注册
个人空间
$DBlib_path = "/usr/local/share/adodb"; //删除原来的行,12行左右
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "3306";
$alert_user = "snort";
$alert_password = "123456";
修改:
$ChartLib_path = "/usr/local/share/jpgraph"
$portscan_file = "/var/log/snort/portscan.log"
保存
15)配置apache
mkdir /usr/local/etc/apache/conf
htpasswd –c /usr/local/etc/apache/conf/passwordAcid admin
htpasswd /usr/local/etc/apache/conf/passwordAcid IDS01
vi /usr/local/etc/apache/httpd.conf
检查是否有:
LoadModule php4_module libexec/apache/libphp4.so
AddModule mod_php4.c
修改:
DocumentRoot "/usr/local/www/"
<Directory "/usr/local/www/">
AuthType Basic
AuthName "Snort Main Console WELCOME…….."
AuthUserFile /usr/local/etc/apache/conf/passwordAcid
require valid-user
Options Indexes FollowSymLinks MultiViews
添加:
AddType application/x-httpd-php /php
AddType application/x-httpd-php-source .phps
16)配置host表
ee /etc/hosts
127.0.0.1 localhost localhost.my.domain -> 127.0.0.1 localhost database database.domain.com
vi /etc/resolv.conf
添加:
search localhost
nameserver 10.5.1.1
保存
17)安装snort2.6.0
cd /usr/ports/net/libpcap && make install clean
fetch http://www.snort.org/dl/current/snort-2.6.0.tar.gz
tar zxvf snort-2.6.0.tar.gz
cd snort-2.6.0
./configure --with-mysql --enable-rulestate --enable-flexresp --with-libnet-includes=/usr/local/include --with-libnet-libraries=/usr/local/lib --enable-dynamicplugin --enable-inline --enable-ipfw --enable-react --prefix=/usr/local/snort2.6
make && make install
安装完成
vi /usr/local/etc/snort.conf
var HOME_NET any -> var HOME_NET 10.5.3.0/24
添加:
output database: log, mysql, user=root password=123456 dbname=snort host=localhost
打开所有的rules:
include $RULE_PATH/local.rules
...
include $RULE_PATH/nntp.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/porn.rules
include $RULE_PATH/info.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/virus.rules
include $RULE_PATH/chat.rules
include $RULE_PATH/multimedia.rules
include $RULE_PATH/p2p.rules
include $RULE_PATH/experimental.rules
修改rules的路径:
var RULE_PATH /usr/local/etc/snort_rules/
| 论坛热门帖子: | [lch203] 写得蛮好的linux学习笔记(10-21) [黑马制造] 学习java的30个目标(10-19) [笑傲股林] 做测试半年了,有点迷茫,应该再学些什么提高自己的测试水平和测试能力呢?(10-19) [udp8589] 大家用google的来吱一声? 用百度的~~也来报道下?(10-18) [沂偌掳兆] 本人总结的一些认为C++比较经典的书籍,希望对大家有用(10-18) |
| TAG标签: | 全文 网络 架构 攻击 安装 数据 服务器 echo 保存 include |
