前一段一直在做snort入侵檢測系統(tǒng)的安裝以及配置，看了很多的網(wǎng)上資料，也算是總結(jié)了下前輩的經(jīng)驗(yàn)吧。

需要的軟件包：

1、httpd-2.2.6.tar.gz

2、mysql-5.1.22-rc-linux-i686-icc-glibc23.tar.gz

3、php-5.2.4.tar.bz2
4、acid-0.9.6b23.tar.gz

5、adodb4991.tgz

6、jpgraph-1.26.tar.gz

7、libpcap-1.0.0.tar.gz

8、pcre-7.8.tar.gz

9、snort-2.8.3.1.tar.gz

10、snortcenter-agent-v1.0-RC1.tar.gz

11、snortcenter-v1.0-RC1.tar.gz

12、zlib-1.2.3.tar.gz

?

關(guān)于apache，php，mysql的安裝看另外的文檔

?

一、安裝snort的支持包

?

1、安裝libpcap包

#?tar?zxvf?libpcap-0.7.2.tar.gz

#?cd?libpcap-0.7.2

#?./configure

#?make

#?make?install

?

2、安裝pcre包

#?tar?zxvf?pcre-7.8.tar.gz

#?./configure

#?make

#?make?install

?

3、安裝zlib包

#?tar?zxvf?zlib-1.2.3.tar.gz

#?./configure

#?make

#?make?install

?

二、安裝snort

?

#?tar?zxvf?snort-2.8.3.1.tar.gz

#?cd?snort-2.8.3.1

#?./configure?--with-mysql=/usr/local/mysql

#?make?

#?make?install

#?cd?preproc_rules?

#?mkdir?/etc/snort

#?mkdir?/var/log/snort

#?cp?*?/etc/snort

#?cd?../etc

#?cp?snort.conf?/etc/snort

#?cp?*.config?/etc/snort

#?cd

#?vi?/etc/snort/snort.conf?
<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->

?“#?var?HOME_NET?10.1.1.0/24”改成“var?HOME_NET?192.168.0.0/24”你自己LAN內(nèi)的地址，把前面的#號(hào)去掉。

?

?“var?RULE_PATH?../rules”改成“var?RULE_PATH?/etc/snort”

?

#output?database:?log,?mysql,?user=root?password=test?dbname=db?host=localhost”

?

“output?database:?log,?mysql,?user=root?password=123456?dbname=snort?host=localhost”?密碼改成你自己的，把前面的#號(hào)去掉。

?

?把

#?include?$RULE_PATH/web-attacks.rules

#?include?$RULE_PATH/backdoor.rules

#?include?$RULE_PATH/shellcode.rules

#?include?$RULE_PATH/policy.rules

#?include?$RULE_PATH/porn.rules

#?include?$RULE_PATH/info.rules

#?include?$RULE_PATH/icmp-info.rules

?include?$RULE_PATH/virus.rules

#?include?$RULE_PATH/chat.rules

#?include?$RULE_PATH/multimedia.rules

#?include?$RULE_PATH/p2p.rules????????????//前面的#號(hào)刪除。

?

修改完畢后，保存退出。

?

三、建立snort數(shù)據(jù)庫

?

#?/usr/local/mysql/bin/mysql?-uroot?-p123456

#?create?database?snort;

#?grant?INSERT,SELECT?on?root.*?to?snort@localhost;

#?exit

#?cd?/usr/local/src/snort-2.8.3.1/schemas #?/usr/local/mysql/bin/mysql?-uroot?-p123456?<?create_mysql?snort

?

#?進(jìn)入mysql數(shù)據(jù)庫，看看snort數(shù)據(jù)庫中的表：

#?/usr/local/mysql/bin/mysql?-uroot?-p123456?
<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->

mysql>show?databases;?
+------------+?
|?Database?
+------------+?
|?mysql?
|?snort?
|?test?
+------------+?
3?rows?in?set?(0.00?sec)?
mysql>use?snort;?
mysql>show?tables;?將會(huì)有這些：?
+------------------+?
|?Tables_in_snort?|?
+------------------+?
|?data?
|?detail?
|?encoding?
|?event?
|?flags?
|?icmphdr?
|?iphdr?
|?opt?
|?protocols?
|?reference?
|?reference_system?
|?schema?
|?sensor?
|?services?
|?sig_class?
|?sig_reference?
|?signature?
|?tcphdr?
|?udphdr?
+------------------+?
19?rows?in?set?(0.00?sec)?
mysql>exit

?

snort的chkconfig管理

?

cd /root/snort-2.8.3.1/rpm

cp snortd /etc/init.d/

chmod 755 /etc/init.d/snortd

chkconfig --add snortd

chkconfig --level 35 snortd on

?

四、安裝設(shè)置Acid

?

#?把acid-0.9.6b23.tar.gz、adodb4991.tgz、jpgraph-1.26.tar.gz放到網(wǎng)頁根目錄，我這里是默認(rèn)的。 #?cp?a*.*?/usr/local/apache2/htdocs

# cp?jpgraph-1.26.tar.gz?/usr/local/apache2/htdocs

#?tar?zxvf?adodb4991.tgz

#?tar?zxvf?jpgraph-1.26.tar.gz?
#?mv?jpgraph-1.26?jpgraph?
#?tar?zxvf?acid-0.9.6b23.tar.gz
#?cd?acid?
#?vi?acid_conf.php?
把“$DBlib_path?=?"";”??改成“$DBlib_path?=?"/usr/local/apache2/htdocs/adodb”?

#?$alert_dbname???=?"snort_log";??//改成snort?
??$alert_host?????=?"localhost";?
??$alert_port?????=?"";?
??$alert_user?????=?"root";?
??$alert_password?=?"mypassword";?//改成你的數(shù)據(jù)庫密碼?

??/*?Archive?DB?connection?parameters?*/?
??$archive_dbname???=?"snort_archive";??//改成snort?
??$archive_host?????=?"localhost";?
??$archive_port?????=?"";?
??$archive_user?????=?"root";?
??$archive_password?=?"mypassword";”??//改成你的數(shù)據(jù)庫密碼?

#?把“$ChartLib_path?=?"";”??改成“$ChartLib_path?=?"/usr/local/apache2/htdocs/jpgraph/src”?

#?修改完畢后，保存退出。

?

六、進(jìn)入web界面：

#?http://yourhost/acid/acid_main.php，點(diǎn)"Setup?Page"鏈接?->Create?Acid?AG?
#?訪問http://yourhost/acid將會(huì)看到ACID界面。

?

七、測試IDS

#?利用nmap,nessus,CIS或X-scan對(duì)系統(tǒng)進(jìn)行掃描，產(chǎn)生告警紀(jì)錄。?
#?http://yourhost/acid?察看紀(jì)錄。?
#?至此，一個(gè)功能強(qiáng)大的IDS設(shè)置完畢。各位能利用web界面遠(yuǎn)程登陸，監(jiān)視主機(jī)所處局域網(wǎng)，同時(shí)安裝??phpMyAdmin或webmin對(duì)mysql數(shù)據(jù)庫進(jìn)行操控

?

?

八、安裝SnortCenter

?

#?cp?snortcenter-v1.0-RC1.tar.gz?/usr/local/apache2/htdocs?
#?tar?zxvf?snortcenter-v1.0-RC1.tar.gz?
#?mv?www?sc?
#?vi?sc/config.php
#?改以下內(nèi)容：?
$DBlib_path?=?"/usr/local/apache2/htdocs/adodb/?

$curl_path?=?"/usr/bin";?

$DBtype?=?"mysql";?

$DB_dbname???=?"snortcenter";???????????#?$DB_dbname???:?MySQL?database?name?of?
SnortCenter?DB?
$DB_host?????=?"localhost";?????????????#?$DB_host?????:?host?on?which?the?DB?is?
?stored?
$DB_user?????=?"root";??????????????????#?$DB_user?????:?login?to?the?database?w?
ith?this?user?
$DB_password?=?"123456";????????????????????????#?$DB_password?:?password?of?the?
?DB?user?
$DB_port?????=?"";??????????????????????#?$DB_port?????:?port?on?which?to?access?
?the?DB?(blank?is?default)?
（數(shù)據(jù)庫密碼改成你自己的）?
#?修改好后，保存退出。?
#?然后創(chuàng)建snortcenter的數(shù)據(jù)庫?
#?mysql?-uroot?-p123456?
#?create?database?snortcenter;?
#?quit;?
#?在瀏覽器上鍵入http://192.168.0.11/sc，他會(huì)自動(dòng)創(chuàng)建數(shù)據(jù)表，然后再次登入會(huì)讓你輸入用戶名和密碼，初始是admin,change.

?

CREATE TABLE dbname.schema (vseq int(10) unsigned NOT NULL default '0',ctime datetime NOT NULL default '0000-00-00 00:00:00') TYPE=MyISAM;

#?然后我們安裝snortcenter-agent-v1.0-RC1.tar.gz?
#?cp?snortcenter-agent-v1.0-RC1.tar.gz?/opt?
#?cd?/opt?
#?tar?zxvf?snortcenter-agent-v1.0-RC1.tar.gz?
#?cd?sensor?
#?./setup.sh，回答幾個(gè)問題即完成安裝，默認(rèn)端口2525。?
#?cp?/etc/snort.conf?/etc/snort.eth0.conf

本文轉(zhuǎn)自wiliiwin 51CTO博客，原文鏈接:http://blog.51cto.com/wiliiwin/199235

總結(jié)

以上是生活随笔為你收集整理的snort的详细配置的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。