Add entry for iptables and correct permissions in CentOS

[sniglet]

A clean install on a CENTOS box required the following additional steps to reach snortreport remotely using a web browser:

chown -R apache /var/www

And the following entry in /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

[da667]

So, did you get the script to work or was this after manually running the
create schema script?

There's supposed to be an option to run chcon and enable short open tags in
the script after it asks you for the snort database user password. This
fixes permissions and page render problems. As for the firewall,
configure-firewall-tui is a simpler way to allow port 80 inbound. Centos
firewall is pretty restrictive by default.
On Feb 27, 2013 1:17 PM, "sniglet" [email protected] wrote:

A clean install on a CENTOS box required the following additional steps to
reach snortreport remotely using a web browser:

chown -R apache /var/www

And the following entry in /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/10
.

[sniglet]

The script worked after I hard coded the barnyard version into it (instead
of barnyard2* )

After the script completed, I attempted to hit the page once, then applied
apache perms to /etc/www, failed accessing the page again, then applied the
changes to iptables, it was successful at that point.

On Wednesday, February 27, 2013, da_667 wrote:

So, did you get the script to work or was this after manually running the
create schema script?

There's supposed to be an option to run chcon and enable short open tags
in
the script after it asks you for the snort database user password. This
fixes permissions and page render problems. As for the firewall,
configure-firewall-tui is a simpler way to allow port 80 inbound. Centos
firewall is pretty restrictive by default.
On Feb 27, 2013 1:17 PM, "sniglet" <[email protected]<javascript:_e({}, 'cvml', '[email protected]');>>
wrote:

A clean install on a CENTOS box required the following additional steps
to
reach snortreport remotely using a web browser:

chown -R apache /var/www

And the following entry in /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

—
Reply to this email directly or view it on GitHub<
https://github.com/da667/Autosnort/issues/10>
.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/10#issuecomment-14203134
.

[da667]

I'm working on reproducing the issue you ran into on your install. So far,
I'm not running into luck. I'm using a CentOS 6.3 32-bit VM, fully patched
and updated prior to running the script and run into no issues pulling
barnyard2, reading its files, or creating the snort database or schemas. I
have a few more questions for you.

• Are you running 32-bit or 64-bit CentOS? though the arch in this case
  shouldn't really matter, I want to do my best to reproduce this problem.
• Regarding the problems you experienced getting the webpage to render,
  were you running SELinux? There is an option to enable short_open_tags in
  PHP and fix permissions in SELinux to allow apache to access /var/www. do
  you remember whether or not you allowed the script to perform these
  modifications?

Regarding the firewall, There is a message that notifies the user to open
the firewall via system-configure-firewall-tui after it modifies the
php.ini and changes SELinux settings. I suppose I could include an iptables
rule as suggested, but for the time being, I leave it as an exercise to the
user.

On Wed, Feb 27, 2013 at 5:07 PM, sniglet [email protected] wrote:

The script worked after I hard coded the barnyard version into it (instead
of barnyard2* )

After the script completed, I attempted to hit the page once, then applied
apache perms to /etc/www, failed accessing the page again, then applied
the
changes to iptables, it was successful at that point.

On Wednesday, February 27, 2013, da_667 wrote:

So, did you get the script to work or was this after manually running
the
create schema script?

There's supposed to be an option to run chcon and enable short open tags
in
the script after it asks you for the snort database user password. This
fixes permissions and page render problems. As for the firewall,
configure-firewall-tui is a simpler way to allow port 80 inbound. Centos
firewall is pretty restrictive by default.
On Feb 27, 2013 1:17 PM, "sniglet" <[email protected]<javascript:_e({},
'cvml', '[email protected]');>>
wrote:

A clean install on a CENTOS box required the following additional
steps
to
reach snortreport remotely using a web browser:

chown -R apache /var/www

And the following entry in /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

—
Reply to this email directly or view it on GitHub<
https://github.com/da667/Autosnort/issues/10>
.

—
Reply to this email directly or view it on GitHub<
https://github.com/da667/Autosnort/issues/10#issuecomment-14203134>
.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/10#issuecomment-14203369
.

when does reality end? when does fantasy begin?