snort 安装指南
一. 准备
1
.安装 apache, mysql(我是安装在 /opt 目录下的,略)
2
.安装 php
1).
安装 zlib
./configure --prefix=/opt/zlib-<ver> --shared
make && make install
2).
安装 gd
a.
安装 libpng
b.
安装 jpeg
./configure --prefix=/opt/jpeg-<ver> --enable-shared
make && make test
(if 'make' says it can't find ./libtool, then modify LIBTOOL=./libtool to LIBTOOL=/usr/bin/libtool in Makefile)
mkdir -p /opt/jpeg-<ver>/bin /opt/jpeg-<ver>/man/man1 \
/opt/jpeg-<ver>/include /opt/jpeg-<ver>/lib
#
我不知道,为什么会这样:jpeg 的 make install
# 不会自动创建上述目录。
make install && make install-lib && make install-headers
# export PATH=/opt/libpng-<ver>/bin:$PATH
# CPPFLAGS=-I/opt/libpng-<ver>/include ./configure
--prefix=/opt/gd-<ver> \
--with-png=/opt/libpng-<ver> \
--with-jpeg=/opt/jpeg-<ver>
3).
安装 php
下载并安装 MySQL-shared-community ([url]www.mysql.com[/url])
# cp /usr/lib64/libmysqlclient_r.so* /opt/mysql/lib/mysql/
# ./configure --prefix=/opt/php-5.2.2 \
--with-apxs2=/opt/apache2/bin/apxs \
--with-mysql=/opt/mysql \
--with-gd=/opt/gd-<ver> \
--with-jpeg-dir=/opt/jpeg-<ver> \
--with-png-dir=/opt/libpng-<ver> \
--with-zlib-dir=/opt/zlib-<ver> \
--enable-sockets \
--enable-url-includes \
--enable-track-vars
添加下面两行到 httpd.conf:
# LoadModule foo foo.so(
如果 httpd.conf 已经包含
# LoadModule 语句,则不需要该行)
AddType application/x-httpd-php .php
# make && make test && make install
# cp php.ini-dist /opt/php-<ver>/lib/php.ini
修改 php.ini: mysql.sock=/tmp/mysql.sock(根据 MySQL
的安装配置设置mysql.sock)
# echo "<? phpinfo(); ?>" > /opt/apache2/htdocs/test.php
检查是否能够正常浏览 test.php
4).
安装 pcre
5).
安装 libdnet
6).
安装 libnet
二.安装和配置 snort
1.
安装
# export PATH=/opt/libdnet-<ver>/bin:/opt/\
libnet-<ver>/bin:$PATH
# ./configure --prefix=/opt/snort-2.6.1.4 \
--with-mysql=/opt/mysql \
--with-libpcre-includes=/opt/pcre-<ver>/include \
--with-libpcre-libraries=/opt/pcre-<ver>/lib \
--with-dnet-includes=/opt/libdnet-<ver>/include \
--with-dnet-libraries=/opt/libdnet-<ver>/lib \
--with-libnet-includes=/opt/libnet-<ver>/include/ \
--with-libnet-libraries=/opt/libnet-<ver>/lib \
--enable-gre \
--enable-flexresp2 \
--enable-react \
--enable-dynamicplugin
建立 snort 用户及相关目录
# groupadd snort
# useradd -g snort snort -s /sbin/nologin
# mkdir /etc/snort
# mkdir /etc/snort/rules
# mkdir /var/log/snort
# cd etc/
# cp * /etc/snort
下载并安装 rules
# tar -zxvf snortrules-snapshot-CURRENT.tar.gz
# cd rules
# cp * /etc/snort/rules/
2.
配置
修改 /etc/snort/snort.conf
var HOME_NET
var EXTERNAL_NET !$HOME_NET
preprocessor stream4_reassemble
preprocessor stream4_reassemble: both,ports 21 23 25
53 80 110 111 139 143 445 513 1433
output database: log, mysql, user=snort password=<the password you gave it> dbname=snort host=localhost
配置自动启动
# cd /etc/init.d
# wget [url]http://internetsecurityguru.com/snortinit/snort[/url]
# chmod 755 snort
# chkconfig snort on.
配置 MySQL
mysql>create database snort;
mysql>grant insert,select on root.* to snort@localhost;
mysql>set password for snort@localhost=password
('pwforsnort');
mysql>grant create,insert,select,delete,update on snort.*
to snort@localhost;
mysql>grant create,insert,select,delete,update on snort.*
to snort;
mysql -u admin -p < /opt/software/snort/snort-
2.6.1.4/schemas/create_mysql snort
mysql>show databases;
mysql>use snort;
mysql>show tables;
三.安装 BASE
1.
安装 PEAR 软件包
修改 php.ini: "include_path=.:/opt/php-<ver>/lib/php"
从 pear.php.net 下载下面的三个包: Image_Canvas Image_Color
Image_Graph
安装包:# pear install Image*
2.
安装 ADODB
从 sf.net 上下载
# mv adodb<ver>.tgz /opt/apache2/htdocs/
# tar -zxvf adodb<ver>.tgz
3.
安装 BASE
从 sf.net 上下载
# mv base-<ver> /opt/apache2/htdocs/base
# cp base/base_config.php.dist base/base_config.php
修改 base_config.php
$BASE_urlpath = "/base";
$DBlib_path = "/var/www/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "password_from_snort_conf";
4.
初始化 BASE
点击
“
setup page
”
链接,在
“
setup page
”
上
点击 “setup BASE AG
”
5.
提示: /etc/snort/snort.conf 文件中的 /usr/local/lib... 可能会
引起问题,如果那样,修改这些
/usr/local/lib...
为正确的路径即可
四.安装 oinkmaster
(
以自动更新 rules)
# mkdir
–
p /opt/oinkmaster-<ver>/etc \
/opt/oinkmaster-<ver>/bin /etc/snort/backup
# chown -R snort:snort /etc/snort/rules /etc/snort/backup
# cp oinkmaster-<ver>/oinkmaster.pl /opt/oinkmaster-<ver>/bin/
# cp oinkmaster-<ver>/contrib/*.pl /opt/oinkmaster-<ver>/bin/
# cp oinkmaster-<ver>/oinkmaster.conf /opt/oinkmaster-<ver>/etc/
添加如下行到 oinkmaster.conf:
url = [url]http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkmaster[/url] code>/snortrules-snapshot-CURRENT.tar.gz
comm_rules/Community-Rules-CURRENT.tar.gz
url = [url]http://www.bleedingsnort.com/bleeding.rules.tar.gz[/url]
# cd /etc
# /opt/oinkmaster-<ver>/bin/makesidex.pl \
/etc/snort/rules >
autodisable.conf
创建脚本 oinkdaily 并加入到 crontab
# cat /opt/oinkmaster/bin/oinkdaily
#!/bin/bash
#
/opt/oinkmaster-<ver>/bin/oinkmaster.pl \
-C /opt/oinkmaster-<ver>/etc/oinkmaster.conf \
-C /etc/autodisable.conf -o /etc/snort/rules \
-b /etc/snort/backup 2>&1 \
| mail -s "oinkmaster" [email]kejian.zou@m-time.com[/email]
# crontab -u snort -e
30 5 * * * /opt/ oinkmaster-<ver>/bin/oinkdaily
修改 /etc/resolv.conf 和 iptables 以便 crontab 能够发邮件到
注:对于很简单的软件安装,./configure & make & make install 就可以搞定
的,
没有写出详细的步骤。
本文转自zkjian517 51CTO博客,原文链接:http://blog.51cto.com/zoukejian/56527
