在ubuntu9.04中安装Snort
Net 2009-10-09 10:24 阅读5 评论0 字号: 大大 中中 小小 1、
sudo apt-get install libpcap0.8-dev
sudo apt-get install libmysqlclient15-dev
sudo apt-get install mysql-client-5.0
sudo apt-get install mysql-server-5.0 -----密码admin
sudo apt-get install bison
sudo apt-get install flex
sudo apt-get install apache2
sudo apt-get install libapache2-mod-php5
sudo apt-get install php5-gd
sudo apt-get install php5-mysql
sudo apt-get install libphp-adodb
sudo apt-get install php-pear
2、
sudo -i
# Then your password
apt-get install libc6-dev g++ gcc
3、
cd /root
mkdir snorttmp
cd /root/snorttmp
wget http://dl.snort.org/snort-current/snort-2.8.5.tar.gz
tar -xzvf /root/snorttmp/snort-2.8.5.tar.gz
rm /root/snorttmp/snort-2.8.5.tar.gz
4、
cd /root/snorttmp/snort-2.8.5
wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz
tar -xzvf /root/snorttmp/snort-2.8.5/snortrules-pr-2.4.tar.gz
rm /root/snorttmp/snort-2.8.5/snortrules-pr-2.4.tar.gz
5、
cd /root/snorttmp
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz
tar -xzvf /root/snorttmp/pcre-7.4.tar.gz
rm /root/snorttmp/pcre-7.4.tar.gz
6、
cd /root/snorttmp
wget http://downloads.sourceforge.net/secureideas/base-1.3.8.tar.gz?modtime=1183896336&big_mirror=0
tar -xzvf /root/snorttmp/base-1.3.8.tar.gz
rm /root/snorttmp/base-1.3.8.tar.gz
7、
cd /root/snorttmp
wget http://downloads.sourceforge.net/adodb/adodb502a.tgz?modtime=1191343792&big_mirror=0
tar -xzvf /root/snorttmp/adodb502a.tgz
rm /root/snorttmp/adodb502a.tgz
ls /root/snorttmp
You should see the following folders,
adodb5
base-1.3.8
pcre-7.4
snort-2.8.5
8、
a. PCRE install.
cd /root/snorttmp/pcre-7.4
./configure
make
make install
b. Snort install.
cd /root/snorttmp/snort-2.8.5
Here we will do a make/install
./configure -enable-dynamicplugin --with-mysql
make
make install
9、
mkdir /etc/snort /etc/snort/rules /var/log/snort
cd /root/snorttmp/snort-2.8.5/rules
cp * /etc/snort/rules/
cd /root/snorttmp/snort-2.8.5/etc
cp * /etc/snort/
cp /usr/local/lib/libpcre.so.0 /usr/lib
10、
vim /etc/snort/snort.conf
Change "var HOME_NET any" to "var HOME_NET 192.168.1.0/24" (your home network may differ from 192.168.1.0)
Change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET" (this is stating everything except HOME_NET is external)
Change "var RULE_PATE ../rules" to "var RULE_PATH /etc/snort/rules"
Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.
Save and quit.
11、
mysql -u root -p
mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');
mysql> create database snort;
mysql> exit
mysql -D snort -u root -p < /root/snorttmp/snort-2.8.0/schemas/create_mysql
vim /etc/snort/rules/web-misc.rules
Comment out line's 97, 98, and 452 with a "#" (no quotes).
12、
snort -c /etc/snort/snort.conf
If everything went well you should see an ascii pig.
To end the test hit ctrl + c.
13、
vim /var/www/test.php
write in it:
<?php
phpinfo();
?>
vim /etc/php5/apache2/php.ini
You need to add the following under "Dynamic Extensions".
extension=mysql.so
extension=gd.so
/etc/init.d/apache2 restart
ifconfig -a
14、
mv /root/snorttmp/adodb5 /var/www/
mkdir /var/www/web
mv /root/snorttmp/base-1.3.8 /var/www/web/
chmod 757 /var/www/web/base-1.3.8
vim /var/www/web/base-1.3.8/setup/setup1.php
Find the line that says "base_header" and change it to "header".
Save and exit.
pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha
15、
Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/base-1.3.8/setup.
Click continue on the first page.
Step 1 of 5: Enter the path to ADODB.
This is /var/www/adodb5.
Step 2 of 5:
Database type = MySQL, Database name = snort, Database Host = localhost, Database username = root, Database Password =
YOUR_PASSWORD
Step 3 of 5: If you want to use authentication enter a username and password here.
Step 4 of 5: Click on Create BASE AG.
Step 5 of 5: one step 4 is done at the bottom click on Now continue to step 5.
Bookmark this page.
Change the permissions back on the /var/www/web/base-1.3.8 folder.
# chmod 775 /var/www/web/base-1.3.8
We are done. Congrats!!!
To start Snort in the terminal type:
# snort -c /etc/snort/snort.conf -i eth0 -D
This starts snort using eth0 interface in a daemon mode.
To make sure it is running you can check with the following command:
# ps aux | grep snort
If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.
If you would like to learn how to write your own Snort rules there is a guide at
http://www.snort.org/docs/snort_manual/node16.html.
Good luck.
Net 2009-10-09 10:24 阅读5 评论0 字号: 大大 中中 小小 1、
sudo apt-get install libpcap0.8-dev
sudo apt-get install libmysqlclient15-dev
sudo apt-get install mysql-client-5.0
sudo apt-get install mysql-server-5.0 -----密码admin
sudo apt-get install bison
sudo apt-get install flex
sudo apt-get install apache2
sudo apt-get install libapache2-mod-php5
sudo apt-get install php5-gd
sudo apt-get install php5-mysql
sudo apt-get install libphp-adodb
sudo apt-get install php-pear
2、
sudo -i
# Then your password
apt-get install libc6-dev g++ gcc
3、
cd /root
mkdir snorttmp
cd /root/snorttmp
wget http://dl.snort.org/snort-current/snort-2.8.5.tar.gz
tar -xzvf /root/snorttmp/snort-2.8.5.tar.gz
rm /root/snorttmp/snort-2.8.5.tar.gz
4、
cd /root/snorttmp/snort-2.8.5
wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz
tar -xzvf /root/snorttmp/snort-2.8.5/snortrules-pr-2.4.tar.gz
rm /root/snorttmp/snort-2.8.5/snortrules-pr-2.4.tar.gz
5、
cd /root/snorttmp
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz
tar -xzvf /root/snorttmp/pcre-7.4.tar.gz
rm /root/snorttmp/pcre-7.4.tar.gz
6、
cd /root/snorttmp
wget http://downloads.sourceforge.net/secureideas/base-1.3.8.tar.gz?modtime=1183896336&big_mirror=0
tar -xzvf /root/snorttmp/base-1.3.8.tar.gz
rm /root/snorttmp/base-1.3.8.tar.gz
7、
cd /root/snorttmp
wget http://downloads.sourceforge.net/adodb/adodb502a.tgz?modtime=1191343792&big_mirror=0
tar -xzvf /root/snorttmp/adodb502a.tgz
rm /root/snorttmp/adodb502a.tgz
ls /root/snorttmp
You should see the following folders,
adodb5
base-1.3.8
pcre-7.4
snort-2.8.5
8、
a. PCRE install.
cd /root/snorttmp/pcre-7.4
./configure
make
make install
b. Snort install.
cd /root/snorttmp/snort-2.8.5
Here we will do a make/install
./configure -enable-dynamicplugin --with-mysql
make
make install
9、
mkdir /etc/snort /etc/snort/rules /var/log/snort
cd /root/snorttmp/snort-2.8.5/rules
cp * /etc/snort/rules/
cd /root/snorttmp/snort-2.8.5/etc
cp * /etc/snort/
cp /usr/local/lib/libpcre.so.0 /usr/lib
10、
vim /etc/snort/snort.conf
Change "var HOME_NET any" to "var HOME_NET 192.168.1.0/24" (your home network may differ from 192.168.1.0)
Change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET" (this is stating everything except HOME_NET is external)
Change "var RULE_PATE ../rules" to "var RULE_PATH /etc/snort/rules"
Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.
Save and quit.
11、
mysql -u root -p
mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');
mysql> create database snort;
mysql> exit
mysql -D snort -u root -p < /root/snorttmp/snort-2.8.0/schemas/create_mysql
vim /etc/snort/rules/web-misc.rules
Comment out line's 97, 98, and 452 with a "#" (no quotes).
12、
snort -c /etc/snort/snort.conf
If everything went well you should see an ascii pig.
To end the test hit ctrl + c.
13、
vim /var/www/test.php
write in it:
<?php
phpinfo();
?>
vim /etc/php5/apache2/php.ini
You need to add the following under "Dynamic Extensions".
extension=mysql.so
extension=gd.so
/etc/init.d/apache2 restart
ifconfig -a
14、
mv /root/snorttmp/adodb5 /var/www/
mkdir /var/www/web
mv /root/snorttmp/base-1.3.8 /var/www/web/
chmod 757 /var/www/web/base-1.3.8
vim /var/www/web/base-1.3.8/setup/setup1.php
Find the line that says "base_header" and change it to "header".
Save and exit.
pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha
15、
Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/base-1.3.8/setup.
Click continue on the first page.
Step 1 of 5: Enter the path to ADODB.
This is /var/www/adodb5.
Step 2 of 5:
Database type = MySQL, Database name = snort, Database Host = localhost, Database username = root, Database Password =
YOUR_PASSWORD
Step 3 of 5: If you want to use authentication enter a username and password here.
Step 4 of 5: Click on Create BASE AG.
Step 5 of 5: one step 4 is done at the bottom click on Now continue to step 5.
Bookmark this page.
Change the permissions back on the /var/www/web/base-1.3.8 folder.
# chmod 775 /var/www/web/base-1.3.8
We are done. Congrats!!!
To start Snort in the terminal type:
# snort -c /etc/snort/snort.conf -i eth0 -D
This starts snort using eth0 interface in a daemon mode.
To make sure it is running you can check with the following command:
# ps aux | grep snort
If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.
If you would like to learn how to write your own Snort rules there is a guide at
http://www.snort.org/docs/snort_manual/node16.html.
Good luck.
4475
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
