参考文档:
<a target="_blank" href="http://linux.chinaunix.net/bbs/viewthread.php?tid=896814&extra=&highlight=snort&page=1">http://linux.chinaunix.net/bbs/viewthread.php?tid=896814&extra=&highlight=snort&page=1</a>
<a target="_blank" href="http://www.snort.org/docs/setup_guides/Snort_Base_Minimal.pdf">http://www.snort.org/docs/setup_guides/Snort_Base_Minimal.pdf</a>
一.安装apache mysql php with gd
环境:redhat as4
以前装好的apache+mysql+php
因为php没有支持gd,所以重新编译 安装
1.
下载所需软件包
……
2.
解压安装
tar –zxvf httpd-2.0.61.tar.gz
cd zlib-1.2.2
./configure
make
make install
cd freetype-2.1.10
./configure --prefix=/usr/local/freetype
cd libpng-1.2.8
cd jpeg-6b
mkdir /usr/local/jpeg
mkdir /usr/local/jpeg/bin
mkdir /usr/local/jpeg/lib
mkdir /usr/local/jpeg/include
mkdir /usr/local/jpeg/man
mkdir /usr/local/jpeg/man/man1
./configure --prefix=/usr/local/jpeg --enable-shared --enable-static
cd gd-2.0.33
./configure --prefix=/usr/local/gd /
--with-jpeg=/usr/local/jpeg /
--with-freetype=/usr/local/freetype /
--with-png /
--with-zlib
groupadd mysql
useradd -g mysql mysql
cd mysql-4.0.27
./configure --prefix=/usr/local/mysql
./scripts/mysql_install_db
chown -R root /usr/local/mysql/
chown -R mysql /usr/local/mysql/var/
chgrp -R mysql /usr/local/mysql/
cp support-files/my-medium.cnf /etc/my.cnf
启动mysql
/usr/local/mysql/bin/mysqld_safe &
cd httpd-2.0.54
./configure --prefix=/usr/local/httpd /
--enable-so /
--with-mysql=/usr/local/mysqld /
--with-config-file-path=/usr/local/httpd/conf /
--enable-rewrite /
cd php-4.3.11
./configure --prefix=/usr/local/php /
--with-apxs2=/usr/local/httpd/bin/apxs /
--with-gd=/usr/local/gd /
--enable-gd /
--with-jpeg-dir=/usr/local/jpeg /
--with-zlib /
--with-freetype-dir=/usr/local/freetype /
--with-mysql=/usr/local/mysql /
--with-mysql-sock=/tmp/mysql.sock /
cp php.ini-dist /usr/local/httpd/conf/php.ini
编辑httpd.conf
找到或者添加
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php
编辑test.php
<?php phpinfo();?>
放到httpd.conf指定的文档路径下
启动apache
访问http://地址/test.php 如果一切正常应该可以看到php信息页。
二.
安装snort base
1.
安装snort
tar -xvzf snort-2.8.0.1.tar.gz
cd snort-2.8.0.1
./configure --with-mysql --enable-dynamicplugin
groupadd snort
useradd -g snort snort –s /sbin/nologin
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort
cd etc/
注意是snort下的etc不是/etc
cp * /etc/snort
tar –xvzf snortrules-pr-2.4.tar.gz
cd to the rules dir and do the following command
cp * /etc/snort/rules
编辑snort.conf
var HOME_NET 10.0.0.0/24 (内网地址)
change “var RULE_PATH ../rules” to “var RULE_PATH /etc/snort/rules”
After the line that says
“preprocessor stream4_reassemble”
add a line that looks like
preprocessor stream4_reassemble: both,ports 21 23 25 53 80 110 111 139 143 445 513 1433
设置输出
output database: log, mysql, user=snort password=test dbname=snort host=localhost
就上面这句
我在password前面多了一个空格 snort死活起动不了
折腾了半天。
Change directory to /etc/init.d and type:
chmod 755 snort
chkconfig snort on.
/usr/local/mysql/mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
>Query OK, 0 rows affected (0.25 sec)
mysql> create database snort;
>Query OK, 1 row affected (0.01 sec)
mysql> grant INSERT,SELECT on root.* to snort@localhost;
>Query OK, 0 rows affected (0.02 sec)
mysql> SET PASSWORD FOR snort@localhost=PASSWORD(test');
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
mysql> exit
>Bye
mysql -u root -p < /usr/local/snort-2.8.0.1/schemas/create_mysql snort
Enter password: the mysql root password
检查
确定snort db 创建正确
mysql –u root -p
>Enter password:
mysql> SHOW DATABASES;
(You should see the following)
+------------+
| Database
| mysql
| Snort
| test
3 rows in set (0.00 sec)
mysql> use snort
>Database changed
mysql> SHOW TABLES;
+------------------+
| Tables_in_snort
Version 15 Page 10 of 19 Updated 8/17/2006 8:30 AM
| data
| detail
| encoding
| event
| icmphdr
| iphdr
| opt
| reference
| reference_system
| schema
| sensor
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
16 rows in set (0.00 sec)
exit;
3.
安装base
pear install Image_Graph-alpha Image_Canvas-alpha Image_Color
Download ADODB
Download BASE
Installing ADODB:
cd /var/www/
tar -xvzf /root/snortinstall/adodb480.tgz
Installing and configuring BASE:
cd /var/www/html
tar –xvzf /root/snortinstall/base-1.2.6.tar.gz
mv base-1.2.6/ base/ (this renames the base-1.2.5 directory to just “base”)
Copy the base_conf.php.dist to base_conf.php
Edit the “base_conf.php” file and insert the following perimeters
$BASE_urlpath = "/base";
$DBlib_path = "/var/www/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "test";
/* Archive DB connection parameters */
$archive_exists = 0; # Set this to 1 if you have an archive DB
启动snort
service snort start
用
ps –ef | grep httpd
ps –ef | grep mysql
检查apapche mysql是否启动。
安装完之后 遇到了这样几个问题:
1.访问base 点击graph alert data 提示php不支持gd
解决过程 下载所需软件包
安装以上软件包
重新编译安装php
问题解决!
2.访问base 点击graph alert data 提示pear需要Image_graph支持
pear install Image_Color-1.0.2.tgz
install ok: Image_Color 1.0.2
pear install Image_Canvas-0.3.0.tgz
No handlers for pack.xml version 2.0
升级pear
1.pear upgrade pear
返回:
upgrade ok: Structures_Graph 1.0.2
upgrade ok: Archive_Tar 1.3.2
requires package `PEAR' >= 1.3.3
PEAR: Dependencies failed
2.pear install -fa PEAR-1.3.5
install ok: PEAR 1.3.5
3.pear upgrade --force PEAR-1.4.11
upgrade ok: PEAR 1.4.11
4.pear upgrade-all
pear install Image_Canvas-0.3.1.tgz
install ok: channel://pear.php.net/Image_Canvas-0.3.1
安装完之后 重试 提示错误信息.在google下搜索找到下面信息:
The problem is with the function VerifyGraphingLib() in base_graph_common.php. It's looking for the folder/file: "Image/Graph.php" which does not exist.
I downloaded the most recent Pear Image Graph, created a folder "Image" in /var/www/html/base and placed Image Graph there (the root comes with Graph.php). Now, instead of the error message, I simply get a blank page. Any guesses?
根据上面提示 自己建立路径:
cd /var/www/html/base
mkdir Image
拷贝 /usr/share/pear/Image下文件至新建立的目录下
重试 ,可以正常访问!
![Windows下配置Apache的SSL服务[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)