10.安装 Snort2.4.4
10.1建立snort配置文件和日志目录
#mkdir /etc/snort
#mkdir /var/log/snort
#tar -zxvf snort-2.4.4.tar.gz
#cd snort-2.4.4
#./configure --with-mysql=/usr/local/mysql
#make
#make install
注意,我在编译snort时出现“ERROR! Libpcre header not found, go get it from”的错误。这是因为少安装了一个lib的库,如果谁出现了这样的问题,就到ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ 下载最新的pcre库进行安装。
方法: #tar -zxvf pcre-6.7.tar.gz
#./configure
#make
#make check
#make install
10.2安装规则和配置文件
#cd /etc/snort/
#tar ?zxvf /ruanjian/snortrules-snapshot-2.4.tar.gz
#cd /etc/snort/rules (在snort安装目录下)
#cp *.conf /etc/snort/.
#cp *.config /etc/snort/.
#cp *.map /etc/snort/.
10.3修改snort.conf (/etc/snort/snort.conf)
var HOME_NET 172.17.4.0/24 (修改为你的内部网网络地址)
var RULE_PATH ./rules 修改为 var RULE_PATH /etc/snort/
改变记录日志数据库:
log与alert数据库要分别建,否则snort启动当有事件发生时候要出错
output database: log, mysql, user=root password=your_password dbname=snort host=localhost
output database: alert, mysql, user=root password=your_password dbname=snort host=localhost
安装DB表:(在schemas 目录)
/usr/local/mysql/bin/mysql -u root -p <create_mysql snort //为snort建立数据表
11.安装配置Web接口
安装JPGraph2.1.1
#cp jpgraph-2.1.1.tar.gz /home
#cd /home
#tar -xzvf jpgraph-2.1.1.tar.gz
#mv jpgraph-2.1.1 jpgraph
安装ADODB:
#cp adodb480.gz /home
#cd /home
#tar -xzvf adodb480.gz
安装配置Acid:
#cp acid-0.9.6b23.tar.gz /home
#cd /home
#tar -xvzf acid-0.9.6b23.tar.gz
#cd /home/acid/
编辑acid_conf.php,修改相关配置如下:
$DBlib_path = "/home/adodb";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "root";
$alert_password = "xiangqian";
$archive_dbname = "snort";
$archive_host = "localhost";
$archive_port = "";
$archive_user = "root";
$archive_password = "xiangqian";
$ChartLib_path = "/home/jpgraph/src";
运行snort把数据写入mysql
# snort -c /etc/snort/snort.conf
进入web界面:
http://yourhost/acid/acid_main.php
点"Setup Page"链接 ->Create Acid AG
访问http://yourhost/acid将会看到ACID界面。
【SNORT入侵检测系统2】相关文章:
★ 局域网入侵