安装环境
- 操作系统: Windows 7
- 所需软件:
- 虚拟机:VMware
- 网络数据包截取驱动程序:WinPcap 4.1.3 (WinPcap_4_1_3.exe)
- Windows版本的Snort安装包:Snort 2.8.6 for Win32 (Snort_2_8_6_Installer.exe)
- 官方认证Snort规则库:snortrules-snapshot-2900.tar.gz
- 数据库组件及分析平台:AppServ 8.6.0 (appserv-win32-8.6.0.exe)
- WEB前端:Basic Analysis and Security Engine 1.4.5 (base-1.4.5.tar.gz)
- 本次使用的安装包下载,请评论“666”,我私信网盘分享给您,欢迎交流技术。
由于我们建立的是测试环境,所有的组件安装都在一台机器上完成。
安装前的准备
VMware安装教程:安装虚拟机(VMware)保姆级教程(附安装包)_vmware虚拟机-CSDN博客
VMware中安装win7教程:VMWare Workstation安装Windows7镜像(保姆级教程)_vmware安装win7 iso镜像文件-CSDN博客
WinPcap安装
:点击下一步默认安装就行。
Snort的安装和配置:默认安装就行
点击确认就行,提示安装成功了。
测试,在到第一张图片的路径下输入cmd。
在命令行内输入snort -W 出现以下结果证明安装成功。
解压snortrules-snapshot-2900.tar并将三个文件复制到snort路径下
修改snort.conf配置文件
用编辑器打开配置文件snort.conf,有行数好找,截图都是修改后的。
var RULE_PATH c:\snort\rules
var SO_RULE_PATH c:\snort\so_rules
var PREPROC_RULE_PATH c:\snort\preproc_rules
# path to dynamic preprocessor libraries
dynamicpreprocessor directory c:\snort\lib\snort_dynamicpreprocessor
# path to base preprocessor engine
dynamicengine c:\snort\lib\snort_dynamicengine\sf_engine.dll
preprocessor http_inspect: global iis_unicode_map c:\snort\etc\unicode.map 1252
output database: alert, mysql, user=snort password=snort dbname=snortdb host=localhost
include $RULE_PATH/snmp.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/info.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/virus.rules
include $RULE_PATH/chat.rules
include $RULE_PATH/multimedia.rules
include $RULE_PATH/p2p.rules
include $RULE_PATH/spyware-put.rules
include $RULE_PATH/specific-threats.rules
include $RULE_PATH/voip.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/bad-traffic.rules
# decoder and preprocessor event rules
include $PREPROC_RULE_PATH/preprocessor.rules
include $PREPROC_RULE_PATH/decoder.rules
# dynamic library rules
include $SO_RULE_PATH/bad-traffic.rules
include $SO_RULE_PATH/chat.rules
include $SO_RULE_PATH/dos.rules
include $SO_RULE_PATH/exploit.rules
include $SO_RULE_PATH/imap.rules
include $SO_RULE_PATH/misc.rules
include $SO_RULE_PATH/multimedia.rules
include $SO_RULE_PATH/netbios.rules
include $SO_RULE_PATH/nntp.rules
include $SO_RULE_PATH/p2p.rules
include $SO_RULE_PATH/smtp.rules
include $SO_RULE_PATH/sql.rules
include $SO_RULE_PATH/web-activex.rules
include $SO_RULE_PATH/web-client.rules
include $SO_RULE_PATH/web-misc.rules
AppServ安装和配置
一直点下一步
输入localhost出现下面界面则成功安装
输入cmd回车,命令行输入MySQL -u root -p
输入密码12345678
create database snortdb;
create database snortarc;
use snortdb;
source c:\snort\schemas\create_mysql
use snortarc;
source c:\snort\schemas\create_mysql
grant usage on *.* to "snort"@"localhost" identified by "snort";
grant select,insert,update,delete,create,alter on snortdb .* to "snort"@"localhost";
grant select,insert,update,delete,create,alter on snortarc .* to "snort"@"localhost";
set password for "snort"@"localhost"=password('snort');
配置base
将adodb465和base1.45 解压放到c盘
这些警告不用理会
这些警告不用理会
警告不用理会,直接看最下边这个
输入:c:\snort\bin\snort -i1 -dev -c c:\snort\etc\snort.conf -l c:\snort\log
出现下面报错
删除C:\Snort\lib\snort_dynamicpreprocessor目录下的sf_sdf.dll ,图片已经删除
再次输入:c:\snort\bin\snort -i1 -dev -c c:\snort\etc\snort.conf -l c:\snort\log
成功截图
查看自己ip
下载安装zenmap并扫描主机