Build a small Intrusion Detection System (RedHat9)

Source: Internet
Author: User
Article title: build a small Intrusion Detection System (RedHat9 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
   I. system platform
Redhat9.0 release, install gcc and related library files, it is recommended not to install
Apache, PHP, and MySQL are compiled and installed using the source code. Security-based
You can set iptables to allow only SSH and WWW access.
  
   II. Software
Http://mysql.secsup.org MySQL4.0.12
Snort2.0.0 http://www.snort.org
Http://www.apache.org Apache2.0.45
PHP4.3.1 http://www.php.net.
ADODBv3.30 http://phplens.com
Http://acidlab.sourceforge.net Acid0.9.6b23
Http://flow.dl.sourceforge.net Zlib1.1.4
JPGraph1.11 http://jpgraph.techuk.com
LibPcap0.7.2 http://www.tcpdump.org
  
We recommend that you download http://ftp.cdut.edu.cn/pub/linux/NEW/ at this site
You can also download related xx. src. rpm... from www.rpmfind.com. if the rpm Package is installed,
You can forcibly install it.
Rpm-e-nodeps xx. xx
  
   III. Installation (we recommend that you test all the package files in the same directory)
1. install zlib1.1.4
Tar-xzvf zlib-xx.tar.gz
Cd zlib-xx
./Configure; make test
Make install
Cd ..
2. install LibPcap0.7.2
Tar-xzvf libpcap.tar.gz
Cd libpcap-xx
./Configure
Make
Make install
Cd ..
3. install MySQL4.0.12
3.1 Create a mysql group and a mysql User
Groupadd mysql
Useradd-g mysql
Modify the. bash_profile line under/root:
PATH = $ PATH: $ HOME/bin is
PATH = $ PATH: $ HOME/bin:/usr/local/mysql/bin
3.2 install mysql
Tar-xzvf mysql-xx.tar.gz
Cd mysql-xx
./Configure -- prefix =/usr/local/mysql
Make
Make install
Cd scripts
./Mysql_install_db
Chown-R root/usr/local/mysql
Chown-R mysql/usr/local/mysql/var
Chgrp-R mysql/usr/local/mysql
Cd ../support-files/my-medium.cnf/etc/my. cnf
Add two lines to/etc/ld. so. conf:/usr/local/mysql/lib/mysql
/Usr/local/lib
Load to the database, execute
Ldconfig-v
3.3 test whether mysql works:
Cd/usr/local/mysql/bin/
./Mysqld_safe -- user = mysql &
# Ps-ef | grep mysql
Check whether mysql_safe is working
3.4 set mysql to self-start:
In the support-files directory under the mysql installation directory
Copy the mysql. server file to the/etc/init. d Directory.
Cp mysql. server/etc/init. d/mysql
Chmod 755/etc/init. d/mysql
Create a hard link:
Cd/etc/rc3.d (started in text mode)
Ln-s/etc/init. d/mysql S85mysql
Ln-s/etc/init. d/mysql K85mysql
Cd/etc/rc5.d (graphic startup)
Ln-s/etc/init. d/mysql S85mysql
Ln-s/etc/init. d/mysql K85mysql
  
4. install Apache2.0.45 and PHP4.3.1
Tar-zxvf httpd-2.0.xx.tar.gz
Cd httpd_2.xx.xx
./Configure -- prefix =/www -- enable-so
Note: The apache root directory is/www.
Make
Make install
  
Cd ..
Tar-zxvf php-4.3.x.tar.gz
Cd php-4.3.x
. /Configure -- prefix =/www/php -- with-apxs2 =/www/bin/apxs -- with-config-filepath =/www/php -- enable-sockets -- with-mysql =/usr /local/mysql -- with-zlibdir =/
Usr/local -- with-gd
Note: There is no carriage return in the middle of a row.
Cp php. ini-dist/www/php. ini
Edit httpd. conf (/www/conf ):
Add two rows
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php. php
The content in httpd. conf is as follows:
#
# LoadModule foo_module modules/mod_foo.so
LoadModule php4_module modules/libphp4.so
# AddType allows you to tweak mime. types without actually editing it, or $
# Make certain files to be certain types.
#
AddType application/x-tar. tgz
AddType image/x-icon. ico
AddType application/x-httpd-php. php
  
Set Apache to self-start:
Cp/www/bin/apachectl/etc/init. d/httpd
Cd/etc/rc3.d
Ln-s/etc/init. d/httpd S85httpd
Ln-s/etc/init. d/httpd K85httpd
Cd/etc/rc5.d
Ln-s/etc/init. d/httpd S85httpd
Ln-s/etc/init. d/httpd K85httpd
  
Test PHP:
Cd/etc/init. d
./Httpd start
Create a file test. php under/www/htdocs
Cd/www/htdocs
Vi test. php
Join
   Phpinfo ();
?>
Use a browser to access http: // IP_address/test. php.
System, apache, and php information
  
5. install Snort2.0
5.1 Create an snort configuration file and log Directory
Mkdir/etc/snort
Mkdir/var/log/snort
Tar-zxvf snort-2.x.x.tar.gz
Cd snort-2.x.x
./Configure -- with-mysql =/usr/local/mysql
Make
Make install
5.2 install rules and configuration files
Cd rules (in the snort installation directory)
Cp */etc/snort
Cd ../etc
Cp snort. conf/etc/snort
Cp *. config/etc/snort
5.3 modify snort. conf (/etc/snort. conf)
Var HOME_NET 10.2.2.0/24
192.168.0.0/24)
Var RULE_PATH ../rules to var RULE_PATH/etc/snort/
Change logging database:
Output database: log, mysql, user = root password = your_password
Dbname = snort host = localhost
  
5.4 set snort to self-start:
Under the snort installation directory
Cd/contrib
Cp S99snort/etc/init. d/snort
Vi/etc/init. d/snort
Modify snort as follows:
CONFIG =/etc/snort. conf
# SNORT_GID = nogroup (comment out)
$ SNORT_PATH/snort-c $ CONFIG-I $ IFACE $ OPTIONS
(Remove-g $ SNORT_GID from the original file)
Chmod 755/etc/init. d/snort
Cd/etc/rc3.d
Ln-s/etc/init. d/snort S99snort
Ln-s/etc/init. d/snort K99snort
Cd/etc/rc5.d
Ln-s/etc/init. d/snort S99snort
Ln-s/etc/init. d/snort K99snort
  
   4. create a database in mysql
/Usr/local/mysql/bin/mysql
Mysql> set password for root @ localhost = PASSWORD (your_password );
Mysql> create database snort;
Mysql> grant INSERT, SELECT on root. * to snort @ localhost;
Mysql> quit;
Go to the snort installation directory:/usr/local/mysql/bin/mysql-p <./contrib/create_mysql snort
> Enter password:
  
Install the DB table: (in the contrib directory)
Zcat snortdb-extra.gz |/usr/local/mysql/bin/mysql-p snort
Go to the mysql database and check the table in the snort database:
/Usr/local/mysql/bin/mysql-p
> Enter password:
Mysql> show databases;
+ ------------ +
| Database
+ ------------ +
| Mysql
| Snort
| Test
+ ------------ +
3 rows in set (0.00 sec)
  
Mysql> use snort;
Mysql> show tables; these will be available:
+ ------------------ +
| Tables_in_snort |
+ ------------------ +
| Data
| Detail
| Encoding
| Event
| Flags
| Icmphdr
| Iphdr
| Opt
| Protocols
| Reference
| Reference_system
| Schema
| Sensor
| Services
| Sig_class
| Sig_reference
| Signature
| Tcphdr
| Udphdr
+ ------------------ +
19 rows in set (0.00 sec)
  
Mysql> exit
  
   5. install and configure the Web interface
Install JPGraph1.11
Cp jpgraph-1.11.tar.gz/www/htdocs
Cd/www/htdocs
Tar-xzvf jpgraph-1.xx.tar.gz
Rm-rf jpgrap-1.xx.tar.gz
Cd jpgraph-1.11
Rm-rf README
Rm-rf QPL.txt
Install ADODB:
Cp adodb330.tgz/www/htdocs/
Cd/www/htdocs
Tar-xzvf adodb330.tgz
Rm-rf adodb330.tgz
  
Install and configure Acid:
Cp acid-0.0.6b23.tar.gz/www/htdocs
Cd/www/htdocs
Tar-xvzf acid-0.9.6b23.tar.gz
Rm-rf acid-0.9.6b23.tar.gz
Cd/www/htodcs/acid/
Edit acid_conf.php and modify the configuration as follows:
$ DBlib_path = "/www/htdocs/adodb ";
/* The type of underlying alert database
*
* MySQL: "mysql"
* PostgresSQL: "postgres"
* Ms SQL Server: "mssql"
*/
$ DBtype = "mysql ";
/* Alert DB connection parameters
*-$ Alert_dbname: MySQL database name of Snort alert DB
*-$ Alert_host: host on which the DB is stored
*-$ Alert_port: port on which to access the DB
*-$ Alert_user: login to the database with this user
*-

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.