Troubleshooting Acid (why Is Acid Console Displayed In Html Text??)

njugs79 · 03-29-2005, 09:15 AM

Hi all. I am trying to install Snort IDS on my Linux System (Redhat9). I got some helpful documentation from www.superhac.com on how to go about the install. Everything was going well until i got to the point where you try and access your acid console. The thing is the console is being displayed in HTML text format!!!! Any ideas why and how a newbie can solve this problem? I have tried to include some of the steps (that may be different from the documentation gotten from the internet) below just for reference sake. I appreciate any help given.

[root@Snortsev2 mysqldl]# rpm -ivh httpd-2.0.52-21.i386.rpm

[root@Snortsev2 mysqldl]# rpm -ivh mod_ssl-2.0.52-21.i386.rpm

[root@Snortsev2 mysqldl]# rpm -ivh MySQL-server-4.0.24-0.i386.rpm
warning: MySQL-server-4.0.24-0.i386.rpm: V3 DSA signature: NOKEY, key ID 5072e1f
5
Preparing... ########################################### [100%]
1:MySQL-server ########################################### [100%]
Preparing db table
Preparing host table
Preparing user table
Preparing func table
Preparing tables_priv table
Preparing columns_priv table
Installing all prepared tables
050324 17:11:38 Warning: Asked for 196608 thread stack, but got 126976
050324 17:11:38 /usr/sbin/mysqld: Shutdown Complete

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h Snortsev2 password 'new-password'
See the manual for more instructions.

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at https://order.mysql.com

[root@Snortsev2 snortinstall]# rpm -ivh MySQL-client-4.0.24-0.i386.rpm
warning: MySQL-client-4.0.24-0.i386.rpm: V3 DSA signature: NOKEY, key ID 5072e1f5
Preparing... ########################################### [100%]
1:MySQL-client ########################################### [100%]

[root@Snortsev2 snortinstall]# rpm -ivh MySQL-shared-3.23.58-1.i386.rpm
warning: MySQL-shared-3.23.58-1.i386.rpm: V3 DSA signature: NOKEY, key ID 5072e1f5
Preparing... ########################################### [100%]
1:MySQL-shared ########################################### [100%]

[root@Snortsev2 snortinstall]# mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.0.24-standard

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> set password for 'root'@'localhost'=password('xxxxx');
Query OK, 0 rows affected (0.13 sec)

[root@Snortsev2 snortinstall]# rpm -ivh php-4.3.8-1.i386.rpm
Preparing... ########################################### [100%]
1

hp ########################################### [100%]

[root@Snortsev2 snortinstall]# rpm -ivh php-mysql-4.3.8-1.i386.rpm
Preparing... ########################################### [100%]
1

hp-mysql ########################################### [100%]

BELOW ARE KEY SECTIONS OF MY HTTPD.CONF FILE:

# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#

<Directory "/var/www/html/acid">
AuthType Basic
AuthName "ey"
AuthUserFile /usr/lib/apache/passwords
Require user admin
AllowOverride None
</Directory>

<Directory "/var/www/html/acidviewer">
AuthType Basic
AuthName "ey"
AuthUserFile /usr/lib/apache/passwords
Require user acidviewer
AllowOverride None
</Directory>

Alias /icons/ "/var/www/icons/"

<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

#

# The set below does not map to a specific (iso) standard
# but works on a fairly wide range of browsers. Note that
# capitalization actually matters (it should not, but it
# does for some browsers).
#
# See ftp://ftp.isi.edu/in-notes/iana/assi...character-sets
# for a list of sorts. But browsers support few.
#
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis

#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
AddType application/x-tar .tgz
#

Crashed_Again · 03-29-2005, 11:46 AM

Sounds like a php issue to me. Do you have any pages on your site that are working with php? Have you made a test php page with the <? phpinfo() ?> thinggy?

njugs79 · 03-30-2005, 12:03 AM

Update on the same ACID troubleshooting issue. I got the following information from http://acidlab.sourceforge.net/acid_faq.html#faq_b6

"If all ACID pages seem to come up as raw HTML in the browser, perhaps always starting with the line "<?php", then mostly likely the web server has not been properly configured to use PHP. The MIME types are not set correctly; the web server is treating files with the ".php" extension as normal text instead of parsing then with PHP.

It is also possible that a mis-configured web server will cause the browser to prompt you to save the ACID file, instead of rendering the results.

In Apache the following lines need to included in the httpd.conf configuration file.

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
"

So i tried adding the two lines:

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Now the page seems to be opening but with the following error:
"PHP ERROR: PHP build incomplete: the prerequisite MySQL support required to read the alert database was not built into PHP. Please recompile PHP with the necessary library (--with-mysql)."

I tried running the RPM again and this is what i got:

[root@Snortsev2 snortinstall]# rpm -ivh php-4.3.8-1.i386.rpm
Preparing... ########################################### [100%]
package php-4.3.8-1 is already installed

[root@Snortsev2 snortinstall]# rpm -ivh php-mysql-4.3.8-1.i386.rpm
Preparing... ########################################### [100%]
package php-mysql-4.3.8-1 is already installed
[root@Snortsev2 snortinstall]#

So how does one recompile PHP wiith the necessary library (--with-mysql)??? For my PHP installation i used the following:
php-4.3.8-1.i386.rpm
php-mysql-4.3.8-1.i386.rpm

For my httpd installation i used the following:
httpd-2.0.52-21.i386.rpm
mod_ssl-2.0.52-21.i386.rpm

I tried the php test as follows:
created a file called test.php in the /var/www/html directory with the lines "<?php phpinfo();?>". I then accessed the same through my web browser as "https://<IP_ADDRESS>/test.php".
It seemed to work and displayed quite some info, some of which is shown below:

Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 2039 2039
expose_php On On
extension_dir ./ ./
file_uploads On On
gpc_order GPC GPC

Any ideas now?? Thanks for the response.

Crashed_Again · 03-30-2005, 06:07 AM

Man I thought that php-mysql package was what you needed. I'm pretty sure that is what gives php its mysql support. This is wierd. Did you restart all the services in play here after you made changes?

njugs79 · 03-30-2005, 09:31 AM

Whats the syaing "thez more than one way to skin a cat?!!" I just uninstalled everything that i had put in and started the installation afresh with new php package. By the way i noticed that there are bound to be dependency problems with later versions.
After starting afresh (AND DOCUMENTING EACH STEP!!!!!!!) VOILA!!! It works now. Just hope i don't stumble again as i install the rest of snort.
Thanks for the help.
PS:
Now that i think of it, it may be worth a try to restart the httpd service (even after reeboot) coz that the ideology i used as i re-installed and it worked well. I may have saved maself some time but...

Thanks again.