中国设计网站导航,今天的新闻 联播最新消息,企业建设网站的过程,长沙网络推广专员前一段一直在做snort入侵检测系统的安装以及配置#xff0c;看了很多的网上资料#xff0c;也算是总结了下前辈的经验吧。需要的软件包#xff1a;1、httpd-2.2.6.tar.gz2、mysql-5.1.22-rc-linux-i686-icc-glibc23.tar.gz3、php-5.2.4.tar.bz24、acid-0.9.6b23.tar.gz5、ad… 前一段一直在做snort入侵检测系统的安装以及配置看了很多的网上资料也算是总结了下前辈的经验吧。 需要的软件包 1、httpd-2.2.6.tar.gz 2、mysql-5.1.22-rc-linux-i686-icc-glibc23.tar.gz 3、php-5.2.4.tar.bz24、acid-0.9.6b23.tar.gz 5、adodb4991.tgz 6、jpgraph-1.26.tar.gz 7、libpcap-1.0.0.tar.gz 8、pcre-7.8.tar.gz 9、snort-2.8.3.1.tar.gz 10、snortcenter-agent-v1.0-RC1.tar.gz 11、snortcenter-v1.0-RC1.tar.gz 12、zlib-1.2.3.tar.gz 关于apachephpmysql的安装看另外的文档 一、安装snort的支持包 1、安装libpcap包 # tar zxvf libpcap-0.7.2.tar.gz # cd libpcap-0.7.2 # ./configure # make # make install 2、安装pcre包 # tar zxvf pcre-7.8.tar.gz # ./configure # make # make install 3、安装zlib包 # tar zxvf zlib-1.2.3.tar.gz # ./configure # make # make install 二、安装snort # tar zxvf snort-2.8.3.1.tar.gz # cd snort-2.8.3.1 # ./configure --with-mysql/usr/local/mysql # make # make install # cd preproc_rules # mkdir /etc/snort # mkdir /var/log/snort # cp * /etc/snort # cd ../etc # cp snort.conf /etc/snort # cp *.config /etc/snort # cd # vi /etc/snort/snort.conf !--[if !supportLineBreakNewLine]-- !--[endif]-- “# var HOME_NET 10.1.1.0/24”改成“var HOME_NET 192.168.0.0/24”你自己LAN内的地址把前面的#号去掉。 “var RULE_PATH ../rules”改成“var RULE_PATH /etc/snort” #output database: log, mysql, userroot passwordtest dbnamedb hostlocalhost” “output database: log, mysql, userroot password123456 dbnamesnort hostlocalhost” 密码改成你自己的把前面的#号去掉。 把 # include $RULE_PATH/web-attacks.rules # include $RULE_PATH/backdoor.rules # include $RULE_PATH/shellcode.rules # include $RULE_PATH/policy.rules # include $RULE_PATH/porn.rules # include $RULE_PATH/info.rules # include $RULE_PATH/icmp-info.rules include $RULE_PATH/virus.rules # include $RULE_PATH/chat.rules # include $RULE_PATH/multimedia.rules # include $RULE_PATH/p2p.rules //前面的#号删除。 修改完毕后保存退出。 三、建立snort数据库 # /usr/local/mysql/bin/mysql -uroot -p123456 # create database snort; # grant INSERT,SELECT on root.* to snortlocalhost; # exit # cd /usr/local/src/snort-2.8.3.1/schemas # /usr/local/mysql/bin/mysql -uroot -p123456 create_mysql snort # 进入mysql数据库看看snort数据库中的表 # /usr/local/mysql/bin/mysql -uroot -p123456 !--[if !supportLineBreakNewLine]-- !--[endif]-- mysqlshow databases; ------------ | Database ------------ | mysql | snort | test ------------ 3 rows in set (0.00 sec) mysqluse snort; mysqlshow tables; 将会有这些 ------------------ | Tables_in_snort | ------------------ | data | detail | encoding | event | flags | icmphdr | iphdr | opt | protocols | reference | reference_system | schema | sensor | services | sig_class | sig_reference | signature | tcphdr | udphdr ------------------ 19 rows in set (0.00 sec) mysqlexit snort的chkconfig管理 cd /root/snort-2.8.3.1/rpm cp snortd /etc/init.d/ chmod 755 /etc/init.d/snortd chkconfig --add snortd chkconfig --level 35 snortd on 四、安装设置Acid # 把acid-0.9.6b23.tar.gz、adodb4991.tgz、jpgraph-1.26.tar.gz放到网页根目录我这里是默认的。 # cp a*.* /usr/local/apache2/htdocs # cp jpgraph-1.26.tar.gz /usr/local/apache2/htdocs # tar zxvf adodb4991.tgz # tar zxvf jpgraph-1.26.tar.gz # mv jpgraph-1.26 jpgraph # tar zxvf acid-0.9.6b23.tar.gz # cd acid # vi acid_conf.php 把“$DBlib_path ;” 改成“$DBlib_path /usr/local/apache2/htdocs/adodb” # $alert_dbname snort_log; //改成snort $alert_host localhost; $alert_port ; $alert_user root; $alert_password mypassword; //改成你的数据库密码 /* Archive DB connection parameters */ $archive_dbname snort_archive; //改成snort $archive_host localhost; $archive_port ; $archive_user root; $archive_password mypassword;” //改成你的数据库密码 # 把“$ChartLib_path ;” 改成“$ChartLib_path /usr/local/apache2/htdocs/jpgraph/src” # 修改完毕后保存退出。 六、进入web界面 # http://yourhost/acid/acid_main.php点Setup Page链接 -Create Acid AG # 访问http://yourhost/acid将会看到ACID界面。 七、测试IDS # 利用nmap,nessus,CIS或X-scan对系统进行扫描产生告警纪录。 # http://yourhost/acid 察看纪录。 # 至此一个功能强大的IDS设置完毕。各位能利用web界面远程登陆监视主机所处局域网同时安装 phpMyAdmin或webmin对mysql数据库进行操控 八、安装SnortCenter # cp snortcenter-v1.0-RC1.tar.gz /usr/local/apache2/htdocs # tar zxvf snortcenter-v1.0-RC1.tar.gz # mv www sc # vi sc/config.php # 改以下内容 $DBlib_path /usr/local/apache2/htdocs/adodb/ $curl_path /usr/bin; $DBtype mysql; $DB_dbname snortcenter; # $DB_dbname : MySQL database name of SnortCenter DB $DB_host localhost; # $DB_host : host on which the DB is stored $DB_user root; # $DB_user : login to the database w ith this user $DB_password 123456; # $DB_password : password of the DB user $DB_port ; # $DB_port : port on which to access the DB (blank is default) 数据库密码改成你自己的 # 修改好后保存退出。 # 然后创建snortcenter的数据库 # mysql -uroot -p123456 # create database snortcenter; # quit; # 在浏览器上键入http://192.168.0.11/sc他会自动创建数据表然后再次登入会让你输入用户名和密码初始是admin,change. CREATE TABLE dbname.schema (vseq int(10) unsigned NOT NULL default 0,ctime datetime NOT NULL default 0000-00-00 00:00:00) TYPEMyISAM; # 然后我们安装snortcenter-agent-v1.0-RC1.tar.gz # cp snortcenter-agent-v1.0-RC1.tar.gz /opt # cd /opt # tar zxvf snortcenter-agent-v1.0-RC1.tar.gz # cd sensor # ./setup.sh回答几个问题即完成安装默认端口2525。 # cp /etc/snort.conf /etc/snort.eth0.conf 本文转自wiliiwin 51CTO博客原文链接:http://blog.51cto.com/wiliiwin/199235
