閱讀338 返回首頁    go 人物

Snort IDS安裝總結—– by 小牛(原創)

Snort IDS 係統安裝手冊

1. 運行環境: (LAMP)

yum -y install  mysql mysql-bench mysql-server mysql-devel php php-mysql php-pear httpd gcc pcre-devel php-gd gd mod_ssl glib2-devel gcc-c++ bison libpcap pcre tcpdump flex libpcap-devel libtool php-mbstring

2. 相關站點:

https://base.secureideas.net/

https://www.snort.org/

3. 下載源碼包:

snortrules-snapshot-CURRENT.tar.gz

snort-2.8.5.3.tar.gz

base-1.4.5.tar.gz

adodb4991.tgz

放到 /root/soft/

4. 安裝程序及規則文件:

tar zxf snort-2.8.5.3.tar.gz

cd snort-2.8.5.3

tar zxf ../snortrules-snapshot-CURRENT.tar.gz

./configure –prefix=/usr/local/snort –enable-dynamicplugin –with-mysql

make && make install

5. 移動配置文件及規則文件:

cd /root/soft/snort-2.8.5.3/

cp etc /usr/local/snort/ -r

cp rules /usr/local/snort/ -r

mkdir /var/log/snort/

6. 修改主配置文件:

vim /usr/local/snort/etc/snort.conf

# 定義網絡段

var HOME_NET 192.168.21.0/2

# 定義路徑

var RULE_PATH /usr/local/snort/rules

# 注釋下麵的語句,否則出錯

# config detection: max_queue_events 5

#定義路徑

dynamicpreprocessor directory /usr/local/snort/lib/snort_dynamicpreprocessor

#定義路徑

dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so

# 注釋,否則出錯

# dynamicdetection directory /usr/local/lib/snort_dynamicrules/

#注釋SSH段,測試出錯

# preprocessor ssh: server_ports { 22 } \

# max_client_bytes 19600 \

# max_encrypted_packets 20 \

# disable_srvoverflow \

# disable_protomismatch \

# disable_badmsgdir

#配置數據庫連接並日誌寫入數據庫

output database: log, mysql, user=snort password=snort dbname=snort host=localhost

7. 配置Mysql:

mysql -uroot -p

create database snort;

grant all privileges on snort.* to ’snort’@'%’ identified by ’snort’;

flush privileges;

source /root/soft/snort-2.8.5.3/schemas/create_mysql

quit;

8. 測試配置:

cd /usr/local/snort/bin

./snort -T -c ../etc/snort.conf

9. 啟動Deamon模式:

cd /usr/local/snort/bin

./snort -T -c ../etc/snort.conf –D

10. 配置BASE前端界麵:

tar zxf base-1.4.5.tar.gz

mv base-1.4.5 /var/www/html/base

chmod o+w /var/www/html/base

cd ~

tar zxf adodb.tgz

mv adodb /var/www/html/adodb

11. 在瀏覽器端安裝Base:

訪問: https://192.168.10.128/base進行安裝

安裝過程中注意:如果你的adodb文件放在

/var/www/html/adodb

安裝的時候 一定要把路徑寫全

另外語言選擇中文簡體

最後更新:2017-01-04 22:34:35

  上一篇:go 升級至 Fedora 11
  下一篇:go 使用linux下的TC進行服務器流量控製