Tout d’abord bonjour à tous.
Voila je vous explique mon probleme :
Je dois mettre en place un outil de detection et d’intrusion dans une université.
j’ai installé et configuré prelude, installé et configuré Prewikka.
ensuite pour permettre d’analyser le réseau, j’ai décidé d’installer Snort et de l’intégrer a prelude.
sur ma machine cliente j’ai donc utiliser la commande suivante : " prelude-admin register snort “idmef:w admin:r” --uid X --gid X " et sur mon manager la commande " prelude-adduser registration-server prelude-manager "
Tout va bien l’enregistrement s’est bien effectué, mais quand je decide de lancer snort avec la commande " snort -c /etc/snort/snort.conf -i eth0 " voila l’erreur :
Running in IDS mode
Initializing Network Interface eth0
--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains…
ERROR: Undefined variable name: (/etc/snort/snort.conf:49): HOME_NET
Fatal Error, Quitting…
gtrchef:/etc/snort# snort -c /etc/snort/snort.conf -i eth0
Running in IDS mode
Initializing Network Interface eth0
--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains…
,-----------[Flow Config]----------------------
| Stats Interval: 0
| Hash Method: 2
| Memcap: 10485760
| Rows : 4099
| Overhead Bytes: 16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
Fragment timeout: 60 seconds
Fragment memory cap: 4194304 bytes
Fragment min_ttl: 0
Fragment ttl_limit: 5
Fragment Problems: 0
Self preservation threshold: 500
Self preservation period: 90
Suspend threshold: 1000
Suspend period: 30
Stream4 config:
Stateful inspection: ACTIVE
Session statistics: INACTIVE
Session timeout: 30 seconds
Session memory cap: 8388608 bytes
State alerts: INACTIVE
Evasion alerts: INACTIVE
Scan alerts: INACTIVE
Log Flushed Streams: INACTIVE
MinTTL: 1
TTL Limit: 5
Async Link: 0
State Protection: 0
Self preservation threshold: 50
Self preservation period: 90
Suspend threshold: 200
Suspend period: 30
Enforce TCP State: INACTIVE
Midstream Drop Alerts: INACTIVE
Stream4_reassemble config:
Server reassembly: INACTIVE
Client reassembly: ACTIVE
Reassembler alerts: ACTIVE
Zero out flushed packets: INACTIVE
flush_data_diff_size: 500
Ports: 21 23 25 53 80 110 111 143 513 1433
Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
HttpInspect Config:
GLOBAL CONFIG
Max Pipeline Requests: 0
Inspection Type: STATELESS
Detect Proxy Usage: NO
IIS Unicode Map Filename: /etc/snort/unicode.map
IIS Unicode Map Codepage: 1252
DEFAULT SERVER CONFIG:
Ports: 80 8080 8180
Flow Depth: 300
Max Chunk Length: 500000
Inspect Pipeline Requests: YES
URI Discovery Strict Mode: NO
Allow Proxy Usage: NO
Disable Alerting: NO
Oversize Dir Length: 500
Only inspect URI: NO
Ascii: YES alert: NO
Double Decoding: YES alert: YES
%U Encoding: YES alert: YES
Bare Byte: YES alert: YES
Base36: OFF
UTF 8: OFF
IIS Unicode: YES alert: YES
Multiple Slash: YES alert: NO
IIS Backslash: YES alert: NO
Directory Traversal: YES alert: NO
Web Root Traversal: YES alert: YES
Apache WhiteSpace: YES alert: NO
IIS Delimiter: YES alert: NO
IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Non-RFC Compliant Characters: NONE
rpc_decode arguments:
Ports to decode RPC on: 111 32771
alert_fragments: INACTIVE
alert_large_fragments: ACTIVE
alert_incomplete: ACTIVE
alert_multiple_requests: ACTIVE
telnet_decode arguments:
Ports to decode telnet on: 21 23 25 119
Portscan Detection Config:
Detect Protocols: TCP UDP ICMP IP
Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
Sensitivity Level: Low
Memcap (in bytes): 10000000
Number of Nodes: 36900
X-Link2State Config:
Ports: 25 691
database: compiled support for ( mysql )
database: configured to use mysql
database: must enter database name in configuration file
USAGE: database plugin
output database: [log | alert], [type of database], [parameter list]
[log | alert] selects whether the plugin will use the alert or
log facility.
For the first argument, you must supply the type of database.
The possible values are mysql, postgresql, odbc, oracle and
mssql
The parameter list consists of key value pairs. The proper
format is a list of key=value pairs each separated a space.
The only parameter that is absolutely necessary is “dbname”.
All other parameters are optional but may be necessary
depending on how you have configured your RDBMS.
dbname - the name of the database you are connecting to
host - the host the RDBMS is on
port - the port number the RDBMS is listening on
user - connect to the database as this user
password - the password for given user
sensor_name - specify your own name for this snort sensor. If you
do not specify a name one will be generated automatically
encoding - specify a data encoding type (hex, base64, or ascii)
detail - specify a detail level (full or fast)
ignore_bpf - specify if you want to ignore the BPF part for a sensor
definition (yes or no, no is default)
FOR EXAMPLE:
The configuration I am currently using is MySQL with the database
name of “snort”. The user “snortusr@localhost” has INSERT and SELECT
privileges on the “snort” database and does not require a password.
The following line enables snort to log to this database.
output database: log, mysql, dbname=snort user=snortusr host=localhost
ERROR: Fatal Error, Quitting…
C’est surtout le fatal error qui m’inquiete 
Si quelqu’un arrive à me decoincer, je lui en serait tres reconnaissant. merci d’avance