FreeBSD下配置IDS

平台 8.2-RELEASE i386

v0.1

一、安装FNMP或者FAMP

1、安装FNMP或者FAMP

2、安装PCRE，安装FNMP时会自动安装，没有安装则需单独安装

3、安装phpMyAdmin管理数据库

二、安装snort

cd /usr/ports/net/libpcap && make install clean

#whereis snort

/usr/ports/security/snort

默认选项[再加一个ODBC

三、创建snort数据库

1、创建snort数据库

mysql> create database snort;

2、创建snort使用的用户

mysql> GRANT ALL PRIVILEGES ON snort.* TO snortuser@localhost IDENTIFIED BY 'snortpwd';

3、导入snort数据库结构

#mysql -usnortuser -psnortpwd snort < /usr/local/share/examples/snort/create_mysql

四、简单配置

var HOME_NET 172.18.18.0/24

output database: log, mysql, user=snortuser password=snortpwd dbname=snort host=localhost

配置文件只添加这两条，其他规则暂时不用加载，不然无法启动服务器

五、安装adodb base

1、安装

#cd /usr/ports/databases/adodb && make install

You can add the ADOdb path (/usr/local/share/adodb)

to the "include_path=" directive in your php.ini

2、安装base

#cd /usr/ports/security/base && make install clean

3、修改apache配置文件

        alias /base     "/usr/local/www/base"

<Directory "/usr/local/www/base">

    AllowOverride None

    Options Indexes

    Order allow,deny

    Allow from all

</Directory>

4、修改base配置文件

#cd /usr/local/www/base

#cp base_conf.php.dist base_conf.php

$BASE_Language = 'simplified_chinese';

$DBlib_path = '/usr/local/share/adodb';

 

$alert_dbname   = 'snort';

$alert_host     = 'localhost';

$alert_port     = '';

$alert_user     = 'snortuser';

$alert_password = 'snortpwd'

 

$archive_exists   = 0; # Set this to 1 if you have an archive DB

$archive_dbname   = 'snort';

$archive_host     = 'localhost';

$archive_port     = '';

$archive_user     = 'snortuser';

$archive_password = 'snortpwd';

六、启动服务，初始化base

1、启动snort

#echo 'snort_enable="YES"' >> /etc/rc.conf

#/usr/local/etc/rc.d/snort start

2、按页面提示初始化