Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
12 janvier 2014 7 12 /01 /janvier /2014 21:36

We'll see here how  to have B.A.S.E. display that Alert World Map that really do add some glitter to BASE.



( nothing implied in the choice of the countries displayed on this map. Actually countries I like ;-)                       )


This is tested on Debian 7.5 / Edited June 03 2014

( Does not seem to work with Ubuntu 14.04 LTS )


1. BASE WORLDMAP install



World Pictures Install :


We first have to find the PEAR directory :


pear config-show


we go to the PEAR directory ( usually /usr/share/php )

and to the subdir :




we need to copy here these two files :



they are located in /var/www/base/ and /usr/src/base-1.4.5/

ie :

sudo cp /var/www/base/world*.* /usr/share/php/Image/Graph/Images/Maps



binaries install :


sudo apt-get install geoip-bin
sudo apt-get install libgeo-ip-perl
sudo apt-get install libgeo-ipfree-perl

sudo find / -name "GeoIP.dat"
( note : case sensitive )
here it's at : /usr/share/GeoIP/GeoIP.dat

we cd in :


cd /usr/share/GeoIP/


sudo perl -MCPAN -e 'install Geography::Countries'

( Answer to the questions : yes / yes )

sudo perl -MCPAN -e 'install IP::Country'

sudo leafpad /var/www/base/base_conf.php

near the end of the .conf file, uncomment " $IP2CC..." and correct the ip2cc path ( if needed ) :

//$IP2CC = "/usr/bin/ip2cc";         becomes     $IP2CC = "/usr/local/bin/ip2cc";              

cd /usr/lib/perl5/Geo

explore the website http://cpansearch.perl.org/src/BRICAS/ to find the right version )

sudo wget  http://cpansearch.perl.org/src/BRICAS/Geo-IPfree-1.140470/misc/ipct2txt.pl
sudo cp /usr/share/perl5/Geo/ipscountry.dat ./

sudo perl ipct2txt.pl ./ipscountry.dat /var/www/base/ips-ascii.txt

fix font problem :

There is a font display problem in BASE. The easiest way to fix it is this :


sudo leafpad /var/www/base/base_conf.php

comment all font names and uncomment $graph_font_name = "", ie :

font choice :
           // $graph_font_name = "Verdana";
           // $graph_font_name = "DejaVuSans";
           // $graph_font_name = "Image_Graph_Font";
           $graph_font_name = "";

2. World Map Display Test


The Worldmap alert display will bug if there is ONLY private IPs in the recorded alerts... We will use local.rules to trigger

some alerts with public IPs. Ex :



alert tcp any any -> $EXTERNAL_NET 80 (msg:"HTTP Request Outbound NOW!!!"; classtype:not-suspicious; sid:1000003; rev:1;)

alert tcp any 80 -> $HOME_NET any (msg:"HTTP Reply Inbound NOW!!!"; classtype:not-suspicious; sid:1000004; rev:1;)

( We update the sid-msg.map if needed )


We restart SNORT:


sudo service snort restart


and browse the web to trigger many alerts with Public IPs.



Using the Worldmap Display


We use the BASE menu Graph Alert Data :





What do you want to know : source countries vs number of alerts on a world map



We hit the 'Graph Alerts' Button :




And voila ! :





NB2 : The World Map Display won't autorefresh.



- SNORT® is a registered trademark  of Sourcefire, Inc. -

Partager cet article

Repost 0
Published by computer outlines - dans NIDS
commenter cet article



  • : Computer Outlines Blog
  • : Blog mainly focused over IPv6, Windows Server, and Networking in general.
  • Contact