入侵防御

SNORT入侵检测系统2

发布时间:2008-10-08 19:36:13 作者:佚名

10.安装 Snort2.4.4



  10.1建立snort配置文件和日志目录



  #mkdir /etc/snort

  #mkdir /var/log/snort

  #tar -zxvf snort-2.4.4.tar.gz

  #cd snort-2.4.4

  #./configure --with-mysql=/usr/local/mysql

  #make

#make install

注意,我在编译snort时出现“ERROR! Libpcre header not found, go get it from”的错误。这是因为少安装了一个lib的库,如果谁出现了这样的问题,就到ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ 下载最新的pcre库进行安装。

方法: #tar -zxvf pcre-6.7.tar.gz

#./configure

#make

#make check

#make install

  10.2安装规则和配置文件

#cd /etc/snort/

#tar ?zxvf /ruanjian/snortrules-snapshot-2.4.tar.gz

  #cd /etc/snort/rules (在snort安装目录下)

  #cp *.conf /etc/snort/.

  #cp *.config /etc/snort/.

#cp *.map /etc/snort/.

10.3修改snort.conf (/etc/snort/snort.conf)

  var HOME_NET 172.17.4.0/24 (修改为你的内部网网络地址)

var RULE_PATH ./rules 修改为 var RULE_PATH /etc/snort/



  改变记录日志数据库:

log与alert数据库要分别建,否则snort启动当有事件发生时候要出错

  output database: log, mysql, user=root password=your_password dbname=snort host=localhost

output database: alert, mysql, user=root password=your_password dbname=snort host=localhost






安装DB表:(在schemas 目录)

/usr/local/mysql/bin/mysql -u root -p <create_mysql snort //为snort建立数据表

11.安装配置Web接口



  安装JPGraph2.1.1

  #cp jpgraph-2.1.1.tar.gz /home

#cd /home

  #tar -xzvf jpgraph-2.1.1.tar.gz

#mv jpgraph-2.1.1 jpgraph

  

  安装ADODB:

  #cp adodb480.gz /home

#cd /home

#tar -xzvf adodb480.gz



  安装配置Acid:

  #cp acid-0.9.6b23.tar.gz /home

#cd /home

#tar -xvzf acid-0.9.6b23.tar.gz

#cd /home/acid/



  编辑acid_conf.php,修改相关配置如下:

$DBlib_path = "/home/adodb";

$DBtype = "mysql";

$alert_dbname = "snort";

$alert_host = "localhost";

$alert_port = "";

$alert_user = "root";

$alert_password = "xiangqian";

$archive_dbname = "snort";

$archive_host = "localhost";

$archive_port = "";

$archive_user = "root";

$archive_password = "xiangqian";

$ChartLib_path = "/home/jpgraph/src";



运行snort把数据写入mysql

# snort -c /etc/snort/snort.conf



进入web界面:

http://yourhost/acid/acid_main.php

点"Setup Page"链接 ->Create Acid AG

访问http://yourhost/acid将会看到ACID界面。

相关文章
最新更新
业界资讯
网友评论