位置: Linuxeden主页>系统安全>

Linux操作系统下搭建SNORT入侵检测系统

来源:赛迪网 作者:sxith
   

1、安装apache

 

tar zxvf apache-(版本号)------- 解压apache

 

进入解压目录。

 

/configure --prefix=/usr/local/apache --enable-so --enable-rewrite

 

make

 

make install

 

/usr/local/apache/bin/apachectl start 启动APACHE

 

http://XXX.XXX.XXX.XXX(服务器IP地址) 测试APACHE

 

2、安装mysql

 

groupadd mysql

 

useradd -g mysql mysql

 

tar zxvf mysql-(版本号) --------- 解压mysql

 

进入解压目录。

 

/configure --prefix=/usr/local/mysql --with-charset=gb2312/gbk

 

make

 

make install

 

进入supportsfiles目录

 

cp my_medium.cnf /etc/my.cnf

 

/usr/local/mysql/bin/mysql_install_db --user=mysql

 

chown -R root /usr/local/mysql

 

chown -R mysql /usr/local/mysql/var

 

chgrp -R mysql /usr/local/mysql

 

/usr/local/mysql/share/mysql/bin/mysql.server start 启动MYSQL

 

/usr/local/mysql/bin/mysqladmin -u root password XXXX

 

/usr/local/mysql/bin/mysql -u root -p

 

password:

 

mysql>

 

3、安装PHP

 

tar zxvf php-(版本号)

 

进入解压目录

 

 

 

。/configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs \

--with-mysql=/usr/local/mysql \

--with-config_file_path=/usr/local/php \

make

make install

cp php.ini_dist /usr/local/lib/php.ini

vi /usr/local/lib/php.ini

更改365行 off为on

vi /usr/local/apache/conf/httpd.conf

DireltoryIndex 后加index.php

AddType applicontion/X-httpd-php .php

vi /usr/local/apache/htdocs/test/php


phpinfo()

?>

 

重新启动APACHE

 

http://XXX.XXX.XXX.XXX/test.php

 

4、安装pcre

 

tar zxvf pcre-(版本号)

 

进入解压目录

 

。/configure

 

make

 

make install

 

 

5、安装snort

 

tar zxvf snort-(版本号)

 

进入解压目录

 

。/configure --with-mysql=/usr/local/mysql

 

make

 

make install

 

6、安装snort规则库

 

tar zxvf snort rules-(版本号)

 

生成etc、doc、rules、so.rules四个目录

 

mkdir /etc/snort

 

mkdir /etc/snort/rules

 

mkdir /var/log/snort

 

cp -R rules/* /etc/snort/

 

cp etc/* /etc/snort

 

vi /etc/snort/snort.conf

 

46行改为:var HOME_NET XXX.XXX.XXX.0/24

 

111行改为:var Rules_PATH /etc/snort/rules

 

764行改为:output database:log,mysql,user=root,password=XXXX(密码同上),dbname=snort

 

host=localhost

 

863--874行去掉#

 

7、创建snort数据库。

 

 

/mysql -u root -p

mysql>create database snort;

>grant INSERT,SELECT on root .* to snort@localhost

>exit

./mydql -u root -p < /usr/local/src/snort-(版本号)/schemas/create_mysql snort

mysql>use snort

mysql>show tables

 

8、安装adodb

 

tar zxvf adodb-(版本号)

 

cp adodb /usr/local/apache/htdocs

 

9、安装jpgraph

 

tar zxvf jpgraph-(版本号)

 

移动解压目录到/usr/local/apache/htdocs,并改名为jpgraph

 

10、安装acid

 

tar zxvf acid-(版本号)

 

移动解压目录到/usr/local/apache/htdocs,并改名为acid

 

vi /acid/acid_conf.php

 

$DBlib_Path='/usr/local/apache/htdocs/adodb';

 

$alert_dbname="snort";

 

$alert_host="localhost";

 

$alert_port="";

 

$alert_user="root";

 

$alert_password="xxxxx(同上)";

 

$archive_dbname="snort";

 

$archive_host="localhost";

 

$archive_port="";

 

$archive_user="root";

 

$archive_password="xxxxx(同上)";

 

$charlLib_path="/usr/local/apache/htdocs/jpgraph/src";

 

$charl_file_format="png";

 

11、http://xxx.xxx.xxx.xxx/acid 测试

 

注: 在安装前应先将编译工具安装。

(责任编辑:A6)

时间:2008-02-20 13:31 来源:赛迪网 作者:sxith 原文链接

好文,顶一下
(0)
0%
文章真差,踩一下
(0)
0%
------分隔线----------------------------


把开源带在你的身边-精美linux小纪念品
文章分类
软件导航
论坛导航
论坛精华
一周热点
无觅相关文章插件,快速提升流量