userli
副版主
帖子
1100
精华
1
无忧币 15413
积分 3303
阅读权限 140
|
发表于:2008-3-22 17:22
标题:Linux操作系统下搭建SNORT入侵检测系统 (2)
<上一帖 |
下一帖>
5、安装snort
tar zxvf snort-(版本号)
进入解压目录
。/configure --with-mysql=/usr/local/mysql
make
make install
6、安装snort规则库
tar zxvf snort rules-(版本号)
生成etc、doc、rules、so.rules四个目录
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort
cp -R rules/* /etc/snort/
cp etc/* /etc/snort
vi /etc/snort/snort.conf
46行改为:var HOME_NET XXX.XXX.XXX.0/24
111行改为:var Rules_PATH /etc/snort/rules
764行改为:output database:log,mysql,user=root,password=XXXX(密码同上),dbname=snort
host=localhost
863--874行去掉#
7、创建snort数据库。
/mysql -u root -p
mysql>create database snort;
>grant INSERT,SELECT on root .* to snort@localhost
>exit
./mydql -u root -p use snort
mysql>show tables
8、安装adodb
tar zxvf adodb-(版本号)
cp adodb /usr/local/apache/htdocs
9、安装jpgraph
tar zxvf jpgraph-(版本号)
移动解压目录到/usr/local/apache/htdocs,并改名为jpgraph
10、安装acid
tar zxvf acid-(版本号)
移动解压目录到/usr/local/apache/htdocs,并改名为acid
vi /acid/acid_conf.php
$DBlib_Path='/usr/local/apache/htdocs/adodb';
$alert_dbname="snort";
$alert_host="localhost";
$alert_port="";
$alert_user="root";
$alert_password="xxxxx(同上)";
$archive_dbname="snort";
$archive_host="localhost";
$archive_port="";
$archive_user="root";
$archive_password="xxxxx(同上)";
$charlLib_path="/usr/local/apache/htdocs/jpgraph/src";
$charl_file_format="png";
11、http://xxx.xxx.xxx.xxx/acid 测试
注: 在安装前应先将编译工具安装。
|
|
|
| 诚征版主 | 版主堂 | 意见建议 | 大史记 | 论坛地图