免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 658 | 回复: 0

Linux系统下搭建SNORT入侵检测系统 [复制链接]

论坛徽章:
0
发表于 2008-02-21 10:24 |显示全部楼层
1、安装apache
 
  tar zxvf apache-(版本号)—— 解压apache
 
  进入解压目录。
 
  /configure ——prefix=/usr/local/apache ——enable-so ——enable-rewrite
 
  make
 
  make install
 
  /usr/local/apache/bin/apachectl start 启动APACHE
 
  
http://XXX.XXX.XXX.XXX

服务器
IP地址) 测试APACHE
 
  2、安装mysql
 
  groupadd mysql
 
  useradd -g mysql mysql
 
  tar zxvf mysql-(版本号) —— 解压mysql
 
  进入解压目录。
 
  /configure ——prefix=/usr/local/mysql ——with-charset=gb2312/gbk
 
  make
 
  make install
 
  进入supportsfiles目录
 
  cp my_medium.cnf /etc/my.cnf
 
  /usr/local/mysql/bin/mysql_install_db ——user=mysql
 
  chown -R root /usr/local/mysql
 
  chown -R mysql /usr/local/mysql/var
 
  chgrp -R mysql /usr/local/mysql
 
  /usr/local/mysql/share/mysql/bin/mysql.server start 启动MYSQL
 
  /usr/local/mysql/bin/mysqladmin -u root password XXXX
 
  /usr/local/mysql/bin/mysql -u root -p
 
  password:
 
  mysql>
 
  3、安装PHP
 
  tar zxvf php-(版本号)
 
  进入解压目录
 
  
。/configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs \
--with-mysql=/usr/local/mysql \
--with-config_file_path=/usr/local/php \
make
make install
cp php.ini_dist /usr/local/lib/php.ini
vi /usr/local/lib/php.ini
更改365行 off为on
vi /usr/local/apache/conf/httpd.conf
DireltoryIndex 后加index.php
AddType applicontion/X-httpd-php .php
vi /usr/local/apache/htdocs/test/php
phpinfo()
?>
 
  重新启动APACHE
 
  
http://XXX.XXX.XXX.XXX/test.php
 
  4、安装pcre
 
  tar zxvf pcre-(版本号)
 
  进入解压目录
 
  。/configure
 
  make
 
  make install
5、安装snort
 
  tar zxvf snort-(版本号)
 
  进入解压目录
 
  。/configure ——with-mysql=/usr/local/mysql
 
  make
 
  make install
 
  6、安装snort规则库
 
  tar zxvf snort rules-(版本号)
 
  生成etc、doc、rules、so.rules四个目录
 
  mkdir /etc/snort
 
  mkdir /etc/snort/rules
 
  mkdir /var/log/snort
 
  cp -R rules/* /etc/snort/
 
  cp etc/* /etc/snort
 
  vi /etc/snort/snort.conf
 
  46行改为:var HOME_NET XXX.XXX.XXX.0/24
 
  111行改为:var Rules_PATH /etc/snort/rules
 
  764行改为:output database:log,mysql,user=root,password=XXXX(密码同上),dbname=snort
 
  host=localhost
 
  863——874行去掉#
 
  7、创建snort数据库。
 
  
/mysql -u root -p
mysql>create database snort;
>grant INSERT,SELECT on root .* to snort@localhost
>exit
./mydql -u root -p use snort
mysql>show tables
  8、安装adodb
 
  tar zxvf adodb-(版本号)
 
  cp adodb /usr/local/apache/htdocs
 
  9、安装jpgraph
 
  tar zxvf jpgraph-(版本号)
 
  移动解压目录到/usr/local/apache/htdocs,并改名为jpgraph
 
  10、安装acid
 
  tar zxvf acid-(版本号)
 
  移动解压目录到/usr/local/apache/htdocs,并改名为acid
 
  vi /acid/acid_conf.php
 
  $DBlib_Path='/usr/local/apache/htdocs/adodb';
 
  $alert_dbname="snort";
 
  $alert_host="localhost";
 
  $alert_port="";
 
  $alert_user="root";
 
  $alert_password="xxxxx(同上)";
 
  $archive_dbname="snort";
 
  $archive_host="localhost";
 
  $archive_port="";
 
  $archive_user="root";
 
  $archive_password="xxxxx(同上)";
 
  $charlLib_path="/usr/local/apache/htdocs/jpgraph/src";
 
  $charl_file_format="png";
 
  11、
http://xxx.xxx.xxx.xxx/acid
测试
 
  注: 在安装前应先将编译工具安装。


本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/12364/showart_481589.html
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP