参考文档:
http://linux.chinaunix.net/bbs/viewthread.php?tid=896814&extra=&highlight=snort&page=1
http://www.snort.org/docs/setup_guides/Snort_Base_Minimal.pdf
一.安装apache mysql php with gd
环境:redhat as4
以前装好的apache+mysql+php
因为php没有支持gd,所以重新编译 安装
Apache 官方主页: http://www.apache.org
PHP 官方主页: http://www.php.net
MySQL 官方主页: http://www.mysql.com
GD 官方主页: http://www.boutell.com/gd/
FreeType 官方主页: http://www.freetype.org
Jpeg 官方主页: http://www.ijg.org
LibPNG 官方主页: http://www.libpng.org/pub/png/
zlib 官方主页: http://www.gzip.org/zlib/
1.
下载所需软件包
wget http://apache.mirror.phpchina.com/httpd/httpd-2.0.61.tar.gz
……
2.
解压安装
tar –zxvf httpd-2.0.61.tar.gz
……
cd zlib-1.2.2
./configure
make
make install
cd freetype-2.1.10
./configure --prefix=/usr/local/freetype
make
make install
cd libpng-1.2.8
./configure
make
make install
cd jpeg-6b
mkdir /usr/local/jpeg
mkdir /usr/local/jpeg/bin
mkdir /usr/local/jpeg/lib
mkdir /usr/local/jpeg/include
mkdir /usr/local/jpeg/man
mkdir /usr/local/jpeg/man/man1
./configure --prefix=/usr/local/jpeg --enable-shared --enable-static
make
make install
cd gd-2.0.33
./configure --prefix=/usr/local/gd /
--with-jpeg=/usr/local/jpeg /
--with-freetype=/usr/local/freetype /
--with-png /
--with-zlib
make
make install
groupadd mysql
useradd -g mysql mysql
cd mysql-4.0.27
./configure --prefix=/usr/local/mysql
make
make install
./scripts/mysql_install_db
chown -R root /usr/local/mysql/
chown -R mysql /usr/local/mysql/var/
chgrp -R mysql /usr/local/mysql/
cp support-files/my-medium.cnf /etc/my.cnf
启动 mysql
/usr/local/mysql/bin/mysqld_safe &
cd httpd-2.0.54
./configure --prefix=/usr/local/httpd /
--enable-so /
--with-mysql=/usr/local/mysqld /
--with-config-file-path=/usr/local/httpd/conf /
--enable-rewrite /
make
make install
cd php-4.3.11
./configure --prefix=/usr/local/php /
--with-apxs2=/usr/local/httpd/bin/apxs /
--with-gd=/usr/local/gd /
--enable-gd /
--with-jpeg-dir=/usr/local/jpeg /
--with-png /
--with-zlib /
--with-freetype-dir=/usr/local/freetype /
--with-mysql=/usr/local/mysql /
--with-mysql-sock=/tmp/mysql.sock /
--with-config-file-path=/usr/local/httpd/conf /
make
make install
cp php.ini-dist /usr/local/httpd/conf/php.ini
编辑 httpd.conf
找到或者添加
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php
编辑 test.php
<?php phpinfo();?>
放到 httpd.conf 指定的文档路径下
启动 apache
访问 http:// 地址 /test.php 如果一切正常应该可以看到 php 信息页。
二.
安装 snort base
1.
安装 snort
wget http://www.snort.org/dl/current/snort-2.8.0.1.tar.gz
tar -xvzf snort-2.8.0.1.tar.gz
cd snort-2.8.0.1
./configure --with-mysql --enable-dynamicplugin
make
make install
groupadd snort
useradd -g snort snort –s /sbin/nologin
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort
cd etc/
注意是 snort 下的 etc 不是 /etc
cp * /etc/snort
wget http://www.snort.org/pub-bin/dow ... rules-pr-2.4.tar.gz
tar –xvzf snortrules-pr-2.4.tar.gz
cd to the rules dir and do the following command
cp * /etc/snort/rules
编辑 snort.conf
var HOME_NET 10.0.0.0/24 ( 内网地址 )
change “var RULE_PATH ../rules” to “var RULE_PATH /etc/snort/rules”
After the line that says
“preprocessor stream4_reassemble”
add a line that looks like
preprocessor stream4_reassemble: both,ports 21 23 25 53 80 110 111 139 143 445 513 1433
设置输出
output database: log, mysql, user=snort password=test dbname=snort host=localhost
就上面这句
我在 password 前面多了一个空格 snort 死活起动不了
折腾了半天。
Change directory to /etc/init.d and type:
wget http://internetsecurityguru.com/snortinit/snort
chmod 755 snort
chkconfig snort on .
/usr/local/mysql/mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
>Query OK, 0 rows affected (0.25 sec)
mysql> create database snort;
>Query OK, 1 row affected (0.01 sec)
mysql> grant INSERT,SELECT on root.* to snort@localhost;
>Query OK, 0 rows affected (0.02 sec)
mysql> SET PASSWORD FOR snort@localhost=PASSWORD(test');
>Query OK, 0 rows affected (0.25 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
>Query OK, 0 rows affected (0.02 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
>Query OK, 0 rows affected (0.02 sec)
mysql> exit
>Bye
mysql -u root -p < /usr/local/snort-2.8.0.1/schemas/create_mysql snort
Enter password: the mysql root password
检查
确定 snort db 创建正确
mysql –u root -p
>Enter password:
mysql> SHOW DATABASES;
(You should see the following)
+------------+
| Database
+------------+
| mysql
| Snort
| test
+------------+
3 rows in set (0.00 sec)
mysql> use snort
>Database changed
mysql> SHOW TABLES;
+------------------+
| Tables_in_snort
+------------------+
Version 15 Page 10 of 19 Updated 8/17/2006 8:30 AM
| data
| detail
| encoding
| event
| icmphdr
| iphdr
| opt
| reference
| reference_system
| schema
| sensor
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
+------------------+
16 rows in set (0.00 sec)
exit;
3.
安装 base
pear install Image_Graph-alpha Image_Canvas-alpha Image_Color
Download ADODB
wget http://easynews.dl.sourceforge.net/sourceforge/adodb/adodb480.tgz
Download BASE
wget http://easynews.dl.sourceforge.n ... s/base-1.2.6.tar.gz
Installing ADODB:
cd /var/www/
tar -xvzf /root/snortinstall/adodb480.tgz
Installing and configuring BASE:
cd /var/www/html
tar –xvzf /root/snortinstall/base-1.2.6.tar.gz
mv base-1.2.6/ base/ (this renames the base-1.2.5 directory to just “base”)
Copy the base_conf.php.dist to base_conf.php
Edit the “base_conf.php” file and insert the following perimeters
$BASE_urlpath = "/base";
$DBlib_path = "/var/www/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "test";
/* Archive DB connection parameters */
$archive_exists = 0; # Set this to 1 if you have an archive DB
启动 snort
service snort start
用
ps –ef | grep httpd
ps –ef | grep mysql
检查 apapche mysql 是否启动。
输入 http://地址/base/访问。
http://linux.chinaunix.net/bbs/viewthread.php?tid=896814&extra=&highlight=snort&page=1
http://www.snort.org/docs/setup_guides/Snort_Base_Minimal.pdf
一.安装apache mysql php with gd
环境:redhat as4
以前装好的apache+mysql+php
因为php没有支持gd,所以重新编译 安装
Apache 官方主页: http://www.apache.org
PHP 官方主页: http://www.php.net
MySQL 官方主页: http://www.mysql.com
GD 官方主页: http://www.boutell.com/gd/
FreeType 官方主页: http://www.freetype.org
Jpeg 官方主页: http://www.ijg.org
LibPNG 官方主页: http://www.libpng.org/pub/png/
zlib 官方主页: http://www.gzip.org/zlib/
1.
下载所需软件包
wget http://apache.mirror.phpchina.com/httpd/httpd-2.0.61.tar.gz
……
2.
解压安装
tar –zxvf httpd-2.0.61.tar.gz
……
cd zlib-1.2.2
./configure
make
make install
cd freetype-2.1.10
./configure --prefix=/usr/local/freetype
make
make install
cd libpng-1.2.8
./configure
make
make install
cd jpeg-6b
mkdir /usr/local/jpeg
mkdir /usr/local/jpeg/bin
mkdir /usr/local/jpeg/lib
mkdir /usr/local/jpeg/include
mkdir /usr/local/jpeg/man
mkdir /usr/local/jpeg/man/man1
./configure --prefix=/usr/local/jpeg --enable-shared --enable-static
make
make install
cd gd-2.0.33
./configure --prefix=/usr/local/gd /
--with-jpeg=/usr/local/jpeg /
--with-freetype=/usr/local/freetype /
--with-png /
--with-zlib
make
make install
groupadd mysql
useradd -g mysql mysql
cd mysql-4.0.27
./configure --prefix=/usr/local/mysql
make
make install
./scripts/mysql_install_db
chown -R root /usr/local/mysql/
chown -R mysql /usr/local/mysql/var/
chgrp -R mysql /usr/local/mysql/
cp support-files/my-medium.cnf /etc/my.cnf
启动 mysql
/usr/local/mysql/bin/mysqld_safe &
cd httpd-2.0.54
./configure --prefix=/usr/local/httpd /
--enable-so /
--with-mysql=/usr/local/mysqld /
--with-config-file-path=/usr/local/httpd/conf /
--enable-rewrite /
make
make install
cd php-4.3.11
./configure --prefix=/usr/local/php /
--with-apxs2=/usr/local/httpd/bin/apxs /
--with-gd=/usr/local/gd /
--enable-gd /
--with-jpeg-dir=/usr/local/jpeg /
--with-png /
--with-zlib /
--with-freetype-dir=/usr/local/freetype /
--with-mysql=/usr/local/mysql /
--with-mysql-sock=/tmp/mysql.sock /
--with-config-file-path=/usr/local/httpd/conf /
make
make install
cp php.ini-dist /usr/local/httpd/conf/php.ini
编辑 httpd.conf
找到或者添加
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php
编辑 test.php
<?php phpinfo();?>
放到 httpd.conf 指定的文档路径下
启动 apache
访问 http:// 地址 /test.php 如果一切正常应该可以看到 php 信息页。
二.
安装 snort base
1.
安装 snort
wget http://www.snort.org/dl/current/snort-2.8.0.1.tar.gz
tar -xvzf snort-2.8.0.1.tar.gz
cd snort-2.8.0.1
./configure --with-mysql --enable-dynamicplugin
make
make install
groupadd snort
useradd -g snort snort –s /sbin/nologin
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort
cd etc/
注意是 snort 下的 etc 不是 /etc
cp * /etc/snort
wget http://www.snort.org/pub-bin/dow ... rules-pr-2.4.tar.gz
tar –xvzf snortrules-pr-2.4.tar.gz
cd to the rules dir and do the following command
cp * /etc/snort/rules
编辑 snort.conf
var HOME_NET 10.0.0.0/24 ( 内网地址 )
change “var RULE_PATH ../rules” to “var RULE_PATH /etc/snort/rules”
After the line that says
“preprocessor stream4_reassemble”
add a line that looks like
preprocessor stream4_reassemble: both,ports 21 23 25 53 80 110 111 139 143 445 513 1433
设置输出
output database: log, mysql, user=snort password=test dbname=snort host=localhost
就上面这句
我在 password 前面多了一个空格 snort 死活起动不了
折腾了半天。
Change directory to /etc/init.d and type:
wget http://internetsecurityguru.com/snortinit/snort
chmod 755 snort
chkconfig snort on .
/usr/local/mysql/mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
>Query OK, 0 rows affected (0.25 sec)
mysql> create database snort;
>Query OK, 1 row affected (0.01 sec)
mysql> grant INSERT,SELECT on root.* to snort@localhost;
>Query OK, 0 rows affected (0.02 sec)
mysql> SET PASSWORD FOR snort@localhost=PASSWORD(test');
>Query OK, 0 rows affected (0.25 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
>Query OK, 0 rows affected (0.02 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
>Query OK, 0 rows affected (0.02 sec)
mysql> exit
>Bye
mysql -u root -p < /usr/local/snort-2.8.0.1/schemas/create_mysql snort
Enter password: the mysql root password
检查
确定 snort db 创建正确
mysql –u root -p
>Enter password:
mysql> SHOW DATABASES;
(You should see the following)
+------------+
| Database
+------------+
| mysql
| Snort
| test
+------------+
3 rows in set (0.00 sec)
mysql> use snort
>Database changed
mysql> SHOW TABLES;
+------------------+
| Tables_in_snort
+------------------+
Version 15 Page 10 of 19 Updated 8/17/2006 8:30 AM
| data
| detail
| encoding
| event
| icmphdr
| iphdr
| opt
| reference
| reference_system
| schema
| sensor
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
+------------------+
16 rows in set (0.00 sec)
exit;
3.
安装 base
pear install Image_Graph-alpha Image_Canvas-alpha Image_Color
Download ADODB
wget http://easynews.dl.sourceforge.net/sourceforge/adodb/adodb480.tgz
Download BASE
wget http://easynews.dl.sourceforge.n ... s/base-1.2.6.tar.gz
Installing ADODB:
cd /var/www/
tar -xvzf /root/snortinstall/adodb480.tgz
Installing and configuring BASE:
cd /var/www/html
tar –xvzf /root/snortinstall/base-1.2.6.tar.gz
mv base-1.2.6/ base/ (this renames the base-1.2.5 directory to just “base”)
Copy the base_conf.php.dist to base_conf.php
Edit the “base_conf.php” file and insert the following perimeters
$BASE_urlpath = "/base";
$DBlib_path = "/var/www/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "test";
/* Archive DB connection parameters */
$archive_exists = 0; # Set this to 1 if you have an archive DB
启动 snort
service snort start
用
ps –ef | grep httpd
ps –ef | grep mysql
检查 apapche mysql 是否启动。
输入 http://地址/base/访问。
安装完之后 遇到了这样几个问题:
1.访问base 点击graph alert data 提示php不支持gd
解决过程 下载所需软件包
FreeType 官方主页: http://www.freetype.org
Jpeg 官方主页: http://www.ijg.org
LibPNG 官方主页: http://www.libpng.org/pub/png/
zlib 官方主页: http://www.gzip.org/zlib/
安装以上软件包
tar –zxvf httpd-2.0.61.tar.gz
……
cd zlib-1.2.2
./configure
make
make install
cd freetype-2.1.10
./configure --prefix=/usr/local/freetype
make
make install
cd libpng-1.2.8
./configure
make
make install
cd jpeg-6b
mkdir /usr/local/jpeg
mkdir /usr/local/jpeg/bin
mkdir /usr/local/jpeg/lib
mkdir /usr/local/jpeg/include
mkdir /usr/local/jpeg/man
mkdir /usr/local/jpeg/man/man1
./configure --prefix=/usr/local/jpeg --enable-shared --enable-static
make
make install
cd gd-2.0.33
./configure --prefix=/usr/local/gd /
--with-jpeg=/usr/local/jpeg /
--with-freetype=/usr/local/freetype /
--with-png /
--with-zlib
make
make install
重新编译安装php
cd php-4.3.11
./configure --prefix=/usr/local/php /
--with-apxs2=/usr/local/httpd/bin/apxs /
--with-gd=/usr/local/gd /
--enable-gd /
--with-jpeg-dir=/usr/local/jpeg /
--with-png /
--with-zlib /
--with-freetype-dir=/usr/local/freetype /
--with-mysql=/usr/local/mysql /
--with-mysql-sock=/tmp/mysql.sock /
--with-config-file-path=/usr/local/httpd/conf /
make
make install
cp php.ini-dist /usr/local/httpd/conf/php.ini
问题解决!
2.访问base 点击graph alert data 提示pear需要Image_graph支持
pear install Image_Color-1.0.2.tgz
install ok: Image_Color 1.0.2
pear install Image_Canvas-0.3.0.tgz
No handlers for pack.xml version 2.0
升级pear
1.pear upgrade pear
返回:
upgrade ok: Structures_Graph 1.0.2
upgrade ok: Archive_Tar 1.3.2
requires package `PEAR' >= 1.3.3
PEAR: Dependencies failed
2.pear install -fa PEAR-1.3.5
返回:
install ok: PEAR 1.3.5
3.pear upgrade --force PEAR-1.4.11
返回:
upgrade ok: PEAR 1.4.11
4.pear upgrade-all
pear install Image_Canvas-0.3.1.tgz
install ok: channel://pear.php.net/Image_Canvas-0.3.1
安装完之后 重试 提示错误信息.在google下搜索找到下面信息:
The problem is with the function VerifyGraphingLib() in base_graph_common.php. It's looking for the folder/file: "Image/Graph.php" which does not exist.
I downloaded the most recent Pear Image Graph, created a folder "Image" in /var/www/html/base and placed Image Graph there (the root comes with Graph.php). Now, instead of the error message, I simply get a blank page. Any guesses?
根据上面提示 自己建立路径:
cd /var/www/html/base
mkdir Image
拷贝 /usr/share/pear/Image下文件至新建立的目录下
重试 ,可以正常访问!
1.访问base 点击graph alert data 提示php不支持gd
解决过程 下载所需软件包
FreeType 官方主页: http://www.freetype.org
Jpeg 官方主页: http://www.ijg.org
LibPNG 官方主页: http://www.libpng.org/pub/png/
zlib 官方主页: http://www.gzip.org/zlib/
安装以上软件包
tar –zxvf httpd-2.0.61.tar.gz
……
cd zlib-1.2.2
./configure
make
make install
cd freetype-2.1.10
./configure --prefix=/usr/local/freetype
make
make install
cd libpng-1.2.8
./configure
make
make install
cd jpeg-6b
mkdir /usr/local/jpeg
mkdir /usr/local/jpeg/bin
mkdir /usr/local/jpeg/lib
mkdir /usr/local/jpeg/include
mkdir /usr/local/jpeg/man
mkdir /usr/local/jpeg/man/man1
./configure --prefix=/usr/local/jpeg --enable-shared --enable-static
make
make install
cd gd-2.0.33
./configure --prefix=/usr/local/gd /
--with-jpeg=/usr/local/jpeg /
--with-freetype=/usr/local/freetype /
--with-png /
--with-zlib
make
make install
重新编译安装php
cd php-4.3.11
./configure --prefix=/usr/local/php /
--with-apxs2=/usr/local/httpd/bin/apxs /
--with-gd=/usr/local/gd /
--enable-gd /
--with-jpeg-dir=/usr/local/jpeg /
--with-png /
--with-zlib /
--with-freetype-dir=/usr/local/freetype /
--with-mysql=/usr/local/mysql /
--with-mysql-sock=/tmp/mysql.sock /
--with-config-file-path=/usr/local/httpd/conf /
make
make install
cp php.ini-dist /usr/local/httpd/conf/php.ini
问题解决!
2.访问base 点击graph alert data 提示pear需要Image_graph支持
pear install Image_Color-1.0.2.tgz
install ok: Image_Color 1.0.2
pear install Image_Canvas-0.3.0.tgz
No handlers for pack.xml version 2.0
升级pear
1.pear upgrade pear
返回:
upgrade ok: Structures_Graph 1.0.2
upgrade ok: Archive_Tar 1.3.2
requires package `PEAR' >= 1.3.3
PEAR: Dependencies failed
2.pear install -fa PEAR-1.3.5
返回:
install ok: PEAR 1.3.5
3.pear upgrade --force PEAR-1.4.11
返回:
upgrade ok: PEAR 1.4.11
4.pear upgrade-all
pear install Image_Canvas-0.3.1.tgz
install ok: channel://pear.php.net/Image_Canvas-0.3.1
安装完之后 重试 提示错误信息.在google下搜索找到下面信息:
The problem is with the function VerifyGraphingLib() in base_graph_common.php. It's looking for the folder/file: "Image/Graph.php" which does not exist.
I downloaded the most recent Pear Image Graph, created a folder "Image" in /var/www/html/base and placed Image Graph there (the root comes with Graph.php). Now, instead of the error message, I simply get a blank page. Any guesses?
根据上面提示 自己建立路径:
cd /var/www/html/base
mkdir Image
拷贝 /usr/share/pear/Image下文件至新建立的目录下
重试 ,可以正常访问!
