专栏首页python3Snort安装与使用 as3+apach

Snort安装与使用 as3+apach

系统环境:rh as3+apache+php+snort+base 所需snort相关软件包: adodb462.tgz base-1.2.6.tar.gz Image_Canvas-0.3.0.tar.gz //Image_Color-1.0.2.tar.gz Image_Graph-0.7.2.tar.gz libpcap-0.9.5.tar.gz pcre-6.7.tar.gz snort-2.6.0.tar.gz snortrules-pr-2.4.tar.gz

下载软件: wget http://download.sso.cn/security/ids/snort_base/adodb462.tgz wget http://download.sso.cn/security/ids/snort_base/base-1.2.6.tar.gz wget http://download.sso.cn/security/ids/snort_base/Image_Canvas-0.3.0.tar.gz wget http://download.sso.cn/security/ids/snort_base/Image_Color-1.0.2.tar.gz wget http://download.sso.cn/security/ids/snort_base/Image_Graph-0.7.2.tar.gz wget http://download.sso.cn/security/ids/snort_base/install.txt wget http://download.sso.cn/security/ids/snort_base/libpcap-0.9.5.tar.gz wget http://download.sso.cn/security/ids/snort_base/pcre-6.7.tar.gz wget http://download.sso.cn/security/ids/snort_base/snort-2.6.0.tar.gz wget http://download.sso.cn/security/ids/snort_base/snortrules-pr-2.4.tar.gz

软件安装路径: snort: /usr/local/snort rules: /usr/local/snort/rules snort.conf /usr/local/snort/conf/snort.conf adodb: /usr/local/snort/adodb base: /usr/local/snort/base libpcap: /usr/local/snort/libpcap pcre /usr/local/snort/pcre

1 配置apache+php+mysql环境

2 安装snort前提组件libpcap-0.9.5.tar.gz和pcre-6.7.tar.gz

tar zxvf libpcap-0.9.5.tar.gz cd libpcap-0.9.5 ./configure --prefix=/usr/local/snort/libpcap make make install

tar zxvf pcre-6.7.tar.gz cd pcre-6.7 ./configure --prefix=/usr/local/snort/pcre make make install

3 安装snort-2.6.0.tar.gz并加载plugin groupadd snort useradd -g snort -s /sbin/nologin

建立日志文件目录和配置文件目录: mkdir /var/log/snort mkdir /usr/local/snort/conf

tar zxvf snort-2.6.0.tar.gz cd snort-2.6.0 ./configure --prefix=/usr/local/snort --with-mysql \ --with-libpcap-includes=/usr/local/snort/libpcap/include \ --with-libpcap-libraries=/usr/local/snort/libpcap/lib   \ --with-libpcre-includes=/usr/local/snort/pcre/include \ --with-libpcre-libraries=/usr/local/snort/pcre/lib \ --enable-dynamicplugin make make install

4 配置snort并加载rules cp etc/classification.config /usr/local/snort/conf cp etc/reference.config /usr/local/snort/conf cp etc/snort.conf /usr/local/snort/conf cp etc/unicode.map /usr/local/snort/conf 我查看过snort.conf文件,好象只用如上几个配置文件就可以了,如果有错误,可以使用: cp etc/* /usr/local/snort/conf

创建snort数据库,并导入数据 mysql -uroot -prootpassword -e "create database snrot" mysql -uroot -prootpassword -e "grant all on snort.* to snort@localhost identified by 'snort'" mysql -usnort -psnort

tar zxvf snortrules-pr-2.4.tar.gz mv rules /usr/local/snort/

启动snort /usr/local/snort/bin/snort -c /usr/local/snort/conf/snort.conf -i eth0 -g snort -D 如果实现开机自动启动,把上面的语句添加到/etc/rc.local

5 安装adodb和base tar zxvf base-1.2.6.tar.gz mv base-1.2.6 /usr/local/snort/base

tar zxvf adodb462.tgz mv adodb /usr/local/snort/

6 配置base_conf.php cd /usr/local/base cp base_conf.php.dist base_conf.php 修改 “base_conf.php” $BASE_urlpath = "/base"; $DBlib_path = "../adodb "; $DBtype = "mysql"; $alert_dbname    = 'snort'; $alert_host      = 'localhost'; $alert_port      = ''; $alert_user      = 'snort'; $alert_password = 'snort';

7 配置apache 在httpd.conf文件中加入如下:      Alias /base /usr/local/snort/base 这样您就可以在 http://ip/base

参考文档 http://download.sso.cn/security/ids/snort_base/snort_base_SSL.pdf http://download.sso.cn/security/ids/snort_base/snort-barnyard.pdf http://download.sso.cn/security/ids/snort_base/Snortman.htm http://www.snort.org/docs/faq.html http://www.snort.org/docs/

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • Jumpserver 重启服务器后要做

    py3study
  • LearnPython - Zip格式文

    py3study
  • ccnp第3讲之笔记 (eigrp)

    eigrp传送的是路由条目,但是接受到了路由条目的路由器并不会马上将条目加入路由表,而是根据接受到的所有路由条目构建一个全网拓扑,然后在计算出最佳路由,再将这个...

    py3study
  • 搭建开源入侵检测系统Snort,并实现与防火墙联动

    之前做入侵检测与防火墙联动时,发现这方面资料较少,研究成功后拿出来和大家分享一下。 Snort作为一款优秀的开源主机入侵检测系统,在windows和Linux平...

    FB客服
  • 关于PLC安全的一次实验

    (1)随着工业 4.0 的高速发展,工业自动化程度越来越高,但工控设备暴露在公网的情况也越发明显。而其中尤其以PLC最为明显,这些PLC设备的来源多为国外厂商,...

    FB客服
  • 基于Kali的Snort配置和入侵检测测试

    snort作为一个开源代码的入侵检测工具,在入侵检测系统开发的过程中有着重要的借鉴意义,其主要有

    FB客服
  • 手动打造Snort+barnyard2+BASE可视化报警平台

    大家在安装基于Snort NIDS系统, 感觉很难,总是出错,其他安装Snort并不难,难的是准备工作做得不充分,如果你做的不好,在配置可视化报警时会遇到各种问...

    OSSIM
  • 谈谈设计中的锚定效应

    “ 锚定效应指个体在进行决策时,会过度偏重先前取得的信息(这称为锚点),即使这个信息与这项决定无关。锚定效应可以理解为一种认知偏差,就是在不知不觉中,思维像被拴...

    Shawn.W
  • JavaSE(八)集合之Set

    今天这一篇把之前没有搞懂的TreeSet中的比较搞得非常的清楚,也懂得了它的底层实现。希望博友提意见! 一、Set接口 1.1、Set集合概述   Set集合:...

    用户1195962
  • Emacs Helm: 使用关键字搜索、获取、执行任何东西

    用户2176428

扫码关注云+社区

领取腾讯云代金券