#####################################################################################
#    Thresh (a SnortFE Component)
#    Copyright (C) 2007 Matthew J. Deren Jr.
#
#    This library is free software; you can redistribute it and/or
#    modify it under the terms of the GNU Lesser General Public
#    License as published by the Free Software Foundation; either
#    version 2.1 of the License, or (at your option) any later version.
#
#    This library is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#    Lesser General Public License for more details.
#
#    You should have received a copy of the GNU Lesser General Public
#    License along with this library; if not, write to the Free Software
#    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
####################################################################################

Installation Instructions
-------------------------

This is based off of a basic RHEL installation. It should be the same with Fedora and other RedHat based distros.

It is up to _you_ to get Snort running and reporting to MySQL. This program will not run without a backend database
with proper read permissions.  I can do the rest.. :)

1. Install Net::Netmask & NetAddr::IP through CPAN:

        $>su -
        Password: <root password>
        #>cpan install Net::Netblock
        #>cpan install NetAddr::IP


        *** If you haven't configured CPAN before, just keep hitting yes and
            select all FTP/HTTP repositories when it asks.

        !!!Alternative!!! You should be able to achieve the same effect with:
                         'yum install perl-Net-Netmask'
                         CPAN should get the latest version, which is (almost) always better.

2. Install Apache & Perl CGI handler

        $>su -
        Password: <root password>
        #>yum install httpd
        #>yum install perl-CGI-Simple

3. Configure Apache

        #>vi /etc/httpd/conf/httpd.conf

        I.  Uncomment   : #AddHandler cgi-script .cgi

        II. Modify      : Options Indexes FollowSymLinks
             to         : Options Indexes FollowSymLinks ExecCGI

        #>/etc/init.d/httpd restart

        ***This allows Apache to execute CGI.  Do not do this on a public server unless
           you know what your are doing.

4. Get and install Thresh!

        $>cd /home/<username/
        $>wget http://www.automatadigital.com/files/<latest thresh version>.tar.gz
        $>su -
        Password: <root password>
        #>cd /var/www/html/
        #>tar -zxvf /home/<username>/<latest thresh version>.tar.gz

5. Configure DB File

        $>su -
        Password: <root password>
        #>cd /var/www/html/thresh/include
        #>vi ./dbconfig.conf

        <EXAMPLE CONFIG FILE!>
        $dbi='DBI:mysql:database=snort;host=192.168.1.1;port=3306';
        $user='matthew';
        $pass='my_snort_db_password';

        $thresh_file = './config/threshold.conf';
        $supp_file = './config/suppress.conf';

6. Ensure CGI & .pl files have execute permissions
        $>su -
        Password: <root password>
        #>cd /<thresh root>
        #>chmod -R 755 ./*.cgi
        #>chmod -R 755 ./*.pl

5. You _should_ be ready to go!
`
        Web browse to : http://localhost/thresh/index.html