yum install httpd -y
yum install mysql-server mysql-devel -y
yum install -y php php-mysql php-adodb php-pear php-gd libtool php-imap php-ldap php-mbstring php-odbc php-pecl-apc
chkconfig --level 235 httpd on
chkconfig --level 235 mysqld on
/etc/init.d/httpd start
/etc/init.d/mysqld start
创建数据库及创建用户:
mysqladmin -uroot password '123456'
mysql -uroot -p123456
create database snort;
create user 'snort'@'localhost' identified by '123456';
grant select,insert,update,delete,create on snort.* to snort@localhost;
导入数据结构:
use snort;
source /home/tools/barnyard2-1.9/schemas/create_mysql;
yum install -y gcc gcc-c++ flex bison zlib zlib* libpcap* tcpdump git libtool curl man make prce prce-devel
3 安装snort
tar -xf libdnet-1.12.tgz
cd libdnet-1.12
./configure
make
make install
cd ..
tar -xf libpcap-1.0.0.tar.gz
cd libpcap-1.0.0
./configure
make
make install
cd ..
tar -xf daq-2.0.4.tar.gz
cd daq-2.0.4
./configure
make
make install
cd ..
tar -xf snort-2.9.7.0.tar.gz
cd snort
cd snort-2.9.7.0
./configure
make
make install
4 snort 配置
mkdir /etc/snort -p
cp /home/tools/snort-2.9.7.0/etc/* /etc/snort/
==========================
cd /etc/snort/
tar -xf /home/tools/snortrules-snapshot-2970.tar.gz -C ./
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules
groupadd -g 4000 snort
useradd snort -g 4000 -d /var/log/snort -s /sbin/nologin -c SNORT_IDS -g snort
chown -R snort.snort *
修改配置文件
vi /etc/snort/rules/local.rules
mkdir -p /usr/local/lib/snort_dynamicrules
chown -R snort.snort /usr/local/lib/snort_dynamicrules
chmod -R 755 /usr/local/lib/snort_dynamicrules
启动:
snort -i eth0 -c /etc/snort/snort.conf -A fast -l /var/log/snort/