Linux操作系统下搭建SNORT入侵检测系统

来源:岁月联盟 编辑:zhuzhu 时间:2008-02-20
Linux操作系统下搭建SNORT入侵检测系统内容简介:1、安装apache tar zxvf apache-(版本号)------- 解压apache 进入解压目录。 /configure --prefix=/usr/local/apache --enable-so --enable-rewrite make make install /usr/local/apache/bin/apachectl sta

1、安装apache

tar zxvf apache-(版本号)------- 解压apache

进入解压目录。

/configure --prefix=/usr/local/apache --enable-so --enable-rewrite

make

make install

/usr/local/apache/bin/apachectl start 启动APACHE

http://XXX.XXX.XXX.XXX(服务器IP地址) 测试APACHE

2、安装mysql

groupadd mysql

useradd -g mysql mysql

tar zxvf mysql-(版本号) --------- 解压mysql

进入解压目录。

/configure --prefix=/usr/local/mysql --with-charset=gb2312/gbk

make

make install

进入supportsfiles目录

cp my_medium.cnf /etc/my.cnf

/usr/local/mysql/bin/mysql_install_db --user=mysql

chown -R root /usr/local/mysql

chown -R mysql /usr/local/mysql/var

chgrp -R mysql /usr/local/mysql

/usr/local/mysql/share/mysql/bin/mysql.server start 启动MYSQL

/usr/local/mysql/bin/mysqladmin -u root password XXXX

/usr/local/mysql/bin/mysql -u root -p

password:

mysql>

3、安装PHP

tar zxvf php-(版本号)

进入解压目录

。/configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs /--with-mysql=/usr/local/mysql /--with-config_file_path=/usr/local/php /makemake installcp php.ini_dist /usr/local/lib/php.inivi /usr/local/lib/php.ini更改365行 off为onvi /usr/local/apache/conf/httpd.confDireltoryIndex 后加index.phpAddType applicontion/X-httpd-php .phpvi /usr/local/apache/htdocs/test/phpphpinfo()?>

重新启动APACHE

http://XXX.XXX.XXX.XXX/test.php

4、安装pcre

tar zxvf pcre-(版本号)

进入解压目录

。/configure

make

make install

5、安装snort

tar zxvf snort-(版本号)

进入解压目录

。/configure --with-mysql=/usr/local/mysql

make

make install

6、安装snort规则库

tar zxvf snort rules-(版本号)

生成etc、doc、rules、so.rules四个目录

mkdir /etc/snort

mkdir /etc/snort/rules

mkdir /var/log/snort

cp -R rules/* /etc/snort/

cp etc/* /etc/snort

vi /etc/snort/snort.conf

46行改为:var HOME_NET XXX.XXX.XXX.0/24

111行改为:var Rules_PATH /etc/snort/rules

764行改为:output database:log,mysql,user=root,password=XXXX(密码同上),dbname=snort

host=localhost

863--874行去掉#

7、创建snort数据库。

/mysql -u root -pmysql>create database snort;>grant INSERT,SELECT on root .* to snort@localhost>exit./mydql -u root -p < /usr/local/src/snort-(版本号)/schemas/create_mysql snortmysql>use snortmysql>show tables

8、安装adodb

tar zxvf adodb-(版本号)

cp adodb /usr/local/apache/htdocs

9、安装jpgraph

tar zxvf jpgraph-(版本号)

移动解压目录到/usr/local/apache/htdocs,并改名为jpgraph

10、安装acid

tar zxvf acid-(版本号)

移动解压目录到/usr/local/apache/htdocs,并改名为acid

vi /acid/acid_conf.php

$DBlib_Path='/usr/local/apache/htdocs/adodb';

$alert_dbname="snort";

$alert_host="localhost";

$alert_port="";

$alert_user="root";

$alert_password="xxxxx(同上)";

$archive_dbname="snort";

$archive_host="localhost";

$archive_port="";

$archive_user="root";

$archive_password="xxxxx(同上)";

$charlLib_path="/usr/local/apache/htdocs/jpgraph/src";

$charl_file_format="png";

11、http://xxx.xxx.xxx.xxx/acid 测试

注: 在安装前应先将编译工具安装。