SNORT入侵檢測系統(tǒng)2

互聯(lián)網 發(fā)布時間：2022-10-14 15:23:40 作者：佚名

我在編譯snort時出現(xiàn)“ERROR! Libpcre header not found, go get it from”的錯誤。這是因為少安裝了一個lib的庫，如果誰出現(xiàn)了這樣的問題

10.安裝 Snort2.4.4

10.1建立snort配置文件和日志目錄

#mkdir /etc/snort

#mkdir /var/log/snort

#tar -zxvf snort-2.4.4.tar.gz

#cd snort-2.4.4

#./configure --with-mysql=/usr/local/mysql

#make

#make install

注意，我在編譯snort時出現(xiàn)“ERROR! Libpcre header not found, go get it from”的錯誤。這是因為少安裝了一個lib的庫，如果誰出現(xiàn)了這樣的問題，就到ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ 下載最新的pcre庫進行安裝。

方法： #tar -zxvf pcre-6.7.tar.gz

#./configure

#make

#make check

#make install

10.2安裝規(guī)則和配置文件

#cd /etc/snort/

#tar ?zxvf /ruanjian/snortrules-snapshot-2.4.tar.gz

#cd /etc/snort/rules (在snort安裝目錄下)

#cp *.conf /etc/snort/.

#cp *.config /etc/snort/.

#cp *.map /etc/snort/.

10.3修改snort.conf (/etc/snort/snort.conf)

var HOME_NET 172.17.4.0/24 (修改為你的內部網網絡地址)

var RULE_PATH ./rules 修改為 var RULE_PATH /etc/snort/

改變記錄日志數(shù)據庫:

log與alert數(shù)據庫要分別建，否則snort啟動當有事件發(fā)生時候要出錯

output database: log, mysql, user=root password=your_password dbname=snort host=localhost

output database: alert, mysql, user=root password=your_password dbname=snort host=localhost

安裝DB表:(在schemas 目錄)

/usr/local/mysql/bin/mysql -u root -p <create_mysql snort //為snort建立數(shù)據表

11.安裝配置Web接口

安裝JPGraph2.1.1

#cp jpgraph-2.1.1.tar.gz /home

#cd /home

#tar -xzvf jpgraph-2.1.1.tar.gz

#mv jpgraph-2.1.1 jpgraph

安裝ADODB:

#cp adodb480.gz /home

#cd /home

#tar -xzvf adodb480.gz

安裝配置Acid:

#cp acid-0.9.6b23.tar.gz /home

#cd /home

#tar -xvzf acid-0.9.6b23.tar.gz

#cd /home/acid/

編輯acid_conf.php,修改相關配置如下:

$DBlib_path = "/home/adodb";

$DBtype = "mysql";

$alert_dbname = "snort";

$alert_host = "localhost";

$alert_port = "";

$alert_user = "root";

$alert_password = "xiangqian";

$archive_dbname = "snort";

$archive_host = "localhost";

$archive_port = "";

$archive_user = "root";

$archive_password = "xiangqian";

$ChartLib_path = "/home/jpgraph/src";

運行snort把數(shù)據寫入mysql

# snort -c /etc/snort/snort.conf

進入web界面:

http://yourhost/acid/acid_main.php

點"Setup Page"鏈接 ->Create Acid AG

訪問http://yourhost/acid將會看到ACID界面。