View RSS Feed

Peyman Yousefi

Snort

امتیاز
توسط - 2010-12-21 - 03:26 PM (بازدید: 2335)
  
کد:
Prerequisites:

apache ( with php ), mysql ( Runing )
----------
mkdir -p /usr/ids
cd /usr/ids
wget  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.01.tar.gz
wget  http://www.sfr-fresh.com/linux/misc/snort-2.9.0.2.tar.bz2
wget  http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/b/project/ba/barnyard/barnyard-0.2/0.2.0/barnyard-0.2.0.tar.gz
wget   http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/s/project/se/secureideas/BASE/base-1.4.3.1/base-1.4.3.1.tar.gz
wget   http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/a/project/ad/adodb/adodb-php5-only/adodb-511-for-php5/adodb511.tgz

mkdir  -p /usr/ids/snort
mkdir -p /usr/ids/barn

tar xvf  pcre-8.01.tar.gz
tar xvf snort-2.9.0.2.tar.bz2
tar xvf  barnyard-0.2.0.tar.gz

cd pcre-8.01
./configure
make  && make install

cd barnyard-0.2.0
./configure  --prefix=/usr/ids/barn --enable-mysql
make && make install

cd  ..

cd snort-2.9.0.2
./configure --prefix=/usr/ids/snort  --with-mysql
make && make install

updatedb
locate  create_mysql

mysqladmin -u root password 'pass'
mysql -u root  -p
create database snort;
grant insert,select on root.* to  snort@localhost;
set password for  snort@localhost=password('PASSWORD-SNORT');
grant  create,delete,insert,select,update on snort.* to snort@localhost;
grant  create,delete,insert,select,update on snort.* to snort;
exit
mysql  -u root -p snort < /usr/ids/snort-2.9.0.2/schemas/create_mysql

mkdir  -p /var/log/snort
cp -a /usr/ids/snort-2.9.0.2/etc /usr/ids/snort
touch  /var/log/snort/snort.log
useradd snort
nano /etc/passwd
snort:x:1001:1001::/dev/null:/bin/false

cd  /usr/ids
tar xvf adodb511.tgz
ln -s adodb5 adodb
tar xvzf  base-1.4.3.1.tar.gz
mkdir -p /var/www/html/base  ( Fc, Redhat, CentOS  )
mkdir -p /var/www/base  ( Debian, Ubuntu )
mv base-1.4.3.1/*  /var/www/html/base  ( Fc, Redhat, CentOS )
mv base-1.4.3.1/*  /var/www/base  ( Debian, Ubuntu )
cd /var/www/html/base  ( Fc,  Redhat, CentOS )
cd /var/www/base  ( Debian, Ubuntu )
cp  base_conf.php.dist base_conf.php
nano base_conf.php 
$Base_urlpath  = “/base”
$Dblib_path = “/usr/ids/adodb”;
Change line 85 and so  on to match your mysql database, Such as the username, password etc.

egrep  -v '^#|^ *$' /usr/ids/snort/etc/snort.conf >  /usr/ids/snort/etc/snort.conf.bak
mv  /usr/ids/snort/etc/snort.conf.bak /usr/ids/snort/etc/snort.conf
cd  /usr/ids/snort/etc/
wget  http://www.bleedingsnort.com/downloads/bleeding.rules.tar.gz
tar xvf  bleeding.rules.tar.gz
nano snort.conf

  Atached files

/usr/ids/snort/bin/snort  -c /usr/ids/snort/etc/snort.conf
/usr/ids/snort/bin/snort -m 027 -D  -d -l /var/log/snort/ -u snort -c /usr/ids/snort/etc/snort.conf

http://linux  ip/base

My  Snort Page
دسته ها
Linux

نظر