參考文檔:
<a target="_blank" href="http://linux.chinaunix.net/bbs/viewthread.php?tid=896814&extra=&highlight=snort&page=1">http://linux.chinaunix.net/bbs/viewthread.php?tid=896814&extra=&highlight=snort&page=1</a>
<a target="_blank" href="http://www.snort.org/docs/setup_guides/Snort_Base_Minimal.pdf">http://www.snort.org/docs/setup_guides/Snort_Base_Minimal.pdf</a>
一.安裝apache mysql php with gd
環境:redhat as4
以前裝好的apache+mysql+php
因為php沒有支援gd,是以重新編譯 安裝
1.
下載下傳所需軟體包
……
2.
解壓安裝
tar –zxvf httpd-2.0.61.tar.gz
cd zlib-1.2.2
./configure
make
make install
cd freetype-2.1.10
./configure --prefix=/usr/local/freetype
cd libpng-1.2.8
cd jpeg-6b
mkdir /usr/local/jpeg
mkdir /usr/local/jpeg/bin
mkdir /usr/local/jpeg/lib
mkdir /usr/local/jpeg/include
mkdir /usr/local/jpeg/man
mkdir /usr/local/jpeg/man/man1
./configure --prefix=/usr/local/jpeg --enable-shared --enable-static
cd gd-2.0.33
./configure --prefix=/usr/local/gd /
--with-jpeg=/usr/local/jpeg /
--with-freetype=/usr/local/freetype /
--with-png /
--with-zlib
groupadd mysql
useradd -g mysql mysql
cd mysql-4.0.27
./configure --prefix=/usr/local/mysql
./scripts/mysql_install_db
chown -R root /usr/local/mysql/
chown -R mysql /usr/local/mysql/var/
chgrp -R mysql /usr/local/mysql/
cp support-files/my-medium.cnf /etc/my.cnf
啟動mysql
/usr/local/mysql/bin/mysqld_safe &
cd httpd-2.0.54
./configure --prefix=/usr/local/httpd /
--enable-so /
--with-mysql=/usr/local/mysqld /
--with-config-file-path=/usr/local/httpd/conf /
--enable-rewrite /
cd php-4.3.11
./configure --prefix=/usr/local/php /
--with-apxs2=/usr/local/httpd/bin/apxs /
--with-gd=/usr/local/gd /
--enable-gd /
--with-jpeg-dir=/usr/local/jpeg /
--with-zlib /
--with-freetype-dir=/usr/local/freetype /
--with-mysql=/usr/local/mysql /
--with-mysql-sock=/tmp/mysql.sock /
cp php.ini-dist /usr/local/httpd/conf/php.ini
編輯httpd.conf
找到或者添加
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php
編輯test.php
<?php phpinfo();?>
放到httpd.conf指定的文檔路徑下
啟動apache
通路http://位址/test.php 如果一切正常應該可以看到php資訊頁。
二.
安裝snort base
1.
安裝snort
tar -xvzf snort-2.8.0.1.tar.gz
cd snort-2.8.0.1
./configure --with-mysql --enable-dynamicplugin
groupadd snort
useradd -g snort snort –s /sbin/nologin
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort
cd etc/
注意是snort下的etc不是/etc
cp * /etc/snort
tar –xvzf snortrules-pr-2.4.tar.gz
cd to the rules dir and do the following command
cp * /etc/snort/rules
編輯snort.conf
var HOME_NET 10.0.0.0/24 (内網位址)
change “var RULE_PATH ../rules” to “var RULE_PATH /etc/snort/rules”
After the line that says
“preprocessor stream4_reassemble”
add a line that looks like
preprocessor stream4_reassemble: both,ports 21 23 25 53 80 110 111 139 143 445 513 1433
設定輸出
output database: log, mysql, user=snort password=test dbname=snort host=localhost
就上面這句
我在password前面多了一個空格 snort死活起動不了
折騰了半天。
Change directory to /etc/init.d and type:
chmod 755 snort
chkconfig snort on.
/usr/local/mysql/mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
>Query OK, 0 rows affected (0.25 sec)
mysql> create database snort;
>Query OK, 1 row affected (0.01 sec)
mysql> grant INSERT,SELECT on root.* to snort@localhost;
>Query OK, 0 rows affected (0.02 sec)
mysql> SET PASSWORD FOR snort@localhost=PASSWORD(test');
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
mysql> exit
>Bye
mysql -u root -p < /usr/local/snort-2.8.0.1/schemas/create_mysql snort
Enter password: the mysql root password
檢查
确定snort db 建立正确
mysql –u root -p
>Enter password:
mysql> SHOW DATABASES;
(You should see the following)
+------------+
| Database
| mysql
| Snort
| test
3 rows in set (0.00 sec)
mysql> use snort
>Database changed
mysql> SHOW TABLES;
+------------------+
| Tables_in_snort
Version 15 Page 10 of 19 Updated 8/17/2006 8:30 AM
| data
| detail
| encoding
| event
| icmphdr
| iphdr
| opt
| reference
| reference_system
| schema
| sensor
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
16 rows in set (0.00 sec)
exit;
3.
安裝base
pear install Image_Graph-alpha Image_Canvas-alpha Image_Color
Download ADODB
Download BASE
Installing ADODB:
cd /var/www/
tar -xvzf /root/snortinstall/adodb480.tgz
Installing and configuring BASE:
cd /var/www/html
tar –xvzf /root/snortinstall/base-1.2.6.tar.gz
mv base-1.2.6/ base/ (this renames the base-1.2.5 directory to just “base”)
Copy the base_conf.php.dist to base_conf.php
Edit the “base_conf.php” file and insert the following perimeters
$BASE_urlpath = "/base";
$DBlib_path = "/var/www/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "test";
/* Archive DB connection parameters */
$archive_exists = 0; # Set this to 1 if you have an archive DB
啟動snort
service snort start
用
ps –ef | grep httpd
ps –ef | grep mysql
檢查apapche mysql是否啟動。
安裝完之後 遇到了這樣幾個問題:
1.通路base 點選graph alert data 提示php不支援gd
解決過程 下載下傳所需軟體包
安裝以上軟體包
重新編譯安裝php
問題解決!
2.通路base 點選graph alert data 提示pear需要Image_graph支援
pear install Image_Color-1.0.2.tgz
install ok: Image_Color 1.0.2
pear install Image_Canvas-0.3.0.tgz
No handlers for pack.xml version 2.0
更新pear
1.pear upgrade pear
傳回:
upgrade ok: Structures_Graph 1.0.2
upgrade ok: Archive_Tar 1.3.2
requires package `PEAR' >= 1.3.3
PEAR: Dependencies failed
2.pear install -fa PEAR-1.3.5
install ok: PEAR 1.3.5
3.pear upgrade --force PEAR-1.4.11
upgrade ok: PEAR 1.4.11
4.pear upgrade-all
pear install Image_Canvas-0.3.1.tgz
install ok: channel://pear.php.net/Image_Canvas-0.3.1
安裝完之後 重試 提示錯誤資訊.在google下搜尋找到下面資訊:
The problem is with the function VerifyGraphingLib() in base_graph_common.php. It's looking for the folder/file: "Image/Graph.php" which does not exist.
I downloaded the most recent Pear Image Graph, created a folder "Image" in /var/www/html/base and placed Image Graph there (the root comes with Graph.php). Now, instead of the error message, I simply get a blank page. Any guesses?
根據上面提示 自己建立路徑:
cd /var/www/html/base
mkdir Image
拷貝 /usr/share/pear/Image下檔案至建立立的目錄下
重試 ,可以正常通路!
![Windows下配置Apache的SSL服務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)