Fedora :Snort+Apache+Php+Mysql+Acid+Webmin(安装学习笔记)
一、运行环境
1. 平台:
Fedora 10 (IP Address: 192.168.221.133)
2. 所需软件:
报警 + 数据库:
snort-2.8.3.2tar.gz
1. 平台:
Fedora 10 (IP Address: 192.168.221.133)
2. 所需软件:
报警 + 数据库:
snort-2.8.3.2tar.gz
snortrules-snapshot-2.6.tar.gz
mysql-5.0.77-linux-i686-icc-glibc23.tar.gz
create_mysql(script)
客户端显示:
apache_2.2.11.tar.gz
mod_ssl-2.8.16-1.3.29.tar.gz
php-5.2.0.tar.gz
acid-0.9.6b23.tar.gz
adodb507.tgz
jpgraph-2.3.4tar.gz
辅助管理工具:
webmin-1.220-1.noarch.rpm
Net_SSLeay.pm-1.30.tar.gz
snort-1.0.wbm(snort's webmin plugin)
3. 软件下载地址
snort-2.8.3.2tar.gz(http://www.snort.org)
snortrules-snapshot-2.6.tar.gz(http://www.snort.org)
mysql-5.0.77-linux-i686-icc-glibc23.tar.gz (http://www.mysql.com)
create_mysql script (http://cvs.sourceforge.net/viewcvs.py/snort/snort/contrib/)
apache2.2.11.tar.gz(http://www.apache.org)
php-5.2.0.tar.gz(http://www.php.net)
acid-0.9.6b23.tar.gz(http://acidlab.sourceforge.net)
adodb507.tgz(http://adodb.sourceforge.net/)
jpgraph-2.3.4tar.gz(http://www.aditus.nu/jpgraph/index.php)
webmin-1.220-1.noarch.rpm(http://www.webmin.com/)
Net_SSLeay.pm-1.30.tar.gz(http://symlabs.com/Net_SSLeay/)
snort-1.0.wbm (http://www.snort.org/dl/contrib/front_ends/webmin_plugin/)
create_mysql(script)
客户端显示:
apache_2.2.11.tar.gz
mod_ssl-2.8.16-1.3.29.tar.gz
php-5.2.0.tar.gz
acid-0.9.6b23.tar.gz
adodb507.tgz
jpgraph-2.3.4tar.gz
辅助管理工具:
webmin-1.220-1.noarch.rpm
Net_SSLeay.pm-1.30.tar.gz
snort-1.0.wbm(snort's webmin plugin)
3. 软件下载地址
snort-2.8.3.2tar.gz(http://www.snort.org)
snortrules-snapshot-2.6.tar.gz(http://www.snort.org)
mysql-5.0.77-linux-i686-icc-glibc23.tar.gz (http://www.mysql.com)
create_mysql script (http://cvs.sourceforge.net/viewcvs.py/snort/snort/contrib/)
apache2.2.11.tar.gz(http://www.apache.org)
php-5.2.0.tar.gz(http://www.php.net)
acid-0.9.6b23.tar.gz(http://acidlab.sourceforge.net)
adodb507.tgz(http://adodb.sourceforge.net/)
jpgraph-2.3.4tar.gz(http://www.aditus.nu/jpgraph/index.php)
webmin-1.220-1.noarch.rpm(http://www.webmin.com/)
Net_SSLeay.pm-1.30.tar.gz(http://symlabs.com/Net_SSLeay/)
snort-1.0.wbm (http://www.snort.org/dl/contrib/front_ends/webmin_plugin/)
二、安装
1. 准备
ssh root 登录 Fedora10 ,将上述所需文件拷贝至 /home/wd/snort 相关
2. 安装 mysql
1. 准备
ssh root 登录 Fedora10 ,将上述所需文件拷贝至 /home/wd/snort 相关
2. 安装 mysql
# groupadd mysql
# useradd -g mysql -d /usr/local/mysql/data -M mysql
# tar -zxvf mysql-5.0.27.tar.gz
# cd mysql-5.0.27
./configure --prefix=/usr/local/mysql \
指定安装目录
> --sysconfdir=/etc \
配置文件的路径
> --localstatedir=/usr/local/mysql/data \
数据库存放的路径
> --enable-assembler \
使用一些字符函数的汇编版本
> --with-mysqld-ldflags=-all-static \
以纯静态方式编译服务端
> --with-charset=gb2312 \
添加
gb2312
字符支持
> --with-extra-charsets=all
添加所有字符支持
# cd /usr/local/mysql
# chown -R root .
# chown -R mysql data
# chgrp -R mysql .
# scripts/mysql_install_db --user=mysql
# /usr/local/mysql/support-files/mysql.server start
3. 创建 snort 数据库
# /usr/local/mysql/bin/mysql
mysql>;
mysql>;set password for 'root'@'localhost'=password('123456');
mysql>;create database snort;
# /usr/local/mysql/bin/mysql -u root -p
mysql>;connect snort;
mysql>;source /usr/local/snort/schemas/create_mysql; // 指定 create_mysql 脚本的路径
mysql>;grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;
mysql>;grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost;
mysql>;connect mysql;
mysql>;set password for 'snort'@'localhost'=password('123456');
mysql>;set password for 'snort'@'%'=password('123456');
mysql>;flush privileges;
(别忘了以逗号结束)
# cd /usr/local/mysql
# chown -R root .
# chown -R mysql data
# chgrp -R mysql .
# scripts/mysql_install_db --user=mysql
# /usr/local/mysql/support-files/mysql.server start
3. 创建 snort 数据库
# /usr/local/mysql/bin/mysql
mysql>;
mysql>;set password for 'root'@'localhost'=password('123456');
mysql>;create database snort;
# /usr/local/mysql/bin/mysql -u root -p
mysql>;connect snort;
mysql>;source /usr/local/snort/schemas/create_mysql; // 指定 create_mysql 脚本的路径
mysql>;grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;
mysql>;grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost;
mysql>;connect mysql;
mysql>;set password for 'snort'@'localhost'=password('123456');
mysql>;set password for 'snort'@'%'=password('123456');
mysql>;flush privileges;
(别忘了以逗号结束)
mysql>; show tables;
将会有这些:
+------------------+
| Tables_in_snort |
+------------------+
| data
| detail
| encoding
| event
| flags
| icmphdr
| iphdr
| opt
| protocols
| reference
| reference_system
| schema
| sensor
| services
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
+------------------+
19 rows in set (0.00 sec)
mysql>;exit
4. 安装并启动 snort
# cd/home/wd/snort 相关
# tar -vxzf snort-2.8.3.2 tar.gz
# mv snort-2.8.3.2 /usr/local/snort
# cd /usr/local/snort
# ./configure --with-mysql=/usr/local/mysql
# make
# make install
# mkdir /var/snort
# mkdir /var/log/snort ( 存放 snort 日志 )
# mkdir /etc/snort( 存放 rules)
# cd /home/wd/snort 相关
# tar -vxzf snortrules-pr-2.6.tar.gz
# mv rules /etc/snort
# mv doc /etc/snort
修改 /etc/snort/rules/snort.conf:
(1) 将 var RULE_PATH ../rules 一行注释掉
(2) 增加 output database: log, mysql, user=snort password=123456 dbname=snort host=localhost
(3) 修改 include 部分
include $RULE_PATH/bad-traffic.rules ->; include bad-traffic.rules
(and so on...)
启动 snort(example):
# snort -d -D -c /etc/snort/rules/snort.conf
补充:在安装 snort 的时候,会出现 libpcap/libpcre header not found 的问题下载 libpcap , libpcre , libnet 安装,如果出现其他的问题根据提示, google , baidu 一般都可以找到。
5. 安装 apache
# cd /home/wd/snort/ 相关
4. 安装并启动 snort
# cd/home/wd/snort 相关
# tar -vxzf snort-2.8.3.2 tar.gz
# mv snort-2.8.3.2 /usr/local/snort
# cd /usr/local/snort
# ./configure --with-mysql=/usr/local/mysql
# make
# make install
# mkdir /var/snort
# mkdir /var/log/snort ( 存放 snort 日志 )
# mkdir /etc/snort( 存放 rules)
# cd /home/wd/snort 相关
# tar -vxzf snortrules-pr-2.6.tar.gz
# mv rules /etc/snort
# mv doc /etc/snort
修改 /etc/snort/rules/snort.conf:
(1) 将 var RULE_PATH ../rules 一行注释掉
(2) 增加 output database: log, mysql, user=snort password=123456 dbname=snort host=localhost
(3) 修改 include 部分
include $RULE_PATH/bad-traffic.rules ->; include bad-traffic.rules
(and so on...)
启动 snort(example):
# snort -d -D -c /etc/snort/rules/snort.conf
补充:在安装 snort 的时候,会出现 libpcap/libpcre header not found 的问题下载 libpcap , libpcre , libnet 安装,如果出现其他的问题根据提示, google , baidu 一般都可以找到。
5. 安装 apache
# cd /home/wd/snort/ 相关
#tar -zvxf httpd-2.2.11.tar.gz
#cd httpd-2.2.11
#./configure --prefix=/usr/local/apache --enable-so
#make
#make install
安装完之后可以用命令
/usr/local/apache/bin/apachectl start
启动一下
apache
在网页地址栏输入
127.0.0.1
如果安装成功可以看到
It works
字样。
6. 安装 PHP
# cd /home/wd/snort 相关
# tar -vxzf php-5.2.tar.gz
# cd php-5.2.0
# ./configure \
--prefix=/usr/local/php \
--with-mysql=/usr/local/mysql \
--with-apxs=/usr/local/apache/bin/apxs \
--with-gd
--with-zlib
--enable-sockets
# make
# make install
6. 安装 PHP
# cd /home/wd/snort 相关
# tar -vxzf php-5.2.tar.gz
# cd php-5.2.0
# ./configure \
--prefix=/usr/local/php \
--with-mysql=/usr/local/mysql \
--with-apxs=/usr/local/apache/bin/apxs \
--with-gd
--with-zlib
--enable-sockets
# make
# make install
#cp ./php.ini-dist /usr/local/php5/etc/php.ini
我在安装
php
时出现
cannot restorte segment prot...after reloc :Permission denied
goole
后,修改了
/etc/sysconfig
文件和
/etc/sysconfig
并用
chcon -t texrel_shlib_t
上面没有权限的文件
.so
把问题解决了。
7.
安装
acid+adodb+jpgraph
#
把
acid-0.9.6b23.tar.gz
、
adodb507.tgz
、
jpgraph-2.3.4tar.gz
放到网页根目录,我这里是默认的。
# cp a*.* /usr/local/apache/htdocs
# cp jpgraph-1.11.tar.gz /usr/local/apache/htdocs
# tar zxvf adodb330.tgz
# tar zxvf jpgraph-1.11.tar.gz
# mv jpgraph-1.11 jpgraph
# tar zxvf acid-0.9.6b23.tar.gz
# cd acid
# vi acid_conf.php
#
把
“$DBlib_path = "";”
改成
“$DBlib_path = "/usr/local/apache/htdocs/adodb"”
# $alert_dbname = "snort_log"; //
改成
snort
$alert_host = "localhost";
$alert_port = "";
$alert_user = "root";
$alert_password = "123456"; //
改成你的数据库密码
/* Archive DB connection parameters */
$archive_dbname = "snort_archive"; //
改成
snort
$archive_host = "localhost";
$archive_port = "";
$archive_user = "root";
$archive_password = "123456";” //
改成你的数据库密码
#
把
“$ChartLib_path = "";”
改成
“$ChartLib_path = "/usr/local/apache/htdocs/jpgraph/src";”
#
修改完毕后,保存退出。
写一个
snort
规则
# cd /usr/local/
# vi snort.sh
#!/bin/sh
snort -d -h 192.168.0.0/24 -l /var/log/snort -c /etc/snort/snort.conf -i eth0 -A full
#
保存退出。
# chmod 755 snort.sh
启动服务
# /usr/local/mysql/support-files/mysql.server start
# cd /usr/local/mysql/
# vi mysql_start.sh
(编写启动脚本)
#!/bin/sh
/usr/local/mysql/bin/mysqld_safe --user=mysql &
#
保存退出。
# chmod 755 mysql_start.sh
# cp mysql_start.sh /usr/sbin/
# ./mysql_start.sh
(启动
mysql
)
# /usr/local/snort/bin/snort start(
启动
snort)
8. 修改 selinux 配置及 apache 配置
# vi /etc/selinux/config
SELINUX=disabled
( 否则会导致 libphp4.so segment fault)
注:不要忘记配置 firewall 允许 https.
9. 配置自启动并重启计算机
# vi /etc/rc.d/rc.local
#start mysqld
/usr/local/mysql/support-files/mysql.server start
#start httpd
/usr/local/apache/bin/apachectl startssl
#start snort
/usr/local/bin/snort -d -D -c /etc/snort/rules/snort.conf
# reboot
10. 测试连接 acid 和初始化
https://127.0.0.1/acid
Click "Setup page" to "Create ACID AG"
到现在为止 ,Snort+mysql+Apachephp+ACID 已经可以正常工作了。
11. 辅助管理工具 ( 图形界面管理 snort):
(1) 安装 Net_SSL(Redhat9 is broken)
# cd /home
# tar -vxzf Net_SSLeay.pm-1.21.tar.gz
# cd Net_SSLeay.pm-1.21
# ./Makefile.PL
# make install
(2) 安装 webmin
# cd /home
# rpm -ivh webmin-1.30.noarch.rpm
(3) 测试连接,并安装 snort module
https://127.0.0.1:10000, 使用 root+ 密码登录
Webmin Configuration ->; SSL Encryption ->; 生成新的 SSL key
Webmin Configuration ->; Webmin Modules ->; 安装 snort-1.0.wbm
Servers ->; Snort IDS Admin ->; 进行配置:
Full path to snort executable ->;
/usr/local/snort/bin/snort -d -D -c /etc/snort/rules/snort.conf
Full path to snort configuration file ->;
/etc/snort/rules/snort.conf
Full path to snort rule files directory ->;
/etc/snort/rules
Full path to snort PID file ->;
/var/run/snort_eth0.pid
(4)save 之后就可以打开 snort 的配置界面。
12. 限定 apache 只允许 https 连接
修改 /usr/local/apache/conf/httpd.conf 如下
<IfDefine SSL>;
#Listen 80
Listen 443
</IfDefine>;
13. 给 Apache 加简单的访问控制
(1) 创建一个授权用户并设置密码
# /usr/local/apache/bin/htpasswd -c /usr/local/apache/conf/auth.users linghood
New password: ******
Re-type new password: ******
Adding password for user linghood
(2) 修改 /usr/local/apache/conf/httpd.conf 文件如下
<Directory />;
# Options FollowSymLinks
# AllowOverride None
AuthType Basic
AuthName "IDS"
AuthUserFile /usr/local/apache/conf/auth.users
Require valid-user
</Directory>;
<Directory "/var/www/html">;
# Options Indexes FollowSymLinks MultiViews
# AllowOverride None
# Order allow,deny
# Allow from all
AuthType Basic
AuthName "IDS"
AuthUserFile /usr/local/apache/conf/auth.users
Require valid-user
</Directory>;
两天总算没有浪费,查了很多资料,软件总算安上了,环境可以用了,虽然还有很多地方不够完善。