snort 集成式安装

集成环境

Nginx0.8

PHP5.3

snort2.9

Mysql

ADODB

ACID

 

安装前的准备

PHP，nginx或apache，phpmyadmin，mysql，ACID，ADODB，[Barnyard2]

libpcap，libnet，libdnet，daq，snort，[BASE]  ，

 {mcrypt  libmcrypt  libcrypt}phpmyadmin支持)

PHP 支持库

[jpgraph] 、gd、freetype、zlib、libxml2、libpng

*libpcap包需要1.0以上版本

*如编译安装则libpcap、libnet、libdnet须安装devel版

拷贝php配置文件

Php5.2

cp php.ini-dist /usr/local/lib/php.ini

php5.3

cp php.ini-production /usr/local/php/php.ini

 

安装路线

Nginx-----PHP+支持库-----Mysql------phpMyAdmin------snort+支持库-----Adodb-----ACID----jpgrapg

 

 

1.nginx的修改

groupadd www

useradd   -g www www

 

---------------

user:www

group：www

 

server

     {

         listen          8090;

         server_name        phpMyAdmin.vspace.tk;

         root           /ext/web/phpMyAdmin;

         index           index.php;

 

 

         location ~ \.php$

         {

             fastcgi_pass       127.0.0.1:9000;

             fastcgi_index       index.php;

             fastcgi_param       SCRIPT_FILENAME /ext/web/phpMyAdmin$fastcgi_script_name;

             include          fastcgi_params;

         }

     }

 

   server

     {

         listen          9090;

         server_name        snort.vspace.tk;

         root           /ext/web/snort;

         index           index.php;

 

 

         location ~ \.php$

         {

             fastcgi_pass       127.0.0.1:9000;

             fastcgi_index       index.php;

             fastcgi_param       SCRIPT_FILENAME /ext/web/snort$fastcgi_script_name;

             include          fastcgi_params;

         }

 

     }

 

----------------

chown -R /ext/web

 

2.PHP configure

./configure --prefix=/usr/local/php 

 --with-gb 

--with-jpeg

--with-zlib 

--with-png 

--with-freetype  

--with-mysql=/usr/local/mysql 

--enbale-fpm 

--with-mcrypt

 

*PHP5.3.3以后原生支持fpm，不需要另外打补丁包

 

3. php.ini安全性修改

cp php.ini-disk /usr/local/lib/php.ini

 

open_basedir=/ext/web  #

magic_quotes_goc = Off

file_upload = Off

 

4.关闭Selinux

vim /etc/selinux/config

SELINUX = disableed

 

5.PHP test

<?php

phpinfo()

?>

 

6.mysql

groupadd mysql

useradd -g mysql mysql

chown -R mysql /usr/local/mysql/var

chgrp -R mysql /usr/local/mysql

 

mysql -u root

mysql>delete from mysql.user where User = '';

mysql>flush Privileges;

 

mysqladmin -u root -p password [新密码]

或

mysql -u root

mysql>set password foe 'root'@'localhost' =password('新密码')；

7.mysql配置

mysql>create database snortdb;

mysql>create database snort_archivedb;

mysql>set password for 'snort'@'localhost'=password('');

mysql>grant create,insert,select,delete,update on snortdb. * to snort@localhost;

mysql>grant create,inset,select,delete,update on snort_archivedb. * to snort@localhost;

 

*也可以使用phpmyadmin来进行以上操作

 

8.修改snort.conf

最后添加

output database:log,mysql,user=root password = 1111 dbname=snort host=localhost

 

9.adodb和ACID配置

cp adodb ACID /ext/web/snort

 

adodb.inc.php

$ADODB_DIR = dirname('/ext/web/snort/adodb5');

 

acid

chmod 755 /ext/web/snort/acid

chmod 644 /ext/web/snort/acid/*

 

acid_conf.php

$alert_dbname   = "snortdb";

$alert_host    = "localhost";

$alert_port    = "";

$alert_user    = "snort";

$alert_password = "snort";

 

/* Archive DB connection parameters */

$archive_dbname   = "snort_archivedb";

$archive_host    = "localhost";

$archive_port    = "";

$archive_user    = "snort";

$archive_password = "snort";

 

?  mysql>set password for "acid"@"localhost"=OLD_PASSWORD("111111");

 

测试：http://localhost:9090/acid/acid_db_setup.php