阅读338 返回首页    go 人物

Snort IDS安装总结—– by 小牛(原创)

Snort IDS 系统安装手册

1. 运行环境: (LAMP)

yum -y install  mysql mysql-bench mysql-server mysql-devel php php-mysql php-pear httpd gcc pcre-devel php-gd gd mod_ssl glib2-devel gcc-c++ bison libpcap pcre tcpdump flex libpcap-devel libtool php-mbstring

2. 相关站点:

https://base.secureideas.net/

https://www.snort.org/

3. 下载源码包:

snortrules-snapshot-CURRENT.tar.gz

snort-2.8.5.3.tar.gz

base-1.4.5.tar.gz

adodb4991.tgz

放到 /root/soft/

4. 安装程序及规则文件:

tar zxf snort-2.8.5.3.tar.gz

cd snort-2.8.5.3

tar zxf ../snortrules-snapshot-CURRENT.tar.gz

./configure –prefix=/usr/local/snort –enable-dynamicplugin –with-mysql

make && make install

5. 移动配置文件及规则文件:

cd /root/soft/snort-2.8.5.3/

cp etc /usr/local/snort/ -r

cp rules /usr/local/snort/ -r

mkdir /var/log/snort/

6. 修改主配置文件:

vim /usr/local/snort/etc/snort.conf

# 定义网络段

var HOME_NET 192.168.21.0/2

# 定义路径

var RULE_PATH /usr/local/snort/rules

# 注释下面的语句,否则出错

# config detection: max_queue_events 5

#定义路径

dynamicpreprocessor directory /usr/local/snort/lib/snort_dynamicpreprocessor

#定义路径

dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so

# 注释,否则出错

# dynamicdetection directory /usr/local/lib/snort_dynamicrules/

#注释SSH段,测试出错

# preprocessor ssh: server_ports { 22 } \

# max_client_bytes 19600 \

# max_encrypted_packets 20 \

# disable_srvoverflow \

# disable_protomismatch \

# disable_badmsgdir

#配置数据库连接并日志写入数据库

output database: log, mysql, user=snort password=snort dbname=snort host=localhost

7. 配置Mysql:

mysql -uroot -p

create database snort;

grant all privileges on snort.* to ’snort’@'%’ identified by ’snort’;

flush privileges;

source /root/soft/snort-2.8.5.3/schemas/create_mysql

quit;

8. 测试配置:

cd /usr/local/snort/bin

./snort -T -c ../etc/snort.conf

9. 启动Deamon模式:

cd /usr/local/snort/bin

./snort -T -c ../etc/snort.conf –D

10. 配置BASE前端界面:

tar zxf base-1.4.5.tar.gz

mv base-1.4.5 /var/www/html/base

chmod o+w /var/www/html/base

cd ~

tar zxf adodb.tgz

mv adodb /var/www/html/adodb

11. 在浏览器端安装Base:

访问: https://192.168.10.128/base进行安装

安装过程中注意:如果你的adodb文件放在

/var/www/html/adodb

安装的时候 一定要把路径写全

另外语言选择中文简体

最后更新:2017-01-04 22:34:35

  上一篇:go 升级至 Fedora 11
  下一篇:go 使用linux下的TC进行服务器流量控制