I. System Platform
Redhat9.0 release, install GCC and related library files, it is recommended not to install
Apache, PHP, and MySQL are compiled and installed using the source code. Security-based
You can set iptables to allow only SSH and WWW access.
Ii. Software
Http://mysql.secsup.org mysql4.0.12
Snort2.0.0 http://www.snort.org
Http://www.apache.org apache2.0.45
Php4.3.1 http://www.php.net.
Adodbv3.30 http://phplens.com
Http://acidlab.sourceforge.net acid0.9.6b23
Http://flow.dl.sourceforge.net zlib1.1.4
Jpgraph1.11 http://jpgraph.techuk.com
Libpcap0.7.2 http://www.tcpdump.org
We recommend that you download http://ftp.cdut.edu.cn/pub/linux/NEW/ at this site
You can also go to the http://www.rpmfind.com to download the related XX. SRC. RPM compilation installation. If the RPM package is installed, You can forcibly uninstall it.
Rpm-e-nodeps xx. xx
Iii. Installation (we recommend that you test all the package files in the same directory)
1. Install zlib1.1.4
Tar-xzvf zlib-xx.tar.gz
CD zlib-xx
/Configure; Make Test
Make install
CD ..
2. Install libpcap0.7.2
Tar-xzvf libpcap.tar.gz
CD libpcap-xx
/Configure
Make
Make install
CD ..
3. Install mysql4.0.12
3.1 create a MySQL group and a MySQL user
Groupadd MySQL
Useradd-G MySQL
Modify the. bash_profile line under/root:
Path =? $ Path :? $ Home/bin is
Path =? $ Path :? $ Home/bin:/usr/local/MySQL/bin
3.2 install MySQL
Tar-xzvf mysql-xx.tar.gz
CD mysql-xx
/Configure -- prefix =/usr/local/MySQL
Make
Make install
CD scripts
/Mysql_install_db
Chown-r root/usr/local/MySQL
Chown-r MySQL/usr/local/MySQL/var
Chgrp-r MySQL/usr/local/MySQL
CD./support-files/my-medium.cnf/etc/My. CNF
Add two lines to/etc/lD. So. conf:/usr/local/MySQL/lib/MySQL
/Usr/local/lib
Load to the database, execute
Ldconfig-V
3.3 test whether MySQL works:
CD/usr/local/MySQL/bin/
/Mysqld_safe -- user = MySQL &
# Ps-Ef | grep MySQL
Check whether mysql_safe is working
3.4 set MySQL to self-start:
In the support-Files directory under the MySQL installation directory
Copy the mysql. Server File to the/etc/init. d directory.
CP mysql. Server/etc/init. d/MySQL
Chmod 755/etc/init. d/MySQL
Create a hard link:
CD/etc/rc3.d (started in text mode)
Ln-S/etc/init. d/MySQL s85mysql
Ln-S/etc/init. d/MySQL k85mysql
CD/etc/rc5.d (Graphic startup)
Ln-S/etc/init. d/MySQL s85mysql
Ln-S/etc/init. d/MySQL k85mysql
4. Install apache2.0.45 and php4.3.1
Tar-zxvf httpd-2.0.xx.tar.gz
CD httpd_2.xx.xx
/Configure -- prefix =/WWW -- enable-so
Note: The Apache root directory is/www.
Make
Make install
CD ..
Tar-zxvf php-4.3.x.tar.gz
CD php-4.3.x
/Configure -- prefix =/www/PHP -- with-apxs2 =/www/bin/apxs -- With-config-filepath =/www/PHP -- enable-sockets -- With-mysql =/usr /local/MySQL -- With-zlibdir =/
Usr/local -- With-Gd
Note: There is no carriage return in the middle of a row.
Cp php. ini-Dist/www/PHP. ini
Edit httpd. conf (/www/conf ):
Add two rows
Loadmodule php4_module modules/libphp4.so
Addtype application/X-httpd-PHP. php
The content in httpd. conf is as follows:
#
# Loadmodule foo_module modules/mod_foo.so
Loadmodule php4_module modules/libphp4.so
# Addtype allows you to tweak mime. types without actually editing it, or? $
# Make certain files to be certain types.
#
Addtype application/X-tar. tgz
Addtype image/X-icon. ICO
Addtype application/X-httpd-PHP. php
Set Apache to self-start:
CP/www/bin/apachectl/etc/init. d/httpd
CD/etc/rc3.d
Ln-S/etc/init. d/httpd s85httpd
Ln-S/etc/init. d/httpd k85httpd
CD/etc/rc5.d
Ln-S/etc/init. d/httpd s85httpd
Ln-S/etc/init. d/httpd k85httpd
Test PHP:
CD/etc/init. d
/Httpd start
Create a file test. php under/www/htdocs
CD/www/htdocs
VI test. php
Join
Lt ;? PHP
Hpinfo ();
?>
Use a browser to access http: // ip_address/test. php.
System, Apache, and PHP Information
5. Install snort2.0
5.1 create an snort configuration file and log directory
Mkdir/etc/snort
Mkdir/var/log/snort
Tar-zxvf snort-2.x.x.tar.gz
CD snort-2.x.x
/Configure -- With-mysql =/usr/local/MySQL
Make
Make install
5.2 install rules and configuration files
CD Rules (in the Snort installation directory)
Cp */etc/snort
CD./etc
CP snort. CONF/etc/snort
Cp *. config/etc/snort
5.3 modify snort. conf (/etc/snort. conf)
VaR home_net 10.2.2.0/24
192.168.0.0/24)
VaR rule_path./rules to VaR rule_path/etc/snort/
Change logging database:
Output Database: log, MySQL, user = Root Password = your_password
Dbname = snort host = localhost
5.4 set snort to self-start:
Under the Snort installation directory
CD/contrib
CP s99snort/etc/init. d/snort
VI/etc/init. d/snort
Modify snort as follows:
Config =/etc/snort. conf
# Snort_gid = nogroup (comment out)
#8194; $ snort_path/snort-C? $ Config-I? $ Iface? $ Options
(Remove the-G? $ Snort_gid)
Chmod 755/etc/init. d/snort
CD/etc/rc3.d
Ln-S/etc/init. d/snort s99snort
Ln-S/etc/init. d/snort k99snort
CD/etc/rc5.d
Ln-S/etc/init. d/snort s99snort
Ln-S/etc/init. d/snort k99snort
4. Create a database in MySQL
/Usr/local/MySQL/bin/MySQL
Mysql> set password for root @ localhost = PASSWORD ('your _ password ');
Mysql> Create Database snort;
Mysql> grant insert, select on root. * to snort @ localhost;
Mysql> quit;
Go to the Snort installation directory:/usr/local/MySQL/bin/MySQL-P
GT; enter password:
Install the DB table: (in the contrib directory)
Zcat snortdb-extra.gz |/usr/local/MySQL/bin/MySQL-P snort
Go to the MySQL database and check the table in the Snort database:
/Usr/local/MySQL/bin/MySQL-P
GT; enter password:
Mysql> show databases;
+ ------------ +
| Database
+ ------------ +
| MySQL
| Snort
| Test
+ ------------ +
3 rows in SET (0.00 Sec)
Mysql> use Snort;
Mysql> show tables; these will be available:
+ ------------------ +
| Tables_in_snort |
+ ------------------ +
| Data
| Detail
| Encoding
| Event
| Flags
| Icmphdr
| Iphdr
| OPT
| Protocols
| Reference
| Reference_system
| Schema
| Sensor
| Services
| Sig_class
| Sig_reference
| Signature
| Tcphdr
| Udphdr
+ ------------------ +
19 rows in SET (0.00 Sec)
Mysql> exit
5. install and configure the web interface
Install jpgraph1.11
CP jpgraph-1.11.tar.gz/www/htdocs
CD/www/htdocs
Tar-xzvf jpgraph-1.xx.tar.gz
Rm-RF jpgrap-1.xx.tar.gz
CD jpgraph-1.11
Rm-RF readme
Rm-RF qpl.txt
Install ADODB:
CP adodb330.tgz/www/htdocs/
CD/www/htdocs
Tar-xzvf adodb330.tgz
Rm-RF adodb330.tgz
Install and configure acid:
CP acid-0.0.6b23.tar.gz/www/htdocs
CD/www/htdocs
Tar-xvzf acid-0.9.6b23.tar.gz
Rm-RF acid-0.9.6b23.tar.gz
CD/www/htodcs/acid/
Edit acid_conf.php and modify the configuration as follows:
#8194; $ dblib_path = "/www/htdocs/ADODB ";
/* The type of underlying alert Database
*
* MYSQL: "MySQL"
* Postgressql: "Postgres"
* Ms SQL SERVER: "MSSQL"
*/
#8194; $ dbtype = "MySQL ";
/* Alert dB connection Parameters
*-? $ Alert_dbname: MySQL Database Name of Snort alert DB
*-? $ Alert_host: Host on which the DB is stored
*-? $ Alert_port: port on which to access the DB
*-? $ Alert_user: login to the database with this user
*-? $ Alert_password: password of the DB user
*
* This information can be gleaned from the Snort Database
* Output plugin configuration.
*/
#8194; $ alert_dbname = "snort ";
#8194; $ alert_host = "localhost ";
#8194; $ alert_port = "";
#8194; $ alert_user = "root ";
#8194; $ alert_password = "your_password ";
/* Archive dB connection parameters */
#8194; $ archive_dbname = "snort ";
#8194; $ archive_host = "localhost ";
#8194; $ archive_port = "";
#8194; $ archive_user = "root ";
#8194; $ archive_password = "your_password ";
And a little further down
#8194; $ chartlib_path = "/www/htdocs/jpgraph-1.11/src ";
/* File format of charts ('png ', 'jpeg', 'gif ')*/
#8194; $ chart_file_format = "PNG ";
Go to the web page:
Http: // yourhost/acid/acid_main.php
Click "Setup page" link-> Create acid AG
Access http: // yourhost/acid to view the acid interface.
Vi. Test System
Restart the system or directly start related background programs:
/Etc/init. d/MySQL restart
/Etc/init. d/snort start
/Etc/init. d/httpd start
Use Nmap, Nessus, CIS or X-scan to scan the system,
Generates alert records.
Http: // yourhost/acid.
So far, a powerful IDs configuration has been completed. You can use the web interface
Remote Login, monitor the local area network of the host, and install phpMyAdmin to MySQL
Database Operations.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
