SNORT入侵检测系统2
SNORT入侵检测系统2
发布时间:2016-12-21 来源:查字典编辑
摘要:10.安装Snort2.4.410.1建立snort配置文件和日志目录#mkdir/etc/snort#mkdir/var/log/snor...

10.安装 Snort2.4.4

10.1建立snort配置文件和日志目录

#mkdir /etc/snort

#mkdir /var/log/snort

#tar -zxvf snort-2.4.4.tar.gz

#cd snort-2.4.4

#./configure --with-mysql=/usr/local/mysql

#make

#make install

注意,我在编译snort时出现“ERROR! Libpcre header not found, go get it from”的错误。这是因为少安装了一个lib的库,如果谁出现了这样的问题,就到ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ 下载最新的pcre库进行安装。

方法: #tar -zxvf pcre-6.7.tar.gz

#./configure

#make

#make check

#make install

10.2安装规则和配置文件

#cd /etc/snort/

#tar ?zxvf /ruanjian/snortrules-snapshot-2.4.tar.gz

#cd /etc/snort/rules (在snort安装目录下)

#cp *.conf /etc/snort/.

#cp *.config /etc/snort/.

#cp *.map /etc/snort/.

10.3修改snort.conf (/etc/snort/snort.conf)

var HOME_NET 172.17.4.0/24 (修改为你的内部网网络地址)

var RULE_PATH ./rules 修改为 var RULE_PATH /etc/snort/

改变记录日志数据库:

log与alert数据库要分别建,否则snort启动当有事件发生时候要出错

output database: log, mysql, user=root password=your_password dbname=snort host=localhost

output database: alert, mysql, user=root password=your_password dbname=snort host=localhost

安装DB表:(在schemas 目录)

/usr/local/mysql/bin/mysql -u root -p <create_mysql snort //为snort建立数据表

11.安装配置Web接口

安装JPGraph2.1.1

#cp jpgraph-2.1.1.tar.gz /home

#cd /home

#tar -xzvf jpgraph-2.1.1.tar.gz

#mv jpgraph-2.1.1 jpgraph

安装ADODB:

#cp adodb480.gz /home

#cd /home

#tar -xzvf adodb480.gz

安装配置Acid:

#cp acid-0.9.6b23.tar.gz /home

#cd /home

#tar -xvzf acid-0.9.6b23.tar.gz

#cd /home/acid/

编辑acid_conf.php,修改相关配置如下:

$DBlib_path = "/home/adodb";

$DBtype = "mysql";

$alert_dbname = "snort";

$alert_host = "localhost";

$alert_port = "";

$alert_user = "root";

$alert_password = "xiangqian";

$archive_dbname = "snort";

$archive_host = "localhost";

$archive_port = "";

$archive_user = "root";

$archive_password = "xiangqian";

$ChartLib_path = "/home/jpgraph/src";

运行snort把数据写入mysql

# snort -c /etc/snort/snort.conf

进入web界面:

http://yourhost/acid/acid_main.php

点"Setup Page"链接 ->Create Acid AG

访问http://yourhost/acid将会看到ACID界面。

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新黑客入侵学习
热门黑客入侵学习
网络安全子分类