免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 3197 | 回复: 7

Solaris9下snort+base+apache+php配置文档 [复制链接]

论坛徽章:
0
发表于 2006-01-05 13:52 |显示全部楼层
作者:yanghz   2005-12-30

机器配置如下所示:
# prtdiag
System Configuration:  Sun Microsystems  sun4u Sun Fire V100 (UltraSPARC-IIe 548MHz)
System clock frequency: 100 MHz
Memory size: 512 Megabytes

========================= CPUs =========================

                    Run   Ecache   CPU    CPU
Brd  CPU   Module   MHz     MB    Impl.   Mask
---  ---  -------  -----  ------  ------  ----
0     0     0      548     0.5   13       3.3

安装所需要的二进制包都可以从http://www.sunfreeware.com下载
gcc-3.3.2-sol9-sparc-local.gz
flex-2.5.31-sol9-sparc-local.gz
autoconf-2.59-sol9-sparc-local.gz
m4-1.4.2-sol9-sparc-local.gz
bison-1.875d-sol9-sparc-local.gz
ncurses-5.4-sol9-sparc-local.gz
mysql-4.0.21-sol9-sparc-local.gz
expat-1.95.5-sol9-sparc-local.gz
libiconv-1.8-sol9-sparc-local.gz
gdbm-1.8.3-sol9-sparc-local.gz
db-4.2.52.NC-sol9-sparc-local.gz
openssl-0.9.7g-sol9-sparc-local.gz
apache-2.0.54-sol9-sparc-local.gz
libxml2-2.6.16-sol9-sparc-local.gz
zlib-1.2.2-sol9-sparc-local.gz
perl-5.8.5-sol9-sparc-local.gz
gd-2.0.33-sol9-sparc-local.gz
libtool-1.5-sol9-sparc-local.gz
libpng-1.2.8-sol9-sparc-local.gz
jpeg-6b-sol9-sparc-local.gz

其他的软件如下,都可以从相应的网站下载最新的版本
php-5.0.5.tar.gz
libpcap-0.9.4.tar.gz
pcre-6.4.tar.gz
snort-2.4.3.tar.gz
snortrules-snapshot-CURRENT_20051214.tar.gz
adodb468.tgz
base-1.2.1.tar.gz

两块网卡,dmfe0做服务,dmfe1做监听接到一个cicso交换机的SPAN monitoring口上

1,安装操作系统,我用jumpstart安装,安装的是SUNWCprog,安装完添加普通用户
# useradd -d /export/home/yang -m -s /bin/bash yang
# passwd yang

2,编辑/etc/inetd.conf,只剩下ftp服务
# vi /etc/inetd.conf
ftp     stream  tcp6    nowait  root    /usr/sbin/in.ftpd       in.ftpd -a

ftp的配置
vi /etc/ftpd/ftpaccess
defaultserver allow yang    # 允许用户yang使用ftp
defaultserver deny *        # 拒绝所有系统用户使用ftp
defaultserver private       # 关闭匿名服务
restricted-uid *            # 限制在自己的主目录

ftpusers文件中一定要有root,禁止root使用ftp,在/etc/ftpd/目录下

3,停掉不需要的服务
例如:
# cd /etc/rc2.d
# mv S73nfs.client K73nfs.client
# mv S74xntpd K74xntpd
# mv S80lp K80lp
# mv S88sendmail K88sendmail

# cd /etc/rc3.d
# mv S15nfs.server K15nfs.server
# mv S90samba K90Samba

4,禁止缓冲溢出,在/etc/system里加上如下语句
# vi /etc/system
set noexec_user_stack=1
set noexec_user_stack_log=1

5,防止TCP序列号预测攻击(ip欺骗) ,将ISN序列号的生成强度提高到2
# vi /etc/default/inetinit
TCP_STRONG_ISS=2

6,sshd的配置,只允许指定的用户访问
# vi /etc/ssh/sshd_config
AllowUsers yang

7,修改主机名,添加第二块网卡
# vi /etc/nodename
forum.vst-group.com

# vi /etc/hosts
192.168.1.236   forum.vst-group.com     loghost
192.168.1.235   forum2

# vi /etc/hostname.dmfe0
forum.vst-group.com

# vi /etc/hostname.dmfe1
forum2

# ifconfig dmfe1 plumb
# ifconfig dmfe1 up

8,安装gcc
# gunzip gcc-3.3.2-sol9-sparc-local.gz
# pkgadd -d gcc-3.3.2-sol9-sparc-local

9,安装flex,bison
# gunzip flex-2.5.31-sol9-sparc-local.gz
# pkgadd -d flex-2.5.31-sol9-sparc-local   

# gunzip autoconf-2.59-sol9-sparc-local.gz
# pkgadd -d autoconf-2.59-sol9-sparc-local

# gunzip m4-1.4.2-sol9-sparc-local.gz
# pkgadd -d m4-1.4.2-sol9-sparc-local

# gunzip bison-1.875d-sol9-sparc-local.gz
# pkgadd -d bison-1.875d-sol9-sparc-local

9,安装mysql
# gunzip ncurses-5.4-sol9-sparc-local.gz
# pkgadd -d ncurses-5.4-sol9-sparc-local
# gunzip mysql-4.0.21-sol9-sparc-local.gz
# pkgadd -d mysql-4.0.21-sol9-sparc-local

# groupadd mysql
# useradd -g mysql mysql

# vi /etc/profile
PATH=$PATH:/sbin:/usr/local/bin:/usr/local/mysql/bin:/usr/ccs/bin

# ln -s /usr/bin/hostname /usr/local/bin/hostname
# mysql_install_db --user=mysql
# mysqld_safe --user=mysql &

# cp share/mysql/mysql.server /etc/init.d/
# ln -s /etc/init.d/mysql.server /etc/rc3.d/S90mysqld

10,安装apache2.0.54
# gunzip expat-1.95.5-sol9-sparc-local.gz
# pkgadd -d expat-1.95.5-sol9-sparc-local

# gunzip libiconv-1.8-sol9-sparc-local.gz
# pkgadd -d libiconv-1.8-sol9-sparc-local

# gunzip gdbm-1.8.3-sol9-sparc-local.gz
# pkgadd -d gdbm-1.8.3-sol9-sparc-local

# gunzip db-4.2.52.NC-sol9-sparc-local.gz
# pkgadd -d db-4.2.52.NC-sol9-sparc-local

# gunzip openssl-0.9.7g-sol9-sparc-local.gz
# pkgadd -d openssl-0.9.7g-sol9-sparc-local

# gunzip apache-2.0.54-sol9-sparc-local.gz
# pkgadd -d apache-2.0.54-sol9-sparc-local

# cd /usr/local/apache2/conf
# cp httpd-std.conf httpd.conf

# /usr/local/apache2/bin/apachectl start

11,安装php (--with-gd)
# gunzip libxml2-2.6.16-sol9-sparc-local.gz
# pkgadd -d libxml2-2.6.16-sol9-sparc-local

# gunzip zlib-1.2.2-sol9-sparc-local.gz
# pkgadd -d zlib-1.2.2-sol9-sparc-local

# gunzip perl-5.8.5-sol9-sparc-local.gz
# pkgadd -d perl-5.8.5-sol9-sparc-local

# gunzip gd-2.0.33-sol9-sparc-local.gz
# pkgadd -d gd-2.0.33-sol9-sparc-local

# gunzip libtool-1.5-sol9-sparc-local.gz
# pkgadd -d libtool-1.5-sol9-sparc-local

# gunzip libpng-1.2.8-sol9-sparc-local.gz
# pkgadd -d libpng-1.2.8-sol9-sparc-local

# gunzip jpeg-6b-sol9-sparc-local.gz
# pkgadd -d jpeg-6b-sol9-sparc-local

php编译安装
# gunzip php-5.0.5.tar.gz
# tar xf php-5.0.5.tar
# cd php-5.0.5
# ./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql \
--with-apxs2=/usr/local/apache2/bin/apxs --enable-force-cgi-redirect \
--with-libxml-dir  --with-openssl --with-zlib --with-pear --with-gd
# make
# make test
安装需要sed程序在/usr/local/bin目录下
# ln -s /usr/bin/sed /usr/local/bin/sed
# make install

# cp php.ini-dist /usr/local/lib/php.ini

重启apache
# /usr/local/apache2/bin/apachectl stop
# /usr/local/apache2/bin/apachectl start


12,安装libpcap,snort

# gunzip libpcap-0.9.4.tar.gz
# tar xf libpcap-0.9.4.tar
# cd libpcap-0.9.4
# ./configure
# make
# make install

编译snort需要pcre,
下载pcre ftp://ftp.csx.cam.ac.uk/pub/soft ... cre/pcre-6.4.tar.gz
# gunzip -c pcre-6.4.tar.gz | tar xf -
# cd pcre-6.4
# ./configure
# make
# make install

# gunzip -c snort-2.4.3.tar.gz | tar xf -
# cd snort-2.4.3
# ./configure --with-mysql=/usr/local/mysql
# make
# make install

# groupadd snort
# useradd -g snort -s /bin/false snort

# mkdir /etc/snort
# mkdir /etc/snort/rules
# mkdir /var/log/snort

# cd etc
# cp * /etc/snort

配置mysql
# mysqladmin -u root password 'mysql-admin-password'
# mysql -u root -pmysql-admin-password
mysql> create database snort;
mysql> grant all on snort.* to snort@localhost identified by 'snort-password';
mysql> exit;

# mysql -u snort -psnort-password < ./schemas/create_mysql snort

安装规则文件
# gunzip -c snortrules-snapshot-CURRENT_20051214.tar.gz | tar xf -
# cd rules
# cp * /etc/snort/rules

编辑/etc/snort/snort.conf
# vi /etc/snort/snort.conf
var HOME_NET 192.168.1.0/24
var RULE_PATH /etc/snort/rules

preprocessor stream4_reassemble
preprocessor stream4_reassemble: both,ports 21 23 25 53 80 110 111 139 143 445 513 1433

output database: log, mysql, user=snort password=snort-password dbname=snort host=localhost

编辑snort的启动脚本
# vi /etc/init.d/ids
#!/sbin/sh

case "$1" in
start)
        cmdtext="starting"
        (LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/usr/local/mysql/lib/mysql ; \
        export LD_LIBRARY_PATH; \
        snort -dyq -c /etc/snort/snort.conf -i dmfe1 -D) \
        >/dev/null 2>&1
        ;;
stop)
        cmdtext="stopping"
        pid=`ps -ef | grep snort | grep -v grep | awk '{print $2}' - `
        kill -9 $pid >/dev/null 2>&1
        ;;
*)
        echo "Usage: $0 {start|stop}"
        exit 1
        ;;
esac
echo "snort $cmdtext."
exit 0

chmod 755 /etc/init.d/ids
ln -s /etc/init.d/snort /etc/rc3.d/S99ids
注意,脚本的名字不能带有snort字符串

启动,停止snort
# /etc/init.d/ids start
# /etc/init.d/ids stop

13,安装adodb,base
# gunzip -c adodb468.tgz | tar xf -
# cp -r adodb /export/home/

安装PEAR::Image_Graph
# /usr/local/php/bin/pear install Image_Color
# /usr/local/php/bin/pear install Log
# /usr/local/php/bin/pear install Numbers_Roman
# /usr/local/php/bin/pear install http://pear.php.net/get/Numbers_Words-0.13.1.tgz
# /usr/local/php/bin/pear install http://pear.php.net/get/Image_Graph-0.3.0dev4.tgz

安装base
# gunzip -c base-1.2.1.tar.gz | tar xf -
# cp -r base-1.2.1 /export/home
# cd /export/home/base-1.2.1
# cp base_conf.php.dist base_conf.php
# vi base_conf.php
$BASE_urlpath = "/base";
$DBlib_path = "/export/home/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "snort-password";
/* Archive DB connection parameters */
$archive_exists = 0; # Set this to 1 if you have an archive DB

修改apache的httpd.conf文件
# vi /usr/local/apache2/conf/httpd.conf
DirectoryIndex index.html index.htm index.php index.html.var

Alias /base "/export/home/base-1.2.1"
<Directory "/export/home/base-1.2.1">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

# /usr/local/apache2/bin/apachectl stop
# /usr/local/apache2/bin/apachectl start

好了,最后访问http://192.168.1.236/base进去,点击setup page完成最后的安装。

[ 本帖最后由 yanghz 于 2006-1-6 11:08 编辑 ]

论坛徽章:
0
发表于 2006-01-05 13:58 |显示全部楼层
支持,学习!

论坛徽章:
0
发表于 2006-01-05 14:46 |显示全部楼层
不错,支持!

论坛徽章:
0
发表于 2006-01-05 14:53 |显示全部楼层
帖图如下:

论坛徽章:
0
发表于 2006-01-05 14:54 |显示全部楼层

论坛徽章:
0
发表于 2006-01-05 14:55 |显示全部楼层

论坛徽章:
0
发表于 2006-01-05 14:55 |显示全部楼层

论坛徽章:
0
发表于 2006-01-06 13:49 |显示全部楼层
good sc
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP