25/02/2014: Hi, I’ve created a new post for CentOS 6.5 but it may work also for CentOS 6.4, please visit this new post before. I’ll keep this article as an archived version if you need to compile wkhtmltopdf for any reason.
If I want to have fun with Suricata IDS I think it will be useful to have a monitoring tool to track possible alerts. I’ve chosen Snorby as it seems to have a nice and intuitive GUI. Snorby uses ruby on rails and a mysql database. After many attempts I’ve finally got it running so I want to share with you the steps I’ve followed.
According to its web page, Snorby requires:
- Ruby > 1.9.2
- ImageMagick > 6.6.4
- Rails > 3.0.0
- Wkhtmltopdf
Unfortunately, packages in CentOS 6.4 repositories have older versions, maybe you can find newer versions in other repositories but time I’ll stick with the official repositories. Compilation fun! Warning: if you use the following commands check if newer versions of downloaded packages exist and change directories and names accordingly.
- We’ll start installing some packages using yum
yum groupinstall "Development Tools" yum install openssl-devel readline-devel libxml2-devel libxslt-devel mysql mysql-devel mysql-libs mysql-server urw-fonts libX11-devel libXext-devel qconf fontconfig-devel libXrender-devel unzip wget
- Let’s compile ImageMagick.
cd /opt wget http://ftp.sunet.se/pub/multimedia/graphics/ImageMagick/ImageMagick-6.8.5-9.tar.gz
-
tar xvfz ImageMagick-6.8.5-9.tar.gz cd ImageMagick-6.8.5-9 ./configure make make install ldconfig /usr/local/lib
- Time for Wkhtmltopdf. I’ve downloaded the source files because I had problems with the static versions of Wkhtmltopdf. I’ve used the readme file (README_WKHTMLTOPDF) which comes with wkhtmltopdf as a guide, but notice that the gitorious repository is not found.Warning: this step is going to take a loooong time so if you don’t need pdf reporting skip it.Warning: if you see squares in your pdf report instead of text install with yum the urw-fonts package. This information is provided thanks to this stackoverflow question.
cd /opt git clone git://github.com/jcsalterego/wkhtmltopdf-qt.git wkhtmltopdf-qt cd wkhtmltopdf-qt
-
// Edit the mkspecs/linux-g++-64/qmake.conf file and change the following lines: QMAKE_LIBDIR_X11 = /usr/lib64 QMAKE_LIBDIR_OPENGL = /usr/lib64
-
./configure -nomake tools,examples,demos,docs,translations -opensource -prefix ../wkqt make -j3 make install cd /opt wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.11.0_rc1.tar.bz2 tar jxvf wkhtmltopdf-0.11.0_rc1.tar.bz2 cd wkhtmltopdf-0.11.0_rc1 ../wkqt/bin/qmake make ldconfig ln -s /opt/wkhtmltopdf-0.11.0_rc1/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf ln -s /opt/wkhtmltopdf-0.11.0_rc1/bin/libwkhtmltox.so.0 /usr/lib64/libwkhtmltox.so.0
- MySQL!. Start the service and if it’s the first time you install it use the mysql_secure_installation to set root’s password and remove unnecessary tables.
service mysqld start mysql_secure_installation chkconfig mysqld on
- And now we need Ruby and RubyGems. I’m installing ruby 1.9.3 from ruby’s webpage.
cd /opt wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p448.tar.gz tar xvfz ruby-1.9.3-p448.tar.gz cd ruby-1.9.3-p448 ./configure make make install cd /opt wget http://production.cf.rubygems.org/rubygems/rubygems-2.0.4.tgz tar xvfz rubygems-2.0.4.tgz cd rubygems-2.0.4 ruby setup.rb
- We now have gem installed and we’re going to install bundler gem which is needed by Snorby setup.
cd /opt gem install bundler
- OK. I want to use Snorby so I need to download it!. I’ve had problems with the latest git version of snorby so I had to use the zip with the stable version (which is linked from Snorby’s webpage).
wget -O snorby.zip --no-check-certificate https://github.com/Snorby/snorby/archive/master.zip unzip snorby.zip cd snorby-master
- Now, pay attention! I’ve found many problems trying to use bundle with ruby 9.3 and I spent several hours finding out what to do. This is what I’ve done, I can guarantee that it’ll work with a newer ruby or snorby version but at least if you find the same problem you won’t suffer. If you find any error please contact me maybe I can help you and update the post so it’s useful for other users.
//Edit the Gemfile file and change this line: //gem 'rake', '0.9.2' to: gem 'rake', '> 0.9.2' //unless you want this error to show when using bundler: "error: /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.3.1/lib/bundler/fetcher.rb:112:in `specs': undefined method `each' //for nil:NilClass (NoMethodError)" //Edit the Gemfile file and add this line: //gem 'orm_adapter' after the line: gem netaddr, //unless you want this error when using bundler: 'orm_adapter' file not found //Edit Gemfile.lock and change rake (0.9.2) to rake(0.9.2.2) //so rake setup does not complain about a different rake version //Create a snorby_config.yml file. Edit the production section and set your domain cp config/snorby_config.yml.example config/snorby_config.yml // Create a MySQL database and a user for snorby mysql> create database snorby; Query OK, 1 row affected (0.00 sec) mysql> grant all privileges on snorby.* to snorby@localhost identified by 'snorby'; // Create a database.yml config file. // Edit the file and set the root password and MySQL server location cp config/database.yml.example config/database.yml
- OK! Now let’s install Snorby. And don’t forget to read the README.md file provided by Snorby’s developers
// We are in the snorby directory bundle install rake snorby:setup // This is the command's output ERROR 1007 (HY000) at line 1: Can't create database 'snorby'; database exists [datamapper] Finished auto_upgrade! for :default repository 'snorby' [~] Adding `index_timestamp_cid_sid` index to the event table [~] Adding `id` to the event table [~] Building `aggregated_events` database view [~] Building `events_with_join` database view * Removing old jobs * Starting the Snorby worker process. * Adding jobs to the queue
- Snorby is installed woohoo! Before launching it let’s create an iptables rule (TCP 3000 is the default port)
iptables -I INPUT -p tcp --dport 3000 -m state --state=NEW,ESTABLISHED,RELATED -j ACCEPT
- And now finally let’s start Snorby in my CentOS 6.4 server:
rails server -e production Booting WEBrick Rails 3.1.12 application starting in production on http://0.0.0.0:300 Call with -d to detach Ctrl-C to shutdown server
- If all is fine, open a web browser http://x.x.x.x:3000. Here, two screenshots so you can check that I haven’t lied to you.
Snorby default credentials are: snorby@snorby.org and password snorby.
I’ve had several issues with QT compilation and these links helped me:
- http://qt-project.org/forums/viewthread/6476
- http://www.qtforum.org/article/27886/installing-qt4-problem-basic-xlib-functionality-test-failed.html
Enjoy!