Linux 9系统下构建小型入侵检测系统(2)
2008-02-23 09:45:36来源:互联网 阅读 ()
cp * /etc/snort
cd ./etc
cp snort.conf /etc/snort
cp *.config /etc/snort
5.3修改snort.conf(/etc/snort/snort.conf)
var HOME_NET 10.2.2.0/24 (修改为你的内部网网络地址,我的是
192.168.0.0/24)
var RULE_PATH ./rules 修改为 var RULE_PATH /etc/snort/
改变记录日志数据库:
output database: log, mysql, user=root password=your_password
dbname=snort host=localhost
5.4设置snort为自启动:
在snort安装目录下
cd /contrib
cp S99snort /etc/init.d/snort
vi /etc/init.d/snort
修改snort如下:
CONFIG=/etc/snort/snort.conf
#SNORT_GID=nogroup (注释掉)
#8194;$SNORT_PATH/snort -c ?$CONFIG -i ?$IFACE ?$OPTIONS
(去掉原文件中的 -g ?$SNORT_GID )
chmod 755 /etc/init.d/snort
cd /etc/rc3.d
ln -s /etc/init.d/snort S99snort
ln -s /etc/init.d/snort K99snort
cd /etc/rc5.d
ln -s /etc/init.d/snort S99snort
ln -s /etc/init.d/snort K99snort
四.在mysql中建立数据库
/usr/local/mysql/bin/mysql
mysql>SET PASSWORD FOR root@localhost=PASSWORD('your_password');
mysql>create database snort;
mysql>grant INSERT,SELECT on root.* to snort@localhost;
mysql>quit;
进入snort安装目录:/usr/local/mysql/bin/mysql -p
gt;Enter password:
安装DB表:(在contrib目录)
zcat snortdb-extra.gz | /usr/local/mysql/bin/mysql -p snort
进入mysql数据库,看看snort数据库中的表:
/usr/local/mysql/bin/mysql -p
gt;Enter password:
mysql>show databases;
------------
| Database
------------
| mysql
| snort
| test
------------
3 rows in set (0.00 sec)
mysql>use snort;
mysql>show tables; 将会有这些:
------------------
| Tables_in_snort |
------------------
| data
| detail
| encoding
| event
| flags
| icmphdr
| iphdr
| opt
| protocols
| reference
| reference_system
| schema
| sensor
| services
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
------------------
19 rows in set (0.00 sec)
mysql>exit
五.安装配置Web接口
安装JPGraph1.11
cp jpgraph-1.11.tar.gz /www/htdocs
cd /www/htdocs
tar -xzvf jpgraph-1.xx.tar.gz
rm -rf jpgrap-1.xx.tar.gz
cd jpgraph-1.11
rm -rf README
rm -rf QPL.txt
安装ADODB:
cp adodb330.tgz /www/htdocs/
cd /www/htdocs
tar -xzvf adodb330.tgz
rm -rf adodb330.tgz
安装配置Acid:
cp acid-0.0.6b23.tar.gz /www/htdocs
cd /www/htdocs
tar -xvzf acid-0.9.6b23.tar.gz
rm -rf acid-0.9.6b23.tar.gz
cd /www/htodcs/acid/
编辑acid_conf.php,修改相关配置如下:
#8194;$DBlib_path = "/www/htdocs/adodb";
/* The type of underlying alert database
*
* MySQL : "mysql"
* PostgresSQL : "postgres"
* MS SQL Server : "mssql"
*/
#8194;$DBtype = "mysql";
/* Alert DB connection parameters
* - ?$alert_dbname : MySQL database name of Snort alert DB
* - ?$alert_host : host on which the DB is stored
* - ?$alert_port : port on which to access the DB
* - ?$alert_user : login to the database with this user
* - ?$alert_password : password of the DB user
*
* This information can be gleaned from the Snort database
* output plugin configuration.
*/
#8194;$alert_dbname = "snort";
#8194;$alert_host = "localhost";
#8194;$alert_port = "";
#8194;$alert_user = "root";
#8194;$alert_password = "Your_Password";
/* Archive DB connection parameters */
#8194;$archive_dbname = "snort";
#8194;$archive_host = "localhost";
#8194;$archive_port = "";
#8194;$archive_user = "root";
#8194;$archive_password = "Your_Password ";
And a little further down
#8194;$ChartLib_path = "/www/htdocs/jpgraph-1.11/src";
/* File format of charts ('png', 'jpeg', 'gif') */
#8194;$chart_file_format = "png";
进入web界面:
http://yourhost/acid/acid_main.php
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
