Linux下Snort的安裝配置

Linux下Snort的安裝配置snort是一個免費的基於libpcap的輕量級網路入侵偵測系統。它能夠跨系統平台操作，內建輕量級的入侵偵查工具可以用於監視小型的TCP/IP網路，在進行網路監視時snort能夠把網路資料和規則進行模式比對，從而檢測出可能的入侵企圖，同時它也可以使用SPADE外掛程式，使用統計學方法對網路資料進行異常檢測，這些強大的檢測功能為網路系統管理員對於入侵行為做出適當的反擊提供了足夠的資訊。首先需要下載mysql,apache,php,libpcap,adodb,snort,base等軟體。 libpcap是unix/Linux平台下捕獲網路資料包的函數庫； mysql是資料庫，存放捕獲的資料； apache是web伺服器； php是網頁指令碼語言； adodb為PHP提供資料庫的支援（ADOdb is a database abstraction library for PHP）； base是基本的分析和安全引擎，它以ACID項目的代碼為基礎，提供web前端，查詢和分析來自snort入侵偵測系統的警示（BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system）；apache和php的安裝就是為base服務的。 安裝mysql    groupadd mysql    useradd -g mysql mysql    tar -zxvf mysql-VERSION.tar.gz ln -s mysql-VERSION /usr/local/mysql cd /usr/local/mysql chown -R mysql.mysql . bin/mysql_install_db –user=mysql chown -R root . chown -R mysql data bin/mysqld_safe –user=mysql &   /usr/local/mysql/bin/mysqladmin -u root password root安裝apache tar -zvxf httpd-2.2.3.tar.gz cd httpd-2.2.3 ./configure –prefix=/usr/local/apache –sysconfdir=/etc –enable-modules=so make make install安裝php tar zxvf jpegsrc-6b.tar.gz cd jpeg-6b ./configure make mkdir -p /usr/local/man/man1 make install make install-lib tar zxvf freetype-2.1.10.tar.gz cd freetype-2.1.10 ./configure make make install tar zxvf zlib-1.2.3.tar.gz cd zlib-1.2.3 ./configure make make install tar zxvf libpng-1.2.8-config.tar.gz cd libpng-1.2.8-config cp scripts/makefile.gcmmx makefile make make install tar zxvf gd-2.0.33.tar.gz cd gd-2.0.33 ./configure make make install cp gd.h /usr/local/lib/ tar zxvf libxml2-2.6.22.tar.gz cd libxml2-2.6.22 ./configure make make install tar zxvf libxml2-2.6.22.tar.gz cd libxml2-2.6.22 ./configure make make install tar zxvf php-5.2.tar.gz cd php-5.2 ./configure –prefix=/usr/local/php –with-apxs2=/usr/local/apache/bin/apxs –with-config-file-path=/etc –enable-sockets –with-mysql=/usr/local/mysql –with-gd –with-ttf –with-zlib-dir –with-png-dir –with-jpeg-dir make make install cp ./php.ini-dist /usr/local/php5/etc/php.ini vi /etc/httpd.conf ============================= +LoadModule php5_module modules/libphp5.so +AddType application/x-httpd-php .php .phtml +AddType application/x-httpd-php-source .phps =============================啟動apache #/usr/local/apache/bin/apachctl start安裝libpcap tar -zxvf libpcap-0.9.5.tar.gz cd libpcap-0.9.5 ./configure make make install安裝pcre tar jxvf pcre-7.8.tar.bz2 cd pcre-7.8 ./configure make make install安裝snort tar zxvf snort-2.6.1.tar.gz cd snort-2.6.1 ./configure –prefix=/usr/local/snort –with-mysql=/usr/local/mysql/ make make install cd /usr/local/snort tar zxvf snortrules-snapshot-CURRENT.tar.gz cp /usr/local/src/snort-2.6.1/etc/snort.conf /usr/local/snort/etc/ cp /usr/local/src/snort-2.6.1/etc/*.config /usr/local/snort/etc/ /usr/local/mysql/bin/mysql -u root -p create database snort; create database snort_archive; use snort; source /usr/local/src/snort-2.6.1/schemas/create_mysql; use snort_archive; source /usr/local/src/snort-2.6.1/schemas/create_mysql; mkdir /var/log/snort vi snort.conf ============================= var HOME_NET 10.1.1.0/24 var RULE_PATH /usr/local/snort/rules dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so output database: alert, mysql, user=root password=your_password dbname=snort host=localhost =============================安裝adodb mv adodb493a.gz /usr/local/ cd /usr/local/ tar zxvf adodb493a.gz安裝base cp base-1.1.2.tar.gz /usr/local/apache/htdocs/ cd /usr/local/apache/htdocs tar zxvf base-1.1.2.tar.gz cp base_conf.php.dist base_conf.php vi base_conf.php ================================= $BASE_urlpath = “/base”; $DBlib_path = “/usr/local/adodb”; $DBtype = “mysql”; $alert_dbname = “snort”; $alert_host = “localhost”; $alert_port = “”; $alert_user = “root”; $alert_password = “root”; =================================/usr/local/php/bin/pear install Image_Color-1.0.2.tgz /usr/local/php/bin/pear install Image_Canvas-0.3.0.tgz /usr/local/php/bin/pear install Numbers_Roman-1.0.1.tgz /usr/local/php/bin/pear install Numbers_Words-0.15.0.tgz /usr/local/php/bin/pear install Image_Graph-0.7.2.tgz啟動snort /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort.conf