Gentoo Wiki


Apache2 Series



Addons & Tunnels






HOWTO Setup BASE with Apache

If you are wondering what BASE is; it is a web-based front-end to the Snort NIDS. It allows you to organize your Snort logs and alerts into an easily readable format and to graph that data. It is a modern replacement for ACID (which is no longer being developed). BASE also provides some additional features not found in ACID, such as user authentication. If you are familiar with ACID, then you will feel right at home using BASE.


The goal of this document is to walk you though the installation and setup of BASE. The only requirements are that you have Gentoo installed successfully, and you must have administrative privileges. This document will explain how to install and configure any necessary dependencies for BASE to run.


File: /etc/make.conf
USE="php session pcre hardenedphp gd pear apache2 *postgres \
*mysql ssl png gif jpeg cli xml"

* choose one database.

Note: emerge base failed complaining of missing PHP USE flags.

It wants dev-lang/php-5 compiled with the sqlite USE flag. Add sqlite to your USE flag, if you're going to use PHP-5

Install Backend

Start Backend

/etc/init.d/postgresql start or /etc/init.d/mysql start
/etc/init.d/apache2 start
/etc/init.d/snort start

Unmask Dependencies

echo "dev-php/PEAR-Image_Color" >> /etc/portage/package.keywords
echo "dev-php/PEAR-Image_Canvas" >> /etc/portage/package.keywords
echo "dev-php/PEAR-Numbers_Roman" >> /etc/portage/package.keywords
echo "dev-php/PEAR-Image_Graph" >> /etc/portage/package.keywords

Install PHP and its Dependencies

Code: JpGraph will determine which PHP gets emerged

For PHP5:

echo "dev-php5/jpgraph" >> /etc/portage/package.keywords
emerge -av gd dev-php5/jpgraph adodb dev-lang/php PEAR-PEAR

For PHP4:

echo "dev-php4/jpgraph" >> /etc/portage/package.keywords
emerge -av gd dev-php4/jpgraph adodb dev-lang/php PEAR-PEAR

Install mod_ssl (optional)

Code: If using Apache-1, install mod_ssl (recommended).

Install BASE

Note: At the time of this writing, all base ebuilds in the Portage tree are masked by keyword.

Code: Installing BASE
echo "net-analyzer/base" >> /etc/portage/package.keywords
emerge -av base

Setup BASE

File: Verify the '/etc/base/base_conf.php' settings
$alert_dbname = "snort_log";
$alert_host = "localhost";
Or change "localhost" to the IP-address of the remote host running the database.
$alert_port = "";
Only change this if you've set the database to use a non-standard port.
$alert_user = "snort";
$alert_password = "[the password you entered when you created \
the snort user]";
Code: Navigate to base_db_setup.php (e.g., https://localhost/base/base_db_setup.php)

click the "Setup AG" button.

You're done! You can access BASE by navigating to 'base_main.php' (e.g., https://localhost/base/base_main.php).

BASE Authentication Setup (optional)

Code: Add new roles

Click the 'Administration' link on the main BASE page.
Click the 'Create a Role' link.
Enter role info (e.g., Role ID: 1, Role Name: Admin, Description: Full Access).

Code: Add new users

Click the 'Create a user' link.
Enter the user info.
Verify that the user was added successfully.

File: /etc/base/base_conf.php
$Use_Auth_System = 1;


The mysql snort user needs the following rights (see table mysql.db) to create the BASE tables :

Select_priv Insert_priv Update_priv Create_priv Execute_priv

Code: Verify cookie support is enabled in the browser (Firefox)
Check "Allow sites to set cookies"
Click "OK"
Code: Verify proper USE flags are set (i.e., dev-lang/php requires '+cli', '+gd' and '+pear' for chart support)
emerge -pv mysql postgresql apache gd dev-lang/php \
jpgraph snort base
Code: Check the logs for any clues
less /var/log/messages || less /var/log/everything/current
less /var/lib/postgresql/data/postgresql.log
less /var/log/apache2/error_log
less /var/log/apache2/ssl_error_log
Code: Verify permissions and content of '/etc/base/base_conf.php' (it should be -rw-r----- root apache)
ls -l /etc/base/base_conf.php


Retrieved from ""

Last modified: Thu, 02 Oct 2008 22:13:00 +0000 Hits: 16,771