Snort
توسط
- 2010-12-21 - 03:26 PM (بازدید: 3354)
|
کد:Prerequisites: apache ( with php ), mysql ( Runing ) ---------- mkdir -p /usr/ids cd /usr/ids wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.01.tar.gz wget http://www.sfr-fresh.com/linux/misc/snort-2.9.0.2.tar.bz2 wget http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/b/project/ba/barnyard/barnyard-0.2/0.2.0/barnyard-0.2.0.tar.gz wget http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/s/project/se/secureideas/BASE/base-1.4.3.1/base-1.4.3.1.tar.gz wget http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/a/project/ad/adodb/adodb-php5-only/adodb-511-for-php5/adodb511.tgz mkdir -p /usr/ids/snort mkdir -p /usr/ids/barn tar xvf pcre-8.01.tar.gz tar xvf snort-2.9.0.2.tar.bz2 tar xvf barnyard-0.2.0.tar.gz cd pcre-8.01 ./configure make && make install cd barnyard-0.2.0 ./configure --prefix=/usr/ids/barn --enable-mysql make && make install cd .. cd snort-2.9.0.2 ./configure --prefix=/usr/ids/snort --with-mysql make && make install updatedb locate create_mysql mysqladmin -u root password 'pass' mysql -u root -p create database snort; grant insert,select on root.* to snort@localhost; set password for snort@localhost=password('PASSWORD-SNORT'); grant create,delete,insert,select,update on snort.* to snort@localhost; grant create,delete,insert,select,update on snort.* to snort; exit mysql -u root -p snort < /usr/ids/snort-2.9.0.2/schemas/create_mysql mkdir -p /var/log/snort cp -a /usr/ids/snort-2.9.0.2/etc /usr/ids/snort touch /var/log/snort/snort.log useradd snort nano /etc/passwd snort:x:1001:1001::/dev/null:/bin/false cd /usr/ids tar xvf adodb511.tgz ln -s adodb5 adodb tar xvzf base-1.4.3.1.tar.gz mkdir -p /var/www/html/base ( Fc, Redhat, CentOS ) mkdir -p /var/www/base ( Debian, Ubuntu ) mv base-1.4.3.1/* /var/www/html/base ( Fc, Redhat, CentOS ) mv base-1.4.3.1/* /var/www/base ( Debian, Ubuntu ) cd /var/www/html/base ( Fc, Redhat, CentOS ) cd /var/www/base ( Debian, Ubuntu ) cp base_conf.php.dist base_conf.php nano base_conf.php $Base_urlpath = “/base” $Dblib_path = “/usr/ids/adodb”; Change line 85 and so on to match your mysql database, Such as the username, password etc. egrep -v '^#|^ *$' /usr/ids/snort/etc/snort.conf > /usr/ids/snort/etc/snort.conf.bak mv /usr/ids/snort/etc/snort.conf.bak /usr/ids/snort/etc/snort.conf cd /usr/ids/snort/etc/ wget http://www.bleedingsnort.com/downloads/bleeding.rules.tar.gz tar xvf bleeding.rules.tar.gz nano snort.conf Atached files /usr/ids/snort/bin/snort -c /usr/ids/snort/etc/snort.conf /usr/ids/snort/bin/snort -m 027 -D -d -l /var/log/snort/ -u snort -c /usr/ids/snort/etc/snort.conf http://linux ip/base My Snort Page