1.修改本地的hosts文件 路径:C:\WINDOWS\system32\drivers\etc
2.安装 Apache服务
默认安装在 c:\apache
注意:在httpd.conf文件里添加
使用查找定位到配置文件’LoadModule ssl_module modules/mod_ssl.so’ 处,并在其下添加如下三行:
LoadModule php5_module c:\php\php5apache2_2.dll
AddType application/x-httpd-php .php
PHPIniDir c:\php
3.安装 php
1).双击WinRAR371-crsky.exe文件 ―安装-确定―完成
2).把php-5.2.1-Win32.zip 文件解压到c:\php
3).使用c:\php\php.ini-dist拷贝生成c:\php\php.ini
使用写字板编辑c:\php\php.ini
Original: max_execution_time = 30
Change: max_execution_time = 60
Original: display_errors = On
Change: display_errors = Off
Original: ;include_path = ".;c:\php\includes"
Change: include_path = "d:\win-ids\php\pear"
Original: extension_dir = "./"
Change: extension_dir = "d:\win-ids\php\ext"
Original: ; extension=php_gd2.dll
Change: extension=php_gd2.dll
Original: ; extension=php_mysql.dll
Change: extension=php_mysql.dll
Original: ; session.save_path = "/tmp"
Change: session.save_path = "c:\ temp"
4).将c:\php\libmysql.dll拷贝到c:\windows\system32下
5).保证’session.save_path=’变量指向正确并且存在的’
c:\temp目录。保证Everyone拥有上述目录的使用权限。Everyoneà完全控制
4.测试
将压缩包中的test.php拷贝到’c:\apache\htdocs’中,
然后重起apache服务。
打开浏览器输入’http://winids/test.php
注意:1).检查php.ini的位置、extension_dir、include_path及session.save_path等设定是否与我们先前设定相符。
2).检查是否有gd,mysql等已经被enable的项。
5.安装WinPcap(一路next,accept,finish即可)
6.安装和配置Snort(就默认的下一步)
1).进入c:\snort\etc下,使用写字板编辑snort.conf文件
提示:使用写字板中的“查找”寻找下列变量。
更改内容如下所示:
Original: var HOME_NET any
Change: var HOME_NET 192.168.0.0/24(需更改)
Original: var EXTERNAL_NET any
Change: var EXTERNAL_NET !$HOME_NET
Original: var RULE_PATH ../rules
Change: var RULE_PATH c:\snort\rules
Original: # config detection: search-method lowmem
Change: config detection: search-method lowmem
Original: dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
Change: dynamicpreprocessor directory c:\snort\lib\snort_dynamicpreprocessor
Original: dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
Change: dynamicengine c:\ snort\lib\snort_dynamicengine\sf_engine.dll
提示:查找条目'preprocessor stream4_reassemble' (less the quotes), 并添加下一行到该条目之下。
preprocessor stream4_reassemble: both.ports 21 23 25 53 80 110 111 139 143 445 513 1433
提示:查找条目'Preprocessor sfportscan' (less the quotes)并改变下一行。
Original: sense_level { low }
Change: sense_level { low } \
在上一行下加入:
logfile { portscan.log }
提示:在'# output log_tcpdump: tcpdump.log' 下插入下一行:
output alert_fast: alert.ids
Original: # output database: log, mysql, user=root password=test dbname=db host=localhost
Change: output database: log, mysql, user=snort password=snort dbname=snort host=winids sensor_name=WinIDS
Original: include classification.config
Change: include c:\snort\etc\classification.config
Original: include reference.config
Change: include c: \snort\etc\reference.config
Original: # include threshold.conf
Change: include c:\snort\etc\threshold.conf
安装时提示:
1.选择“Standard Configuration”,复选“Include Bin Directory in Windows Path”,设置好root用户的密码。
2.重起计算机,打开命令行输入:’mysql -u root -p’,回车,输入密码,回车。
7.测试Snort安装
1).打开命令行,在提示符下输入’cd c:\snort\bin’回车。
在命令提示符下输入’snort �CW’,回车。
2).从命令行输入’snort �Cv �Ci2’,回车。
8.安装和配置MySQL
1).安装路径要指向c:\mgsql
2).在mgswl.com sign-up 这步选择“skip sign-up”
3).在mysql server instance configuration 这步选择“ standard configuration”
4).生成Snort数据库
程序―mysql?-mysql server 5.0 -mysql command line client
先输入密码
在把以下键入
create database snort;
create database archive;
use snort;
source c:\snort\schemas\create_mysql
use archive;
source c:\snort\schemas\create_mysql
grant select,insert,update on snort.* to snort@winids identified by 'snort' ;
grant select,insert,update,delete,create on snort.* to base@winids identified by 'base' ;
grant select,insert,update,delete,create on archive.* to base@winids identified by 'base' ;
use mysql
select user from user;
5).使用写字板打开c:\mysql\my.ini更改其中配置如下所示:
Original: sql-mode="STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
Change: sql-mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
9.安装ADODB
将ADODB的压缩包(adodb494.zip)解压到c:\adodb
10.安装和配置WinIDS ACID安全控制台
将ACID的文件压缩包(acid-0.9.6b23.tar.gz)解压到 'c:\apache\htdocs' 目录下。
使用写字板打开c:\apache\htdocs\acid\acid_conf.php文件,更改如下所示:
Original: $BASE_urlpath = '';
Change: $BASE_urlpath = 'http://winids/acid';
Original: $DBlib_path = '';
Change: $DBlib_path = 'c:\adodb';
Original: $DBtype = '?????';
Change: $DBtype = 'mysql';
Originals:
$alert_dbname = '?????';
$alert_host = '?????';
$alert_port = '?????';
$alert_user = '?????';
$alert_password = '?????';
Change to:
$alert_dbname = 'snort';
$alert_host = 'winids';
$alert_port = '';
$alert_user = 'base';
$alert_password = 'base';
Originals:
$archive_exists = 0; # Set this to 1 if you want access to the archive DB from BASE
$archive_dbname = '?????';
$archive_host = '?????';
$archive_port = '?????';
$archive_user = '?????';
$archive_password = '?????';
Change to:
$archive_exists = 1; # Set this to 1 if you want access to the archive DB from BASE
$archive_dbname = 'archive';
$archive_host = 'winids';
$archive_port = '';
$archive_user = 'base';
$archive_password = 'base';
Original: $portscan_file = '';
Change: $portscan_file = 'c:\snort\log\portscan.log';
注意:必须严格按照单引号内的内容键入否则将导致BASE失败。
11.解压缩snortrules-snapshot-CURRENT.zip到c:下
1).将C:\snortrules-snapshot-CURRENT\snortrules-snapshot-CURRENT\rules中所有文件拷贝到C:\Snort\rules下
2).将C:\snortrules-snapshot-CURRENT\snortrules-snapshot-CURRENT\doc\signatures文件夹覆盖C:\Snort\doc\signatures文件夹
3).将C:\snortrules-snapshot-CURRENT\snortrules-snapshot-CURRENT\doc\signatures文件夹拷贝到C:\Apache\htdocs\acid下
将snort配置为系统服务
1).在命令行提示符下切换当前目录至’c:\snort\bin’下。
2).在命令行提示符下输入:’snort /SERVICE /INSTALL -c "c:\snort\etc\snort.conf" -l "c:\snort\log" -K ascii -i2 ,回车。
(注意-ix中的x代表snort所探测的NIC的序号也就是前面所说的N值)
打开“开始/运行”对话框,输入’services.msc’,确定。
提示:如果snort服务已经成功安装,可以找到’Snort’条目,将其设置为’automatic’退出。
注意:1).在启用Snort服务前,最好重起一下apache服务与 mysql服务
Snort服务更改为自动
本文出自 “IT的摇篮” 博客,谢绝转载!