<b>snort </b><b>安裝指南</b>
<b>一. 準備</b>
1.安裝 apache, mysql(我是安裝在 /opt 目錄下的,略)
2.安裝 php
1). 安裝 zlib
./configure --prefix=/opt/zlib-<ver> <b>--shared</b>
<b> </b> make && make install
2). 安裝 gd
a. 安裝 libpng
b. 安裝 jpeg
./configure --prefix=/opt/jpeg-<ver> <b>--enable-shared</b>
make && make test
(if 'make' says it can't find ./libtool, then modify LIBTOOL=./libtool to LIBTOOL=/usr/bin/libtool in Makefile)
mkdir -p /opt/jpeg-<ver>/bin /opt/jpeg-<ver>/man/man1 \
/opt/jpeg-<ver>/include /opt/jpeg-<ver>/lib
# 我不知道,為什麼會這樣:jpeg 的 make install
# 不會自動建立上述目錄。
make install && make install-lib && make install-headers
# export PATH=/opt/libpng-<ver>/bin:$PATH
# CPPFLAGS=-I/opt/libpng-<ver>/include ./configure
--prefix=/opt/gd-<ver> \
--with-png=/opt/libpng-<ver> \
--with-jpeg=/opt/jpeg-<ver>
3). 安裝 php
下載下傳并安裝 MySQL-shared-community ([url]www.mysql.com[/url])
# cp /usr/lib64/libmysqlclient_r.so* /opt/mysql/lib/mysql/
# ./configure --prefix=/opt/php-5.2.2 \
--with-apxs2=/opt/apache2/bin/apxs \
--with-mysql=/opt/mysql \
--with-gd=/opt/gd-<ver> \
--with-jpeg-dir=/opt/jpeg-<ver> \
--with-png-dir=/opt/libpng-<ver> \
--with-zlib-dir=/opt/zlib-<ver> \
--enable-sockets \
--enable-url-includes \
--enable-track-vars
添加下面兩行到 httpd.conf:
# LoadModule foo foo.so(如果 httpd.conf 已經包含
# LoadModule 語句,則不需要該行)
AddType application/x-httpd-php .php
# make && make test && make install
# cp php.ini-dist /opt/php-<ver>/lib/php.ini
修改 php.ini: mysql.sock=/tmp/mysql.sock(根據 MySQL
的安裝配置設定mysql.sock)
# echo "<? phpinfo(); ?>" > /opt/apache2/htdocs/test.php
檢查是否能夠正常浏覽 test.php
4). 安裝 pcre
5). 安裝 libdnet
6). 安裝 libnet
<b>二.安裝和配置 snort</b>
1. 安裝
# export PATH=/opt/libdnet-<ver>/bin:/opt/\
libnet-<ver>/bin:$PATH
# ./configure --prefix=/opt/snort-2.6.1.4 \
--with-mysql=/opt/mysql \
--with-libpcre-includes=/opt/pcre-<ver>/include \
--with-libpcre-libraries=/opt/pcre-<ver>/lib \
--with-dnet-includes=/opt/libdnet-<ver>/include \
--with-dnet-libraries=/opt/libdnet-<ver>/lib \
--with-libnet-includes=/opt/libnet-<ver>/include/ \
--with-libnet-libraries=/opt/libnet-<ver>/lib \
--enable-gre \
--enable-flexresp2 \
--enable-react \
--enable-dynamicplugin
建立 snort 使用者及相關目錄
# groupadd snort
# useradd -g snort snort -s /sbin/nologin
# mkdir /etc/snort
# mkdir /etc/snort/rules
# mkdir /var/log/snort
# cd etc/
# cp * /etc/snort
下載下傳并安裝 rules
# tar -zxvf snortrules-snapshot-CURRENT.tar.gz
# cd rules
# cp * /etc/snort/rules/
2. 配置
修改 /etc/snort/snort.conf
var HOME_NET
var EXTERNAL_NET !$HOME_NET
preprocessor stream4_reassemble
preprocessor stream4_reassemble: both,ports 21 23 25
53 80 110 111 139 143 445 513 1433
output database: log, mysql, user=snort password=<the password you gave it> dbname=snort host=localhost
配置自動啟動
# cd /etc/init.d
# wget [url]http://internetsecurityguru.com/snortinit/snort[/url]
# chmod 755 snort
# chkconfig snort on.
配置 MySQL
mysql>create database snort;
mysql>grant insert,select on root.* to snort@localhost;
('pwforsnort');
mysql>grant create,insert,select,delete,update on snort.*
to snort@localhost;
to snort;
mysql -u admin -p < /opt/software/snort/snort-
2.6.1.4/schemas/create_mysql snort
mysql>show databases;
mysql>use snort;
mysql>show tables;
<b>三.安裝 BASE</b>
1. 安裝 PEAR 軟體包
修改 php.ini: "include_path=.:/opt/php-<ver>/lib/php"
從 pear.php.net 下載下傳下面的三個包: Image_Canvas Image_Color
Image_Graph
安裝包:# pear install Image*
2. 安裝 ADODB
從 sf.net 上下載下傳
# mv adodb<ver>.tgz /opt/apache2/htdocs/
# tar -zxvf adodb<ver>.tgz
3. 安裝 BASE
# mv base-<ver> /opt/apache2/htdocs/base
# cp base/base_config.php.dist base/base_config.php
修改 base_config.php
$BASE_urlpath = "/base";
$DBlib_path = "/var/www/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "password_from_snort_conf";
4. 初始化 BASE
點選 “setup page” 連結,在 “setup page” 上
點選 “setup BASE AG”
5. 提示: /etc/snort/snort.conf 檔案中的 /usr/local/lib... 可能會
引起問題,如果那樣,修改這些
/usr/local/lib... 為正确的路徑即可
<b>四.安裝 oinkmaster </b>(以自動更新 rules)
# mkdir –p /opt/oinkmaster-<ver>/etc \
/opt/oinkmaster-<ver>/bin /etc/snort/backup
# chown -R snort:snort /etc/snort/rules /etc/snort/backup
# cp oinkmaster-<ver>/oinkmaster.pl /opt/oinkmaster-<ver>/bin/
# cp oinkmaster-<ver>/contrib/*.pl /opt/oinkmaster-<ver>/bin/
# cp oinkmaster-<ver>/oinkmaster.conf /opt/oinkmaster-<ver>/etc/
添加如下行到 oinkmaster.conf:
comm_rules/Community-Rules-CURRENT.tar.gz
url = [url]http://www.bleedingsnort.com/bleeding.rules.tar.gz[/url]
# cd /etc
# /opt/oinkmaster-<ver>/bin/makesidex.pl \
/etc/snort/rules > autodisable.conf
建立腳本 oinkdaily 并加入到 crontab
# cat /opt/oinkmaster/bin/oinkdaily
#!/bin/bash
#
/opt/oinkmaster-<ver>/bin/oinkmaster.pl \
-C /opt/oinkmaster-<ver>/etc/oinkmaster.conf \
-C /etc/autodisable.conf -o /etc/snort/rules \
-b /etc/snort/backup 2>&1 \
| mail -s "oinkmaster" [email][email protected][/email]
# crontab -u snort -e
30 5 * * * /opt/ oinkmaster-<ver>/bin/oinkdaily
修改 /etc/resolv.conf 和 iptables 以便 crontab 能夠發郵件到
注:對于很簡單的軟體安裝,./configure & make & make install 就可以搞定
的,沒有寫出詳細的步驟。
本文轉自zkjian517 51CTO部落格,原文連結:http://blog.51cto.com/zoukejian/56527
![SQL語言基礎:常用的資料查詢語句[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)