本实验平台为linux fedora 10
安装系统的时候注意定制如图
现在定制
把这些开发包和工具选上
服务器的话我的习惯就都选上了,做实验的话最好全选上吧,省的到时候麻烦
语言选中文呵呵
下面介绍下安装snort需要的包如图
这些包可以再网上下载,考虑到方便大家,我把这些包上传上来下载地址为:
上半部分:
http://down.51cto.com/data/57897
下半部分:
http://down.51cto.com/data/57898
这些包下载后放到/tmp中
其中把adodb510包和base-1.4.4.tar包剪切到/var/www/html中
首先安装mysql-devel-5.0.67-2.fc10.i386.rpm
这是mysql的一个包,snort必备。
为了安装这个包,如果你在安装过程中没有定制开发库文件,则需要安装一下库文件:
device-mapper-devel-1.02.27-6.fc10.i386.rpm
e2fsprogs-devel-1.41.3-2.fc10.i386.rpm
keyutils-libs-devel-1.2-3.fc9.i386.rpm
libsepol-devel-2.0.33-1.fc10.i386.rpm
libselinux-devel-2.0.73-1.fc10.i386.rpm
krb5-devel-1.6.3-16.fc10.i386.rpm
zlib-devel-1.2.3-18.fc9.i386.rpm
openssl-devel-0.9.8g-11.fc10.i386.rpm
e2fsprogs-devel-1.41.3-2.fc10.i386.rpm
keyutils-libs-devel-1.2-3.fc9.i386.rpm
libsepol-devel-2.0.33-1.fc10.i386.rpm
libselinux-devel-2.0.73-1.fc10.i386.rpm
krb5-devel-1.6.3-16.fc10.i386.rpm
zlib-devel-1.2.3-18.fc9.i386.rpm
openssl-devel-0.9.8g-11.fc10.i386.rpm
这么多包装起来真是够麻烦,所以最好安装时候就定制好哈
接下来如下操作:
tar zxvf libpcap-1.0.0.tar.gz
cd libpcap-1.0.0
./configure
make
make install
cd ..
cd libpcap-1.0.0
./configure
make
make install
cd ..
tar zxvf pcre-8.00.tar.gz
cd pcre-8.00
./configure
make
make install
cd pcre-8.00
./configure
make
make install
这两个文件是为了snort的安装,必须的
cd ..
tar zxvf snort-2.8.5.1.tar.gz
cd snort-2.8.0
./configure --with-mysql=/usr
make
make install
cd snort-2.8.0
./configure --with-mysql=/usr
make
make install
使用snort -V命令查看安装snort成功没有
如图显示安装成功
解压rules,把里面的规则文件全部复制到/snort-2.8.5.1/rules中:
cp rules/* /snort-2.8.5.1/rules
到/var/www/html文件夹下
cd /var/www/html
tar zxvf base-1.4.4.tar.gz
tar zxvf base-1.4.4.tar.gz
tar zxvf adodb510.tgz
重启mysql
service mysqld restart
添加mysql账户root
mysqladmin -u root password 123456
mysqladmin -u root password 123456
登进去mysql
mysql -u root -p
123456
mysql -u root -p
123456
创建snort数据库
create database snort;
create database snort;
转入snort
use snort;
use snort;
snort导入SQL脚本
source /tmp/happy/snort-2.8.5.1/schemas/create_mysql
quit;
source /tmp/happy/snort-2.8.5.1/schemas/create_mysql
quit;
需要修改/etc/php.ini文件
vi /etc/php.ini
error_reporting = E_ALL
改为:error_reporting = E_ALL & ~E_NOTICE
error_reporting = E_ALL
改为:error_reporting = E_ALL & ~E_NOTICE
service mysqld restart
service httpd start
service httpd start
在浏览器中输入http://10.76.132.76/base-1.4.4/setup
点击continue
输入ADODB路径为:/var/www/html/adodb5
输入mysql数据库数据
创建账号密码
点击Create BASE AG
创建成功点击step 5
在base-1.4.4文件夹里创建base_conf.php,文件中复制上面内容
点击click here to access your install
输入账号密码
如图BASE与ADODB搭建成功
启动Snort监测并把信息输出到Mysql数据库里使用以下命令指定监测网卡和配置文件以及参数。
PCAP_FRAMES=max /usr/local/bin/snort -i eth0 -c /home/snort-2.8.0/etc/snort.conf d -e
修改snort.conf文件
vi /tmp/happy/snort-2.8.5.1/etc/snort.conf
var RULE_PATH /home/snort-2.8.0/etc/rules
var PREPROC_RULE_PATH /home/snort-2.8.0/preproc_rules
output database: log, mysql, user=root password=temp dbname=snort host=127.0.0.1
include $RULE_PATH/local.rules
include threshold.conf
threshold.conf
vi /tmp/happy/snort-2.8.5.1/etc/snort.conf
var RULE_PATH /home/snort-2.8.0/etc/rules
var PREPROC_RULE_PATH /home/snort-2.8.0/preproc_rules
output database: log, mysql, user=root password=temp dbname=snort host=127.0.0.1
include $RULE_PATH/local.rules
include threshold.conf
threshold.conf
本实验基本完成,如果大家有不同意见可以留言,咱们共同讨论,共同讨论......