstall Desktop -x alsa-plugins-pulseaudio -x pulseaudio-module-* 199 yum groupinstall "System administration tools" 200 cat /etc/inittab 201 init 6 202 vi /etc/sysconfig/network-scripts/ifcfg-eth1 203 yum update 204 yum clean all 205 yum update 206 yum repolist 207 rhn_register 208 yum update 209 yum grouplist 210 init 5 211 runlevel 212 init 3 213 runlevel 214 runlevel --help 215 yum grouplist 216 runlevel 217 vncviewer localhost:5900 218 vncviewer localhost:5901 219 vncviewer localhost:0 220 vncviewer localhost:1 221 vncviewer localhost:5900 222 vncviewer localhost 223 vncviewer localhost:5900 224 vncviewer localhost:5901 225 vncviewer localhost:5902 226 vncviewer localhost:2 227 vncviewer snort:5902 228 yum install vnc vnc-server 229 yum packageinfo vnc 230 yum --help 231 yum info vnc 232 yum list vnc 233 yum info vnc-server 234 yum search vnc 235 which vnc 236 which vncviewer 237 vncviewer -v 238 yum groupinfo "GNOME Desktop Environment" 239 pwd 240 ls 241 vncpasswd 242 ls .vnc/ 243 runlevel 244 history 245 chkconfig vncserver 246 chkconfig vncserver status 247 chkconfig --list | grep vncserver 248 chkconfig vncserver on 249 chkconfig --list | grep vncserver 250 init 6 251 cat /etc/inittab 252 vi /etc/sysconfig/vncservers 253 ls 254 ls ./ 255 ls . 256 ls .* 257 vi /etc/sysconfig/vncservers 258 service vncserver start 259 service vncserver stop 260 vi .vnc/xstartup 261 service vncserver start 262 ifconfig -a 263 runlevel 264 init 265 init --help 266 vi .vnc/xstartup 267 vi /etc/sysconfig/vncservers 268 service vncserver restart 269 tail /root/.vnc/snort:1.log 270 vi /etc/sysconfig/vncservers 271 service vncserver restart 272 vi /etc/sysconfig/vncservers 273 service vncserver restart 274 vi /etc/sysconfig/vncservers 275 service vncserver restart 276 service vncserver stop 277 vi /etc/sysconfig/vncservers 278 service vncserver start 279 tail /root/.vnc/snort:2.log 280 les /root/.vnc/snort:2.log 281 less /root/.vnc/snort:2.log 282 vncviewer localhost:5903 283 vncviewer localhost:3 284 vncviewer localhost:5903 285 vncviewer localhost:3 286 vncviewer localhost:5903 287 vncviewer snort:3 288 service vncserver status 289 vncviewer localhost:5902 290 vncviewer localhost:5901 291 vncviewer localhost:5902 292 vncviewer localhost:5901 293 vncviewer localhost:5902 294 bg 295 vncviewer localhost:3 296 vncviewer localhost:2 297 vi /etc/sysconfig/vncservers 298 service vncserver restart 299 useradd sysman 300 passwd sysman 301 vi /etc/passwd 302 vi /etc/sysconfig/vncservers 303 su sysman 304 service vncserver restart 305 vi /etc/sysconfig/vncservers 306 service vncserver stop 307 service vncserver start 308 vncviewer localhost:3 309 vncserver kill :1 310 vncserver -kill :1 311 vncserver -kill :2 312 vncserver :1 313 vncserver :2 314 service vncserver stop 315 vncserver -kill :1 316 vncserver -kill :2 317 vncserver -kill :3 318 vi /etc/sysconfig/vncservers 319 service vncserver start 320 vncserver :1 321 cat /root/.vnc/snort:2.log 322 ifconfig -a 323 pwd 324 vi /etc/sysconfig/network-scripts/ifcfg-eth1 325 wget --help 326 ls /usr/local 327 apt-get 328 yum install apt* 329 git 330 yum install git 331 host pse5 332 yum update 333 ps aux|grep yum 334 who 335 yum update 336 kill 20627 337 yum update 338 kill -9 20627 339 yum update 340 ifconfig -a 341 history 342 vi /etc/sysconfig/vncservers 343 service vncserver status 344 service vncserver restart 345 vncserver :1 346 nmap localhost 347 yum install nmap 348 nmap localhost 349 apt-get 350 yum install apt-get 351 yum install apache2 libapache2-mod-php5 libwww-perl mysql-server mysql-common mysql-client php5-mysql libnet1 libnet1-dev libprcre3 libpcre3-dev autoconf libcrypt-ssleay-perl libmysqlclient-dev php5-gd php-pear libphp-adodb php5-cli libtool libssl-dev gcc-4.4 g++ automake gcc make flex bison apache2-doc ca-certificates vim 352 yum install libnet libdnet daq adodb 353 yum install gcc gcc-c++ patch libxml2 libxml2-devel 354 yum update 355 init 6 356 service vncserver status 357 vncserver :1 358 yum install pcre pcre-devel php php-common php-gd php-cli php-mysql flex bison php-pear-Numbers-Roman php-pears-Image-Graph libpcap libpcap-devel mysql mysql-devel mysql-bench mysql-server wget 359 yum install pcre pcre-devel php php-common php-gd php-cli php-mysql flex bison php-pear-Numbers-Roman php-pears-Image-Graph libpcap libpcap-devel mysql mysql-devel mysql-bench mysql-server wget php-pears* 360 yum install libdnet 361 yum install libnet 362 yum install zlib 363 yum install tcpdump 364 rpm -qa | grep -i "dnet" 365 wget 366 wget --help 367 pwd 368 cd /usr/local/src 369 wget http://pkgs.repoforge.org/libdnet/libdnet-1.11-1.2.el6.rf.x86_64.rpm 370 wget http://pkgs.repoforge.org/libdnet/libdnet-devel-1.11-1.2.el6.rf.x86_64.rpm 371 ls 372 yum local install libdnet-1.11-1.2.el6.rf.x86_64.rpm 373 yum --help 374 wget http://pkgs.repoforge.org/libdnet/libdnet-devel-1.11-1.2.el6.rf.i686.rpm 375 wget http://pkgs.repoforge.org/libdnet/libdnet-1.11-1.2.el6.rf.i686.rpm 376 rpm -qa | grep -i "dnet" 377 cd /support 378 ls 379 wget http://snort.org/dl/snort-current/daq-1.1.1.tar.gz 380 ls 381 tar --help 382 tar -zvf daq-1.1.1.tar.gz\?AWSAccessKeyId\=AKIAJJSHU7YNPLE5MKOQ\&Expires\=1349451978\&Signature\=nrWSrD9L1MgC3b%2FBCG5edCVFz8U\= 383 tar -xvf daq-1.1.1.tar.gz\?AWSAccessKeyId\=AKIAJJSHU7YNPLE5MKOQ\&Expires\=1349451978\&Signature\=nrWSrD9L1MgC3b%2FBCG5edCVFz8U\= 384 cd daq-1.1.1 385 vi os-daq-modules/daq_pcap.c 386 vi --help 387 vi os-daq-modules/daq_pcap.c +219 388 wget http://snort.org/dl/snort-current/snort-2.9.3.1.tar.gz 389 ls 390 mv snort-2.9.3.1.tar.gz\?AWSAccessKeyId\=AKIAJJSHU7YNPLE5MKOQ\&Expires\=1349452439\&Signature\=1LinaqX8KEKWTdPiTMvXT5eHoe8\= ..\snort-2.9.3.1.tar.gz 391 cd .. 392 ls 393 cd daq 394 cd daq-1.1.1 395 ls 396 cd .. 397 ls 398 cd .. 399 ls 400 pwd 401 cd support 402 ls 403 wget http://snort.org/dl/snort-current/snort-2.9.3.1.tar.gz 404 ls 405 mv snort-2.9.3.1.tar.gz\?AWSAccessKeyId\=AKIAJJSHU7YNPLE5MKOQ\&Expires\=1349452628\&Signature\=Ed5AQ52zTh%2FtiAT8vN5QvotHZjw\= snort-2.9.3.1.tar.gz 406 ls 407 cd daq-1.1.1 408 ./configure 409 make && make install 410 echo >> /etc/ld.so.conf /usr/lib && ldconfig 411 cd .. 412 ls 413 tar -zvf snort-2.9.3.1.tar.gz 414 tar -xzvf snort-2.9.3.1.tar.gz 415 cd snort-2.9.3.1 416 ./configure --with-mysql --enable-dynamicplugin --enable-perfprofiling --enable-ipv6 --enable-zlib --enable-gre --enable-reload --enable-linux-smp-stats 417 ./configure --with-mysql --enable-dynamicenable-mysql --enable-perfprofiling --enable-ipv6 --enable-zlib --enable-gre --enable-reload --enable-linux-smp-stats 418 ./configure --enable-mysql --enable-dynamicplugin --enable-perfprofiling --enable-ipv6 --enable-zlib --enable-gre --enable-reload --enable-linux-smp-stats 419 ./configure --with-mysql --enable-dynamicplugin --enable-perfprofiling --enable-ipv6 --enable-zlib --enable-gre --enable-reload --enable-linux-smp-stats 420 make && make install 421 mkdir /etc/snort /etc/snort/rules /var/log/snort /var/log/baryard2 /usr/local/lib/snort_dynamicrules 422 groupadd snort && useradd -g snort snort 423 rm -rf /var/log/baryard2 424 mkdir /var/log/barynyard2 425 chown snort:snort /var/log/snort /var/log/barynyard2 426 cp /support/snort-2.9.3.1/etc*.conf* /etc/snort 427 cp /support/snort-2.9.3.1/etc/*.conf* /etc/snort 428 cp /support/snort-2.9.3.1/etc/*.map /etc/snort 429 vi /etc/snort/snort.conf 430 vi /etc/snort/rules/local.rules 431 /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 432 /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 433 vi /etc/snort/snort.conf 434 /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 435 touch /etc/snort/rules/white_list.rules 436 touch /etc/snort/rules/black_list.rules 437 /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 438 init 6 439 ifconfig -a 440 vncserver:1 441 vncserver :1 442 ifconfig -a 443 ifconfig 444 ifconfig -a 445 ifconfig eth2 199.123.105.45 netmask 255.255.255.240 446 ifconfig eth2 447 ping 199.123.105.34 448 ping 199.123.105.46 449 ssh root@199.123.105.33 450 ping 199.123.105.45 451 ifconfig 452 ifconfig eth2 199.123.105.45 netmask 255.255.255.240 453 ping 199.123.105.45 454 ping 199.123.105.46 455 ifconfig 456 ifconfig eth0 457 ping 10.10.1.10 458 ifconfig 459 ifconfig eth3 131.92.132.154 netmask 255.255.252.0 460 ping 131.92.132.74 461 ifconfig 462 ifconfig eth2 463 ping 199.123.105.46 464 ping 199.123.105.45 465 ping 199.123.105.46 466 ping 199.123.105.45 467 ping 199.123.105.46 468 ping 199.123.105.34 469 ping 199.123.105.35 470 ping 199.123.105.45 471 ping 199.123.105.46 472 ifconfig eth3 473 ifcofnig 474 ifconfig 475 ping 199.123.105.34 476 ping 199.123.105.35 477 yum update 478 mysql -u root -p 479 mysqladmin -u root password 'cgi2012SNORT' 480 mysqladmin -u root -p'J29:11FIktpIhfy,' password 'cgi2012SNORT' 481 mysql -u root -p 482 mail 483 mail -s "test" mark.a.cass2.ctr () mail mil 484 echo "this is a test" | mail -s "test" mark.a.cass2.ctr () mail mil 485 ls /usr/local 486 pwd 487 cd / 488 locate email.yml* 489 mail -s "test e-mail from snort server" jason.k.collins10.ctr () mail mil 490 perl -MCPAN -e shell 491 /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 492 /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 493 /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 494 mysql -u root -p 495 service mysql 496 service mysqld 497 service mysqld status 498 service mysqld start 499 mysql -u root -p 500 mysqladmin -u root password 'J29:11FIktpIhfy,' 501 mysql -u root -p 502 which snort 503 whereis snort 504 ls /etc/snort 505 snort -T -i eth1 -u snort -g snort -c /etc/snort/snort.conf 506 rhn_register 507 more /etc/yum/pluginconf.d/subscription-manager.conf 508 yum update 509 history 510 pwd 511 cd /support 512 ls 513 wget https://github.com/firnsy/barnyard2/tarball/master 514 yum install ark 515 yum install archive manager 516 yum search ark* 517 yum search ark 518 yum search archive 519 tar -xvf firnsy-barnyard2-v2-1.10-0-g2f5d496.tar.gz . 520 tar -zvf firnsy-barnyard2-v2-1.10-0-g2f5d496.tar.gz . 521 tar -xzvf firnsy-barnyard2-v2-1.10-0-g2f5d496.tar.gz . 522 tar -xzvf firnsy-barnyard2-v2-1.10-0-g2f5d496.tar.gz 523 mysql -u root -p 524 mysql -u root -p < /support/firnsy-barnyard2-2f5d496/schemas/create_mysql snort 525 mysql -u root -p 526 bind-address 527 vi /etc/mysql/my.cnf 528 ls /etc/mysql 529 ls 530 cd firnsy-barnyard2-2 531 cd firnsy-barnyard2-2f5d496/ 532 ls 533 cd etc/mysql 534 cd etc 535 ls 536 cd ../schemas 537 ls 538 vi /etc/my.cnf 539 ls -al /var/run/mysqld/mysqld.pid 540 yum install g++ 541 yum install gcc 542 rpm -qa | grep ++ 543 yum install build-essential 544 rpm -qa | grep build 545 rpm -qa | grep essential 546 rpm -qa | grep libssl 547 yum install libssl-dev 548 yum search libssl 549 yum search lib 550 yum search lib ssl 551 yum search zlib 552 yum install zlib* 553 rpm -qa | grep ruby 554 cd .. 555 wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p194.tar.gz 556 yum update 557 ls 558 tar -xzvf ruby-1.9.3-p194.tar.gz 559 cd ruby-1.9.3-p194 560 ./configure 561 make && make install 562 yum install imagemagick git-core libmysqlclient-dev libmagicwand-dev 563 yum install ImageMagick git-core libmysqlclient-dev libmagicwand-dev 564 yum install mysqlclient-dev 565 yum search mysqlclient-dev 566 yum search mysqlclien 567 yum search mysqlclient* 568 yum search mysql* 569 yum search *mysql* 570 rpm -qa | grep mysql 571 yum search magicwand 572 yum install libMagicWand 573 yum install libMagicWand.so.2 574 yum install libMagickWand.so.2 575 yum install libMagickWand-dev 576 yum install libMagickWand 577 yum install libmysqlclient.so 578 yum install libmysqlclient.so.16 579 yum install ImageMagick git-core libMagickWand-dev 580 yum install ImageMagick git-core libMagickWand.so.2 581 wget http://dl.dropbox.com/u/38088/wkhtmltopdf 582 ls 583 mv wkhtmltopdf ../ 584 ls 585 cd .. 586 ls 587 wk 588 wkhtmltopdf 589 ./wkhtmltopdf 590 chown 0:0 wkhtmltopdf 591 ./wkhtmltopdf 592 ls -al 593 chmod 755 wkhtmltopdf 594 ls 595 ls -al 596 ./wkhtmltopdf 597 mkdir wkhtmltopdf 598 wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.11.0_rc1.tar.bz2 599 yum update 600 ls 601 gem 602 gem install tzinfo builder memcache-client rack rack-test erubis mail text-format bundler thor il8n sqlite3-ruby 603 gem port install sqlite3 +universal 604 port 605 gem install sqlite3 +universal 606 gem install i18n 607 gem --help 608 gem install rack-mount --version=0.6.0 609 gem install rails --version=3.0.5 610 gem update 611 yum install libxslt 612 yum install libxslt-devel 613 yum install libxml2-dev 614 ls 615 mail 616 ls 617 cd firnsy-barnyard2-2f5d496/ 618 ls 619 ./configure --with-mysql 620 autoconf ./configure.in 621 ls 622 cat README 623 ls 624 cat autogen.sh 625 ./autogen.sh 626 ./configure --with-mysql 627 make && make install 628 mv /usr/local/etc/barnyard2.conf /etc/snort 629 vi /etc/snort/barnyard2.conf 630 snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 & /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf \ -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo \ -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map \ -C /etc/snort/classification.config & 631 ls /var/log 632 ls /var/log/barnyard2 633 ls -al /var/log/barynyard2/ 634 cd /var/log 635 ls -al 636 mv barynyard2/ barnyard2 637 ls 638 ls -al barnyard2/ 639 vi /etc/snort/barnyard2.conf 640 yum install libcurl4-openssl-dev 641 yum install libcurl-devel 642 gem install --no-ri --no-rdoc --version 3.03 passenger 643 gem install --no-ri --no-rdoc --version 3.11 passenger 644 gem install --no-ri --no-rdoc passenger 645 /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17/bin/passenger-install-apache2-module -a 646 snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 & /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf \ -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo \ -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map \ -C /etc/snort/classification.config & 647 ps aux | grep snort 648 pkill 12684 20773 20800 20839 649 kill 12684 20773 20800 20839 650 ps aux | grep snort 651 ps aux | grep barn 652 ps aux | grep snorby 653 snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 & /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf \ -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo \ -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map \ -C /etc/snort/classification.config & 654 ls -al /etc/snort 655 chown -R snort:snort /etc/snort 656 ls -al /etc/snort 657 snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 & /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf \ -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo \ -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map \ -C /etc/snort/classification.config & 658 ps aux | grep snort 659 kill 20852 20928 660 snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 661 vi /etc/snort/snort.conf 662 snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 663 ls 664 ps aux | grep snort 665 snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth1 666 ls /var/log/snort 667 cat /var/log/snort/snort.log.1349461544 668 ls /var/www/html/ 669 ls /var/www/snorby/ 670 ls /var/www/snorby/public 671 ls /var/www/snorby/app 672 ls 673 ls barnyard2/ 674 ls snort 675 ps aux | grep mysql 676 kill 25548 677 ps aux | grep mysql 678 kill 25568 679 ps aux | grep mysql 680 kill 25584 681 ls /usr/libexec/ 682 ls /etc | grep *.cnf 683 ls /etc | grep my 684 vi /etc/my.cnf 685 cd /usr/lib/mysql/ 686 ls 687 cd plugin/ 688 ls 689 cd ../ 690 ls mysql_config 691 cat mysql_config 692 ls /var/lib/mysql/mysql/ 693 ls -al /var/lib/mysql/ 694 ls -al /var/lib/ 695 ls -al /var/lib/mysql/ 696 ls -al /var/lib/mysql/mysql/ 697 rpm -qa | grep mysql 698 vi /etc/my.cnf 699 ps aux | grep mysql 700 kill25800 701 kill 25800 702 ps aux | grep mysql 703 kill 25831 704 , ok 705 yum update 706 cd /etc/sysconfig/network-scripts/ 707 ls 708 vi ifcfg-eth0 709 vi ifcfg-eth1 710 service network restart 711 vi ifcfg-eth1 712 ifconfig -a 713 vi ifcfg-eth1 714 ls 715 mv ifcfg-Auto_eth1 ifcfg-eth1 716 service network restart 717 ifconfig -a 718 ls 719 vi ifcfg-eth0 720 vi ifcfg-eth1 721 service network restart 722 ifconfig -a 723 yum install sqlite-devel 724 yum install libyaml 725 gem install libyaml 726 cd /support 727 ls 728 wget http://dl.dropbox.com/u/38088/wkhtmltopdf 729 ls -al 730 chmod 733 wkhtmltopdf 731 ls -al 732 chmod 744 wkhtmltopdf 733 ls -al 734 cp wkhtmltopdf /usr/bin/ 735 cd /var/www 736 ls 737 mkdir -p /var/www/snorby 738 adduser --system --home /var/www/snorby --no-create-home --group --shell /bin/bash snorby 739 adduser --system --home /var/www/snorby --no-create-home --group snorby --shell /bin/bash snorby 740 usermod -a -G snorby www-data 741 adduser --system --home /var/www/snorby --no-create-home --shell /bin/bash snorby 742 usermod -a -G snorby www-data 743 usermod -a -G snorby snorby 744 users 745 usermod 746 adduser 747 useradd 748 usermod -G snorby 749 rpm -qa | grep http 750 rpm -qa | grep apache 751 service httpd status 752 chkconfig httpd on 753 service httpd status 754 service start httpd 755 service httpd start 756 usermod -a -G apache snorby 757 ls 758 git clone http://github.com/Snorby/snorby.git /var/www/snorby && cd /var/www/snorby 759 ls 760 bundle update 761 gem install nokogiri -v 1.5.5 762 bundle update 763 bundle pack 764 bundle install --path vendor/cache 765 ls -al 766 cd .. 767 ls -al 768 cd .. 769 ls -al 770 cd www/snorby 771 chown -R apache:apache /var/www/snorby 772 service apache restart 773 service httpd restart 774 ls 775 vi /var/www/snorby/config/database.yml 776 ls ./config 777 vi ./config/database.yml.example 778 mv ./config/database.yml.example ./config/database.yml 779 ls 780 ls ./config 781 pwd 782 ls ./config/initializers/ 783 vi ./config/initializers/mail_config.rb 784 vi ./config/snorby_config.yml.example 785 rake snorby:setup RAILS_ENV=production 786 bundle exec rake snorby:setup RAILS_ENV=production 787 mv ./config/snorby_config.yml.example ./config/snorby_config.yml 788 bundle exec rake snorby:setup RAILS_ENV=production 789 mysql -u snort -p -D snort -e "select count(*) from event" 790 mysql -u root -p -D snort -e "select count(*) from event" 791 yum install httd-devel apr-devel apr-util-devel 792 yum install httpd-devel apr-devel apr-util-devel 793 ls /var/www/ 794 ls /var/www/html 795 ls /etc/httpd/conf/ 796 vi /etc/httpd/conf/httpd.conf 797 touch /etc/httpd/conf.d/passenger.conf 798 echo "LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17/ext/apache2/mod_passenger.so" > /etc/httpd/conf.d/passenger.conf 799 echo "" > /etc/httpd/conf.d/passenger.conf 800 echo "PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17" >> /etc/httpd/conf.d/passenger.conf 801 echo "PassengerRuby /usr/local/bin/ruby" >> /etc/httpd/conf.d/passenger.conf 802 cat /etc/httpd/conf.d/passenger.conf 803 echo "LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17/ext/apache2/mod_passenger.so" > /etc/httpd/conf.d/passenger.conf 804 cat /etc/httpd/conf.d/passenger.conf 805 echo "" >> /etc/httpd/conf.d/passenger.conf 806 echo "PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.17" >> /etc/httpd/conf.d/passenger.conf 807 echo "PassengerRuby /usr/local/bin/ruby" >> /etc/httpd/conf.d/passenger.conf 808 cat /etc/httpd/conf.d/passenger.conf 809 a2enmod passenger 810 yum install a2enmod 811 ifconfig -a 812 service httpd restart 813 ps -ef | grep httpd 814 cd /var/www 815 ls 816 cd snorby/ 817 ls 818 bundle install 819 bundle pack 820 bundle install --path vendor/cache 821 ls -al /var/www/snorby 822 ls -al /var/www 823 service httpd restart 824 cd /support 825 wget http://pulledpork.googlecode.com/files/pulledpork-0.5.0.tar.gz 826 wget http://pulledpork.googlecode.com/files/pulledpork-0.6.1.tar.gz 827 tar -zxf pulledpork-0.6.1.tar.gz && cd pulledpork-0.6.1 828 cp pulledpork.pl /usr/local/bin && cp etc/*.conf /etc/snort 829 vi /etc/snort/pulledpork.conf 830 echo pcre:fwsam >> /etc/snort/disablesid.conf 831 vi /etc/snort/modifysid.conf 832 /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 833 vi /usr/local/bin/pulledpork.pl 834 perl -MCPAN -e shell 'install LWP::Simple' 835 perl 836 perl -MCPAN -e shell 837 yum install perl-CPAN 838 perl -MCPAN -e shell 'install LWP::Simple' 839 /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 840 perl -MCPAN -e shell 'install LWP::UserAgent' 841 /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 842 perl -MCPAN -e shell 843 /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 844 vi /etc/snort/rules/local.rules 845 vi /etc/snort/snort.conf 846 mysql -u root -p 847 touch /etc/snort/bylog.waldo 848 ping 4.2.2.2 849 ping localhost 850 ping 10.10.1.73 851 mysql -u snort -p -D snort -e "select count(*) from event" 852 /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf \ -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo \ -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map \ -C /etc/snort/classification.config & 853 cd /support/firnsy-barnyard2-2f5d496/ 854 ls 855 cp rpm/barnyard2 /etc/init.d/ 856 chmod +x /etc/init.d/barnyard2 857 ls /etc/sysconfig/ | grep barn 858 ls /etc/sysconfig/ 859 ls /var/log/barnyard2/ 860 ls /var/log/snort 861 touch /var/log/snort/barnyard2.waldo 862 cp /tmp/sid-msg.map /etc/snort/ 863 ls /etc/snort 864 ls -al /var/log 865 chmod 666 /var/log/barnyard2/ /var/log/snort/ 866 ls -al /var/log 867 ls /etc/snort/ 868 vi /etc/snort/barnyard2.conf 869 which barnyard2 870 cd /usr/local/bin 871 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo 872 mysql -u root -p 873 vi /etc/snort/snort.conf 874 pwd 875 ls snort 876 snort -V 877 vi /etc/snort/barnyard2.conf 878 pwd 879 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo 880 ps aux | grep mysql 881 service mysqld status 882 service mysqld stop 883 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=snort --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 884 ps aux | grep mysql 885 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=snort --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 886 /usr/libexec/mysqld --user=snort --basedir=/usr --datadir=/var/lib/mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 887 mysql_upgrade 888 /usr/libexec/mysqld --user=snort --basedir=/usr --datadir=/var/lib/mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 889 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock 890 service mysqld start 891 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo 892 service mysqld stop 893 /usr/bin/mysql_secure_installation 894 service mysqld start 895 /usr/bin/mysql_secure_installation 896 mysql -u root -p 897 service mysqld status 898 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo 899 ifconfig 900 ifconfig -a 901 ifconfig eth1 902 ifconfig eth0 903 ifconfig eth2 904 ifconfig eth2 199.124.105.44 netmask 255.255.255.240 905 ping 199.123.105.34 906 ping 199.123.105.46 907 route 908 ifconfig eth2 199.123.105.44 netmask 255.255.255.240 909 route 910 ping 199.123.105.46 911 ping 199.123.105.34 912 ping 199.123.105.35 913 ping 199.123.105.33 914 route 915 exit 916 chkconfig 917 chkconfig vncserver status 918 chkconfig vncserver --status 919 ps -eaf 920 ps -eaf | grep vncserver 921 ps -eaf | grep vnc* 922 vncserver /? 923 vncserver -list 924 vncserver -kill 1,2 925 vncserver -kill :1,:2 926 vncserver -kill :1 :2 927 vncserver -kill :2 928 kill 2374 929 kill 2105 930 vncserver -kill :2 931 vncserver :1 932 vnserver :2 933 vncserver :2 934 ls /var/log/snort 935 history 936 clear 937 history [root@snort ~]#