在ubuntu9.04中安装Snort
Net 2009-10-09 10:24 阅读5 评论0 字号: 大大 中中 小小 1、
sudo apt-get install libpcap0.8-dev
sudo apt-get install libmysqlclient15-dev
sudo apt-get install mysql-client-5.0
sudo apt-get install mysql-server-5.0 -----密码admin
sudo apt-get install bison
sudo apt-get install flex
sudo apt-get install apache2
sudo apt-get install libapache2-mod-php5
sudo apt-get install php5-gd
sudo apt-get install php5-mysql
sudo apt-get install libphp-adodb
sudo apt-get install php-pear
2、
sudo -i
# Then your password
apt-get install libc6-dev g++ gcc
3、
cd /root
mkdir snorttmp
cd /root/snorttmp
wget http://dl.snort.org/snort-current/snort-2.8.5.tar.gz
tar -xzvf /root/snorttmp/snort-2.8.5.tar.gz
rm /root/snorttmp/snort-2.8.5.tar.gz
4、
cd /root/snorttmp/snort-2.8.5
wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz
tar -xzvf /root/snorttmp/snort-2.8.5/snortrules-pr-2.4.tar.gz
rm /root/snorttmp/snort-2.8.5/snortrules-pr-2.4.tar.gz
5、
cd /root/snorttmp
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz
tar -xzvf /root/snorttmp/pcre-7.4.tar.gz
rm /root/snorttmp/pcre-7.4.tar.gz
6、
cd /root/snorttmp
wget http://downloads.sourceforge.net/secureideas/base-1.3.8.tar.gz?modtime=1183896336&big_mirror=0
tar -xzvf /root/snorttmp/base-1.3.8.tar.gz
rm /root/snorttmp/base-1.3.8.tar.gz
7、
cd /root/snorttmp
wget http://downloads.sourceforge.net/adodb/adodb502a.tgz?modtime=1191343792&big_mirror=0
tar -xzvf /root/snorttmp/adodb502a.tgz
rm /root/snorttmp/adodb502a.tgz
ls /root/snorttmp
You should see the following folders,
adodb5
base-1.3.8
pcre-7.4
snort-2.8.5
8、
a. PCRE install.
cd /root/snorttmp/pcre-7.4
./configure
make
make install
b. Snort install.
cd /root/snorttmp/snort-2.8.5
Here we will do a make/install
./configure -enable-dynamicplugin --with-mysql
make
make install
9、
mkdir /etc/snort /etc/snort/rules /var/log/snort
cd /root/snorttmp/snort-2.8.5/rules
cp * /etc/snort/rules/
cd /root/snorttmp/snort-2.8.5/etc
cp * /etc/snort/
cp /usr/local/lib/libpcre.so.0 /usr/lib
10、
vim /etc/snort/snort.conf
Change "var HOME_NET any" to "var HOME_NET 192.168.1.0/24" (your home network may differ from 192.168.1.0)
Change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET" (this is stating everything except HOME_NET is external)
Change "var RULE_PATE ../rules" to "var RULE_PATH /etc/snort/rules"
Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.
Save and quit.
11、
mysql -u root -p
mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');
mysql> create database snort;
mysql> exit
mysql -D snort -u root -p < /root/snorttmp/snort-2.8.0/schemas/create_mysql
vim /etc/snort/rules/web-misc.rules
Comment out line's 97, 98, and 452 with a "#" (no quotes).
12、
snort -c /etc/snort/snort.conf
If everything went well you should see an ascii pig.
To end the test hit ctrl + c.
13、
vim /var/www/test.php
write in it:
<?php
phpinfo();
?>
vim /etc/php5/apache2/php.ini
You need to add the following under "Dynamic Extensions".
extension=mysql.so
extension=gd.so
/etc/init.d/apache2 restart
ifconfig -a
14、
mv /root/snorttmp/adodb5 /var/www/
mkdir /var/www/web
mv /root/snorttmp/base-1.3.8 /var/www/web/
chmod 757 /var/www/web/base-1.3.8
vim /var/www/web/base-1.3.8/setup/setup1.php
Find the line that says "base_header" and change it to "header".
Save and exit.
pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha
15、
Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/base-1.3.8/setup.
Click continue on the first page.
Step 1 of 5: Enter the path to ADODB.
This is /var/www/adodb5.
Step 2 of 5:
Database type = MySQL, Database name = snort, Database Host = localhost, Database username = root, Database Password =
YOUR_PASSWORD
Step 3 of 5: If you want to use authentication enter a username and password here.
Step 4 of 5: Click on Create BASE AG.
Step 5 of 5: one step 4 is done at the bottom click on Now continue to step 5.
Bookmark this page.
Change the permissions back on the /var/www/web/base-1.3.8 folder.
# chmod 775 /var/www/web/base-1.3.8
We are done. Congrats!!!
To start Snort in the terminal type:
# snort -c /etc/snort/snort.conf -i eth0 -D
This starts snort using eth0 interface in a daemon mode.
To make sure it is running you can check with the following command:
# ps aux | grep snort
If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.
If you would like to learn how to write your own Snort rules there is a guide at
http://www.snort.org/docs/snort_manual/node16.html.
Good luck.
分享到:
相关推荐
在ubuntu 9.04上安装VMWareTools步骤 上海嵌入式家园-开发板商城 联系人:贺工(嵌入式高级系统工程师) 电话: 13917077026 QQ: 844698468 MSN: embedclub@hotmail.com Email:embedclub@vip.qq.com 网址:...
SimpleScalar是一款经典的CPU模拟器,本文介绍了如何在Ubuntu9.04下安装SimpleScalar。安装中会出现许多问题,文中给出了解答。
此教程收录了各个论坛的精华帖子,绝对给你打造一个完美的Ubuntu
对于学习ubuntu 9.04的童鞋很有用滴
Ubuntu 9.04 ISPconfig设置
NULL 博文链接:https://beyondjhf-2008.iteye.com/blog/403046
新手windows下硬盘安装Ubuntu 9.04 新手windows下硬盘安装Ubuntu 9.04 新手windows下硬盘安装Ubuntu 9.04 新手windows下硬盘安装Ubuntu 9.04 新手windows下硬盘安装Ubuntu 9.04新手windows下硬盘安装Ubuntu 9.04 ...
ubuntu 9.04 安装配置优化全记录
NULL 博文链接:https://zywang.iteye.com/blog/407055
Ubuntu-9.04-1gb.7z,是colinux下的Ubuntu 9.04的镜像文件~
ubuntu9.04下的LAMP安装 ubuntu9.04下的LAMP安装 验证OK
ubuntu9.04上的中文输入法安装包(deb),scim.txt列出的各包顺序为安装顺序。ubuntu9.04上的中文输入法安装包(deb),scim.txt列出的各包顺序为安装顺序
Ubuntu9.04安装Oracle10G.doc
NULL 博文链接:https://yuanqixun.iteye.com/blog/427715
NULL 博文链接:https://chinaestone.iteye.com/blog/521674
OpenERP Installing Ubuntu9.04
这个资源是为了给大家提供更快的更新源而上传。其中包含了中科大的貌似最快的源。
教程名称:Ubuntu 9.04 Linux视频教程23讲课程目录:【】01_简介【】02_安装篇_CD【】03_安装篇_Live.USB【】04_安装篇_LiveUSB安装【】05_安装篇_wubi安装【】06_基本命令篇_目录结构【】07_基本命令篇_ls【】08_...
文档中详细说明了在ubuntu9.04中如何构建交叉编译链的过程。
对Ubuntu 9.04进行极其详细的介绍...