The next step is to install ACID or create a web interface that displays all alerts generated by Snort. Remember to download the latest version of ACID from its homepage, http://acidlab.sourceforge.net. You also need the programs ADODB and phplot. If you have ACID Version 0.9.6b22 or higher, use JpGraph instead of phplot. Try both to see which version works best.
Be aware that ACID is not a very secure web program.
Although this chapter does explain how to set up password protection
and although the
register globals option is
disabled, ACID may still be easy to crack. Use caution as to what
machines are running ACID and to whom the pages are accessible. Keep
ACID pages internal and limited to select users.
It's a good idea to locate the ACID console server
on the management network.
The examples presented here are what work for me. More HowTos and FAQs appear on the Internet each week, explaining new methods of installing ACID or configuring Snort. There are plenty of papers and tutorials online.
If you have not already installed it, the latest version of GD is also required by the system. You may opt to use the GD library that is included with the PHP source code instead.
After downloading all the necessary files, place the source code in the root directory of your web server. If you are using Apache as described previously, all files are placed in the /usr/local/httpd/htdocs/ directory. If you are using the default Apache that came with Red Hat Linux, ...