Snort 安装指南

最新推荐文章于 2022-01-21 14:00:20 发布

转载最新推荐文章于 2022-01-21 14:00:20 发布 · 145 阅读

0 ·

CC 4.0 BY-SA版权

原文链接：http://blog.51cto.com/zoukejian/56527

文章标签：

#数据库 #php

本文详细介绍了如何在Linux环境下安装配置Snort入侵检测系统及其相关组件，包括Apache、MySQL、PHP等，并提供了BASE Web界面及oinkmaster规则自动更新的安装步骤。

snort 安装指南 <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

一. 准备

1 ．安装 apache, mysql(我是安装在 /opt 目录下的，略)

2 ．安装 php

1). 安装 zlib

./configure --prefix=/opt/zlib-<ver> --shared

make && make install

2). 安装 gd

a. 安装 libpng

b. 安装 jpeg

./configure --prefix=/opt/jpeg-<ver> --enable-shared

make && make test

(if 'make' says it can't find ./libtool, then modify LIBTOOL=./libtool to LIBTOOL=/usr/bin/libtool in Makefile)

mkdir -p /opt/jpeg-<ver>/bin /opt/jpeg-<ver>/man/man1 \

/opt/jpeg-<ver>/include /opt/jpeg-<ver>/lib

# 我不知道，为什么会这样：jpeg 的 make install

# 不会自动创建上述目录。

make install && make install-lib && make install-headers

# export PATH=/opt/libpng-<ver>/bin:$PATH

# CPPFLAGS=-I/opt/libpng-<ver>/include ./configure

--prefix=/opt/gd-<ver> \

--with-png=/opt/libpng-<ver> \

--with-jpeg=/opt/jpeg-<ver>

3). 安装 php

下载并安装 MySQL-shared-community ([url]www.mysql.com[/url])

# cp /usr/lib64/libmysqlclient_r.so* /opt/mysql/lib/mysql/

# ./configure --prefix=/opt/php-<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />5.2.2 \

--with-apxs2=/opt/apache2/bin/apxs \

--with-mysql=/opt/mysql \

--with-gd=/opt/gd-<ver> \

--with-jpeg-dir=/opt/jpeg-<ver> \

--with-png-dir=/opt/libpng-<ver> \

--with-zlib-dir=/opt/zlib-<ver> \

--enable-sockets \

--enable-url-includes \

--enable-track-vars

添加下面两行到 httpd.conf:

# LoadModule foo foo.so( 如果 httpd.conf 已经包含

# LoadModule 语句，则不需要该行)

AddType application/x-httpd-php .php

# make && make test && make install

# cp php.ini-dist /opt/php-<ver>/lib/php.ini

修改 php.ini: mysql.sock=/tmp/mysql.sock(根据 MySQL

的安装配置设置mysql.sock)

# echo "<? phpinfo(); ?>" > /opt/apache2/htdocs/test.php

检查是否能够正常浏览 test.php

4). 安装 pcre

5). 安装 libdnet

6). 安装 libnet

二．安装和配置 snort

1. 安装

# export PATH=/opt/libdnet-<ver>/bin:/opt/\

libnet-<ver>/bin:$PATH

# ./configure --prefix=/opt/snort-2.6.1.4 \

--with-mysql=/opt/mysql \

--with-libpcre-includes=/opt/pcre-<ver>/include \

--with-libpcre-libraries=/opt/pcre-<ver>/lib \

--with-dnet-includes=/opt/libdnet-<ver>/include \

--with-dnet-libraries=/opt/libdnet-<ver>/lib \

--with-libnet-includes=/opt/libnet-<ver>/include/ \

--with-libnet-libraries=/opt/libnet-<ver>/lib \

--enable-gre \

--enable-flexresp2 \

--enable-react \

--enable-dynamicplugin

建立 snort 用户及相关目录

# groupadd snort

# useradd -g snort snort -s /sbin/nologin

# mkdir /etc/snort

# mkdir /etc/snort/rules

# mkdir /var/log/snort

# cd etc/

# cp * /etc/snort

下载并安装 rules

# tar -zxvf snortrules-snapshot-CURRENT.tar.gz

# cd rules

# cp * /etc/snort/rules/

2. 配置

修改 /etc/snort/snort.conf

var HOME_NET

var EXTERNAL_NET !$HOME_NET

preprocessor stream4_reassemble

preprocessor stream4_reassemble: both,ports 21 23 25

53 80 110 111 139 143 445 513 1433

output database: log, mysql, user=snort password=<the password you gave it> dbname=snort host=localhost

配置自动启动

# cd /etc/init.d

# wget [url]http://internetsecurityguru.com/snortinit/snort[/url]

# chmod 755 snort

# chkconfig snort on.

配置 MySQL

mysql>create database snort;

mysql>grant insert,select on root.* to snort@localhost;

mysql>set password for snort@localhost=password

('pwforsnort');

mysql>grant create,insert,select,delete,update on snort.*

to snort@localhost;

mysql>grant create,insert,select,delete,update on snort.*

to snort;

mysql -u admin -p < /opt/software/snort/snort-

2.6.1.4/schemas/create_mysql snort

mysql>show databases;

mysql>use snort;

mysql>show tables;

三．安装 BASE

1. 安装 PEAR 软件包

修改 php.ini： "include_path=.:/opt/php-<ver>/lib/php"

从 pear.php.net 下载下面的三个包: Image_Canvas Image_Color

Image_Graph

安装包：# pear install Image*

2. 安装 ADODB

从 sf.net 上下载

# mv adodb<ver>.tgz /opt/apache2/htdocs/

# tar -zxvf adodb<ver>.tgz

3. 安装 BASE

从 sf.net 上下载

# mv base-<ver> /opt/apache2/htdocs/base

# cp base/base_config.php.dist base/base_config.php

修改 base_config.php

$BASE_urlpath = "/base";

$DBlib_path = "/var/www/adodb/ ";

$DBtype = "mysql";

$alert_dbname = "snort";

$alert_host = "localhost";

$alert_port = "";

$alert_user = "snort";

$alert_password = "password_from_snort_conf";

4. 初始化 BASE

打开 [url]http://yourip/base[/url]

点击 “ setup page ” 链接，在 “ setup page ” 上

点击 “setup BASE AG ”

5. 提示: /etc/snort/snort.conf 文件中的 /usr/local/lib... 可能会

引起问题，如果那样，修改这些

/usr/local/lib... 为正确的路径即可

四．安装 oinkmaster ( 以自动更新 rules)

# mkdir – p /opt/oinkmaster-<ver>/etc \

/opt/oinkmaster-<ver>/bin /etc/snort/backup

# chown -R snort:snort /etc/snort/rules /etc/snort/backup

# cp oinkmaster-<ver>/oinkmaster.pl /opt/oinkmaster-<ver>/bin/

# cp oinkmaster-<ver>/contrib/*.pl /opt/oinkmaster-<ver>/bin/

# cp oinkmaster-<ver>/oinkmaster.conf /opt/oinkmaster-<ver>/etc/

添加如下行到 oinkmaster.conf:

url = [url]http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkmaster[/url] code>/snortrules-snapshot-CURRENT.tar.gz

url = [url]http://www.snort.org/pub-bin/downloads.cgi/Download/[/url]

comm_rules/Community-Rules-CURRENT.tar.gz

url = [url]http://www.bleedingsnort.com/bleeding.rules.tar.gz[/url]

# cd /etc

# /opt/oinkmaster-<ver>/bin/makesidex.pl \

/etc/snort/rules > autodisable.conf

创建脚本 oinkdaily 并加入到 crontab

# cat /opt/oinkmaster/bin/oinkdaily

#!/bin/bash

/opt/oinkmaster-<ver>/bin/oinkmaster.pl \

-C /opt/oinkmaster-<ver>/etc/oinkmaster.conf \

-C /etc/autodisable.conf -o /etc/snort/rules \

-b /etc/snort/backup 2>&1 \

| mail -s "oinkmaster" [email]kejian.zou@m-time.com[/email]

# crontab -u snort -e

30 5 * * * /opt/ oinkmaster-<ver>/bin/oinkdaily

修改 /etc/resolv.conf 和 iptables 以便 crontab 能够发邮件到

[email]kejian.zou@m-time.com[/email]

注:对于很简单的软件安装,./configure & make & make install 就可以搞定

的，没有写出详细的步骤。

转载于:https://blog.51cto.com/zoukejian/56527