前一段一直在做snort入侵檢測系統的安裝以及配置,看了很多的網上資料,也算是總結了下前輩的經驗吧。
需要的軟件包:
1、httpd-2.2.6.tar.gz
2、mysql-5.1.22-rc-linux-i686-icc-glibc23.tar.gz
3、php-5.2.4.tar.bz2
4、acid-0.9.6b23.tar.gz
4、acid-0.9.6b23.tar.gz
5、adodb4991.tgz
6、jpgraph-1.26.tar.gz
7、libpcap-1.0.0.tar.gz
8、pcre-7.8.tar.gz
9、snort-2.8.3.1.tar.gz
10、snortcenter-agent-v1.0-RC1.tar.gz
11、snortcenter-v1.0-RC1.tar.gz
12、zlib-1.2.3.tar.gz
?
關于apache,php,mysql的安裝看另外的文檔
?
一、安裝snort的支持包
?
1、安裝libpcap包
#?tar?zxvf?libpcap-0.7.2.tar.gz
#?cd?libpcap-0.7.2
#?./configure
#?make
#?make?install
?
2、安裝pcre包
#?tar?zxvf?pcre-7.8.tar.gz
#?./configure
#?make
#?make?install
?
3、安裝zlib包
#?tar?zxvf?zlib-1.2.3.tar.gz
#?./configure
#?make
#?make?install
?
二、安裝snort
?
#?tar?zxvf?snort-2.8.3.1.tar.gz
#?cd?snort-2.8.3.1
#?./configure?--with-mysql=/usr/local/mysql
#?make?
#?make?install
#?cd?preproc_rules?
#?mkdir?/etc/snort
#?mkdir?/var/log/snort
#?cp?*?/etc/snort
#?cd?../etc
#?cp?snort.conf?/etc/snort
#?cp?*.config?/etc/snort
#?cd
#?vi?/etc/snort/snort.conf?
<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->
<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->
?“#?var?HOME_NET?10.1.1.0/24”改成“var?HOME_NET?192.168.0.0/24”你自己LAN內的地址,把前面的#號去掉。
?
?“var?RULE_PATH?../rules”改成“var?RULE_PATH?/etc/snort”
?
#output?database:?log,?mysql,?user=root?password=test?dbname=db?host=localhost”
?
“output?database:?log,?mysql,?user=root?password=123456?dbname=snort?host=localhost”?密碼改成你自己的,把前面的#號去掉。
?
?把
#?include?$RULE_PATH/web-attacks.rules
#?include?$RULE_PATH/backdoor.rules
#?include?$RULE_PATH/shellcode.rules
#?include?$RULE_PATH/policy.rules
#?include?$RULE_PATH/porn.rules
#?include?$RULE_PATH/info.rules
#?include?$RULE_PATH/icmp-info.rules
?include?$RULE_PATH/virus.rules
#?include?$RULE_PATH/chat.rules
#?include?$RULE_PATH/multimedia.rules
#?include?$RULE_PATH/p2p.rules????????????//前面的#號刪除。
?
修改完畢后,保存退出。
?
三、建立snort數據庫
?
#?/usr/local/mysql/bin/mysql?-uroot?-p123456
#?create?database?snort;
#?grant?INSERT,SELECT?on?root.*?to?snort@localhost;
#?exit
#?cd?/usr/local/src/snort-2.8.3.1/schemas #?/usr/local/mysql/bin/mysql?-uroot?-p123456?<?create_mysql?snort
?
#?進入mysql數據庫,看看snort數據庫中的表:
#?/usr/local/mysql/bin/mysql?-uroot?-p123456?
<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->
<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->
mysql>show?databases;?
+------------+?
|?Database?
+------------+?
|?mysql?
|?snort?
|?test?
+------------+?
3?rows?in?set?(0.00?sec)?
mysql>use?snort;?
mysql>show?tables;?將會有這些:?
+------------------+?
|?Tables_in_snort?|?
+------------------+?
|?data?
|?detail?
|?encoding?
|?event?
|?flags?
|?icmphdr?
|?iphdr?
|?opt?
|?protocols?
|?reference?
|?reference_system?
|?schema?
|?sensor?
|?services?
|?sig_class?
|?sig_reference?
|?signature?
|?tcphdr?
|?udphdr?
+------------------+?
19?rows?in?set?(0.00?sec)?
mysql>exit
+------------+?
|?Database?
+------------+?
|?mysql?
|?snort?
|?test?
+------------+?
3?rows?in?set?(0.00?sec)?
mysql>use?snort;?
mysql>show?tables;?將會有這些:?
+------------------+?
|?Tables_in_snort?|?
+------------------+?
|?data?
|?detail?
|?encoding?
|?event?
|?flags?
|?icmphdr?
|?iphdr?
|?opt?
|?protocols?
|?reference?
|?reference_system?
|?schema?
|?sensor?
|?services?
|?sig_class?
|?sig_reference?
|?signature?
|?tcphdr?
|?udphdr?
+------------------+?
19?rows?in?set?(0.00?sec)?
mysql>exit
?
snort的chkconfig管理
?
cd /root/snort-2.8.3.1/rpm
cp snortd /etc/init.d/
chmod 755 /etc/init.d/snortd
chkconfig --add snortd
chkconfig --level 35 snortd on
?
四、安裝設置Acid
?
#?把acid-0.9.6b23.tar.gz、adodb4991.tgz、jpgraph-1.26.tar.gz放到網頁根目錄,我這里是默認的。
#?cp?a*.*?/usr/local/apache2/htdocs
# cp?jpgraph-1.26.tar.gz?/usr/local/apache2/htdocs
#?tar?zxvf?adodb4991.tgz
#?tar?zxvf?jpgraph-1.26.tar.gz?
#?mv?jpgraph-1.26?jpgraph?
#?tar?zxvf?acid-0.9.6b23.tar.gz
#?cd?acid?
#?vi?acid_conf.php?
把“$DBlib_path?=?"";”??改成“$DBlib_path?=?"/usr/local/apache2/htdocs/adodb”?
#?$alert_dbname???=?"snort_log";??//改成snort?
??$alert_host?????=?"localhost";?
??$alert_port?????=?"";?
??$alert_user?????=?"root";?
??$alert_password?=?"mypassword";?//改成你的數據庫密碼?
??/*?Archive?DB?connection?parameters?*/?
??$archive_dbname???=?"snort_archive";??//改成snort?
??$archive_host?????=?"localhost";?
??$archive_port?????=?"";?
??$archive_user?????=?"root";?
??$archive_password?=?"mypassword";”??//改成你的數據庫密碼?
#?把“$ChartLib_path?=?"";”??改成“$ChartLib_path?=?"/usr/local/apache2/htdocs/jpgraph/src”?
#?修改完畢后,保存退出。
#?mv?jpgraph-1.26?jpgraph?
#?tar?zxvf?acid-0.9.6b23.tar.gz
#?cd?acid?
#?vi?acid_conf.php?
把“$DBlib_path?=?"";”??改成“$DBlib_path?=?"/usr/local/apache2/htdocs/adodb”?
#?$alert_dbname???=?"snort_log";??//改成snort?
??$alert_host?????=?"localhost";?
??$alert_port?????=?"";?
??$alert_user?????=?"root";?
??$alert_password?=?"mypassword";?//改成你的數據庫密碼?
??/*?Archive?DB?connection?parameters?*/?
??$archive_dbname???=?"snort_archive";??//改成snort?
??$archive_host?????=?"localhost";?
??$archive_port?????=?"";?
??$archive_user?????=?"root";?
??$archive_password?=?"mypassword";”??//改成你的數據庫密碼?
#?把“$ChartLib_path?=?"";”??改成“$ChartLib_path?=?"/usr/local/apache2/htdocs/jpgraph/src”?
#?修改完畢后,保存退出。
?
六、進入web界面:
#?http://yourhost/acid/acid_main.php,點"Setup?Page"鏈接?->Create?Acid?AG?
#?訪問http://yourhost/acid將會看到ACID界面。
#?訪問http://yourhost/acid將會看到ACID界面。
?
七、測試IDS
#?利用nmap,nessus,CIS或X-scan對系統進行掃描,產生告警紀錄。?
#?http://yourhost/acid?察看紀錄。?
#?至此,一個功能強大的IDS設置完畢。各位能利用web界面遠程登陸,監視主機所處局域網,同時安裝??phpMyAdmin或webmin對mysql數據庫進行操控
#?http://yourhost/acid?察看紀錄。?
#?至此,一個功能強大的IDS設置完畢。各位能利用web界面遠程登陸,監視主機所處局域網,同時安裝??phpMyAdmin或webmin對mysql數據庫進行操控
?
?
八、安裝SnortCenter
?
#?cp?snortcenter-v1.0-RC1.tar.gz?/usr/local/apache2/htdocs?
#?tar?zxvf?snortcenter-v1.0-RC1.tar.gz?
#?mv?www?sc?
#?vi?sc/config.php
#?改以下內容:?
$DBlib_path?=?"/usr/local/apache2/htdocs/adodb/?
$curl_path?=?"/usr/bin";?
$DBtype?=?"mysql";?
$DB_dbname???=?"snortcenter";???????????#?$DB_dbname???:?MySQL?database?name?of?
SnortCenter?DB?
$DB_host?????=?"localhost";?????????????#?$DB_host?????:?host?on?which?the?DB?is?
?stored?
$DB_user?????=?"root";??????????????????#?$DB_user?????:?login?to?the?database?w?
ith?this?user?
$DB_password?=?"123456";????????????????????????#?$DB_password?:?password?of?the?
?DB?user?
$DB_port?????=?"";??????????????????????#?$DB_port?????:?port?on?which?to?access?
?the?DB?(blank?is?default)?
(數據庫密碼改成你自己的)?
#?修改好后,保存退出。?
#?然后創建snortcenter的數據庫?
#?mysql?-uroot?-p123456?
#?create?database?snortcenter;?
#?quit;?
#?在瀏覽器上鍵入http://192.168.0.11/sc,他會自動創建數據表,然后再次登入會讓你輸入用戶名和密碼,初始是admin,change.
#?tar?zxvf?snortcenter-v1.0-RC1.tar.gz?
#?mv?www?sc?
#?vi?sc/config.php
#?改以下內容:?
$DBlib_path?=?"/usr/local/apache2/htdocs/adodb/?
$curl_path?=?"/usr/bin";?
$DBtype?=?"mysql";?
$DB_dbname???=?"snortcenter";???????????#?$DB_dbname???:?MySQL?database?name?of?
SnortCenter?DB?
$DB_host?????=?"localhost";?????????????#?$DB_host?????:?host?on?which?the?DB?is?
?stored?
$DB_user?????=?"root";??????????????????#?$DB_user?????:?login?to?the?database?w?
ith?this?user?
$DB_password?=?"123456";????????????????????????#?$DB_password?:?password?of?the?
?DB?user?
$DB_port?????=?"";??????????????????????#?$DB_port?????:?port?on?which?to?access?
?the?DB?(blank?is?default)?
(數據庫密碼改成你自己的)?
#?修改好后,保存退出。?
#?然后創建snortcenter的數據庫?
#?mysql?-uroot?-p123456?
#?create?database?snortcenter;?
#?quit;?
#?在瀏覽器上鍵入http://192.168.0.11/sc,他會自動創建數據表,然后再次登入會讓你輸入用戶名和密碼,初始是admin,change.
?
CREATE TABLE dbname.schema (vseq int(10) unsigned NOT NULL default '0',ctime datetime NOT NULL default '0000-00-00 00:00:00') TYPE=MyISAM;
#?然后我們安裝snortcenter-agent-v1.0-RC1.tar.gz?
#?cp?snortcenter-agent-v1.0-RC1.tar.gz?/opt?
#?cd?/opt?
#?tar?zxvf?snortcenter-agent-v1.0-RC1.tar.gz?
#?cd?sensor?
#?./setup.sh,回答幾個問題即完成安裝,默認端口2525。?
#?cp?/etc/snort.conf?/etc/snort.eth0.conf
#?然后我們安裝snortcenter-agent-v1.0-RC1.tar.gz?
#?cp?snortcenter-agent-v1.0-RC1.tar.gz?/opt?
#?cd?/opt?
#?tar?zxvf?snortcenter-agent-v1.0-RC1.tar.gz?
#?cd?sensor?
#?./setup.sh,回答幾個問題即完成安裝,默認端口2525。?
#?cp?/etc/snort.conf?/etc/snort.eth0.conf
本文轉自wiliiwin 51CTO博客,原文鏈接:http://blog.51cto.com/wiliiwin/199235
![[轉載] Java:獲取數組中的子數組的多種方法](http://pic.xiahunao.cn/[轉載] Java:獲取數組中的子數組的多種方法)
![[轉載] Java中Array(數組)轉List(集合類)的幾種方法](http://pic.xiahunao.cn/[轉載] Java中Array(數組)轉List(集合類)的幾種方法)
![[轉載] java中數組的反射的探究](http://pic.xiahunao.cn/[轉載] java中數組的反射的探究)
![[轉載] java中50個關鍵字以及各自用法大全](http://pic.xiahunao.cn/[轉載] java中50個關鍵字以及各自用法大全)
![[轉載] Java中的final變量、final方法和final類](http://pic.xiahunao.cn/[轉載] Java中的final變量、final方法和final類)
![[轉載] java中的經典問題:傳值與傳引用](http://pic.xiahunao.cn/[轉載] java中的經典問題:傳值與傳引用)
![[3/21]Windows Server 2008時鐘方面的改進展示](http://pic.xiahunao.cn/[3/21]Windows Server 2008時鐘方面的改進展示)
![[轉載] 黑馬程序員_學習筆記8_C#基礎歸納之數組](http://pic.xiahunao.cn/[轉載] 黑馬程序員_學習筆記8_C#基礎歸納之數組)
![[轉載] JAVA筆記_(Day04,Day05)函數數組](http://pic.xiahunao.cn/[轉載] JAVA筆記_(Day04,Day05)函數數組)
![[轉載] Java ArrayList toArray(T[] a) 解惑](http://pic.xiahunao.cn/[轉載] Java ArrayList toArray(T[] a) 解惑)
)
![[轉載] 編譯原理課程設計 基于Java的LL(1)文法預測分析程序](http://pic.xiahunao.cn/[轉載] 編譯原理課程設計 基于Java的LL(1)文法預測分析程序)
![[轉載] Scanner和bufferreader讀取控制臺字符的區別](http://pic.xiahunao.cn/[轉載] Scanner和bufferreader讀取控制臺字符的區別)