系统环境:rh as3+apache+PHP+snort+base
所需snort相关软件包:
adodb462.tgz
base-1.2.6.tar.gz
Image_canvas-0.3.0.tar.gz
//Image_Color-1.0.2.tar.gz
Image_Graph-0.7.2.tar.gz
libpcap-0.9.5.tar.gz
pcre-6.7.tar.gz
snort-2.6.0.tar.gz
snortrules-pr-2.4.tar.gz 下载软件:
wget Http://download.sso.cn/security/ids/snort_base/adodb462.tgzwget http://download.sso.cn/security/ids/snort_base/base-1.2.6.tar.gzwget http://download.sso.cn/security/ids/snort_base/Image_Canvas-0.3.0.tar.gzwget http://download.sso.cn/security/ids/snort_base/Image_Color-1.0.2.tar.gzwget http://download.sso.cn/security/ids/snort_base/Image_Graph-0.7.2.tar.gzwget http://download.sso.cn/security/ids/snort_base/install.txtwget http://download.sso.cn/security/ids/snort_base/libpcap-0.9.5.tar.gzwget http://download.sso.cn/security/ids/snort_base/pcre-6.7.tar.gzwget http://download.sso.cn/security/ids/snort_base/snort-2.6.0.tar.gzwget http://download.sso.cn/security/ids/snort_base/snortrules-pr-2.4.tar.gz 软件安装路径:
snort:
/usr/local/snort
rules:
/usr/local/snort/rules
snort.conf
/usr/local/snort/conf/snort.conf
adodb:
/usr/local/snort/adodb
base:
/usr/local/snort/base
libpcap:
/usr/local/snort/libpcap
pcre
/usr/local/snort/pcre
2 安装snort前提组件libpcap-0.9.5.tar.gz和pcre-6.7.tar.gz
tar zxvf libpcap-0.9.5.tar.gz
cd libpcap-0.9.5
./configure --prefix=/usr/local/snort/libpcap
make
make install
tar zxvf pcre-6.7.tar.gz
cd pcre-6.7
./configure --prefix=/usr/local/snort/pcre
make
make install
3 安装snort-2.6.0.tar.gz并加载plugin
groupadd snort
useradd -g snort -s /sbin/nologin
建立日志文件目录和配置文件目录:
mkdir /var/log/snort
mkdir /usr/local/snort/conf tar zxvf snort-2.6.0.tar.gz
cd snort-2.6.0
./configure --prefix=/usr/local/snort --with-mysql \
--with-libpcap-includes=/usr/local/snort/libpcap/include \
--with-libpcap-libraries=/usr/local/snort/libpcap/lib \
--with-libpcre-includes=/usr/local/snort/pcre/include \
--with-libpcre-libraries=/usr/local/snort/pcre/lib \
--enable-dynamicplugin
make
make install 4 配置snort并加载rules
cp etc/classification.config /usr/local/snort/conf
cp etc/reference.config /usr/local/snort/conf
cp etc/snort.conf /usr/local/snort/conf
cp etc/unicode.map /usr/local/snort/conf
我查看过snort.conf文件,好象只用如上几个配置文件就可以了,如果有错误,可以使用:
cp etc/* /usr/local/snort/conf 创建snort数据库,并导入数据
mysql -uroot -prootpassWord -e "create database snrot"
mysql -uroot -prootpassword -e "grant all on snort.* to snort@localhost identified by 'snort'"
mysql -usnort -psnort tar zxvf snortrules-pr-2.4.tar.gz
mv rules /usr/local/snort/
启动snort
/usr/local/snort/bin/snort -c /usr/local/snort/conf/snort.conf -i eth0 -g snort -D
如果实现开机自动启动,把上面的语句添加到/etc/rc.local
5 安装adodb和base
tar zxvf base-1.2.6.tar.gz
mv base-1.2.6 /usr/local/snort/base
tar zxvf adodb462.tgz
mv adodb /usr/local/snort/
6 配置base_conf.php
cd /usr/local/base
cp base_conf.php.dist base_conf.php
修改 “base_conf.php”
$BASE_urlpath = "/base";
$DBlib_path = "../adodb ";
$DBtype = "mysql";
$alert_dbname = 'snort';
$alert_host = 'localhost';
$alert_port = '';
$alert_user = 'snort';
$alert_password = 'snort';
7 配置apache
在httpd.conf文件中加入如下:
Alias /base /usr/local/snort/base
这样您就可以在
http://ip/base
参考文档
http://download.sso.cn/security/ids/snort_base/snort_base_SSL.pdfhttp://download.sso.cn/security/ids/snort_base/snort-barnyard.pdfhttp://download.sso.cn/security/ids/snort_base/Snortman.htmhttp://www.snort.org/docs/faq.htmlhttp://www.snort.org/docs/
0