Chinaunix

标题: RH AS3.0安装snort手记 [打印本页]

作者: luomingxue 时间: 2004-03-14 12:21
标题: RH AS3.0安装snort手记
开始用的是snort-2.0.2-5.i386.rpm，
用/etc/rc.d/init.d/snortd start
可以起来，不过过两分钟就死了。
用/etc/rc.d/init.d/snortd status查，
snort dead but subsys locked
没有出错信息! /var/log/message 里看不到error。
因为是daemon,死的静悄悄。
想到不用daemon
把/etc/rc.d/init.d/snortd 里启动参数 -D 去掉，
/usr/local/bin/snort -b -d -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
原来是
segmentation fault！

，换snort-2.1.1-0.rhel3.dag.i386.rpm
rpm -i 就segmentation fault
再换
snort-2.1.1-1.i386.rpm
rpm -i 就 hang,faint!

end up building from source
got snort-2.1.1.tar.gz
follow
http://www.snort.org/docs/snort_acid_rh9.pdf page 14
basicly (I did not use mysql to store data)

groupadd snort
useradd -g snort snort
mkdir /etc/snort
mkdir /var/log/snort
tar -xvzf snort-2.X.X.tar.gz
cd snort-2.X.X
./configure
make
make install

you'll find snort under /usr/local/bin

Don't forget download ruels to /etc/snort dir
e.g. snortrules-stable.tar.gz
and make sure it matches what snort.conf says about rule dir

I use the old /etc/init.d/snortd and link it to rc3.d
change /usr/sbin/snort to /usr/local/bin/snort in /etc/init.d/snortd

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)