在ubuntu9.04中安装Snort -

sanying123

浏览: 16240 次
性别:
来自: 北京

最近访客更多访客>>

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

在ubuntu9.04中安装Snort

MySQL vim PHP Web .net

在ubuntu9.04中安装Snort

Net 2009-10-09 10:24 阅读5 评论0 字号：大大中中小小 1、
sudo apt-get install libpcap0.8-dev
sudo apt-get install libmysqlclient15-dev
sudo apt-get install mysql-client-5.0
sudo apt-get install mysql-server-5.0 -----密码admin
sudo apt-get install bison
sudo apt-get install flex
sudo apt-get install apache2
sudo apt-get install libapache2-mod-php5
sudo apt-get install php5-gd
sudo apt-get install php5-mysql
sudo apt-get install libphp-adodb
sudo apt-get install php-pear

2、
sudo -i
# Then your password
apt-get install libc6-dev g++ gcc

3、
cd /root
mkdir snorttmp
cd /root/snorttmp
wget http://dl.snort.org/snort-current/snort-2.8.5.tar.gz
tar -xzvf /root/snorttmp/snort-2.8.5.tar.gz
rm /root/snorttmp/snort-2.8.5.tar.gz

4、
cd /root/snorttmp/snort-2.8.5
wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz
tar -xzvf /root/snorttmp/snort-2.8.5/snortrules-pr-2.4.tar.gz
rm /root/snorttmp/snort-2.8.5/snortrules-pr-2.4.tar.gz

5、
cd /root/snorttmp
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz
tar -xzvf /root/snorttmp/pcre-7.4.tar.gz
rm /root/snorttmp/pcre-7.4.tar.gz

6、
cd /root/snorttmp
wget http://downloads.sourceforge.net/secureideas/base-1.3.8.tar.gz?modtime=1183896336&big_mirror=0
tar -xzvf /root/snorttmp/base-1.3.8.tar.gz
rm /root/snorttmp/base-1.3.8.tar.gz

7、
cd /root/snorttmp
wget http://downloads.sourceforge.net/adodb/adodb502a.tgz?modtime=1191343792&big_mirror=0
tar -xzvf /root/snorttmp/adodb502a.tgz
rm /root/snorttmp/adodb502a.tgz
ls /root/snorttmp

You should see the following folders,
adodb5
base-1.3.8
pcre-7.4
snort-2.8.5

8、
a. PCRE install.

cd /root/snorttmp/pcre-7.4
./configure
make
make install

b. Snort install.
cd /root/snorttmp/snort-2.8.5
Here we will do a make/install
./configure -enable-dynamicplugin --with-mysql
make
make install

9、
mkdir /etc/snort /etc/snort/rules /var/log/snort
cd /root/snorttmp/snort-2.8.5/rules
cp * /etc/snort/rules/

cd /root/snorttmp/snort-2.8.5/etc
cp * /etc/snort/

cp /usr/local/lib/libpcre.so.0 /usr/lib

10、
vim /etc/snort/snort.conf
Change "var HOME_NET any" to "var HOME_NET 192.168.1.0/24" (your home network may differ from 192.168.1.0)
Change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET" (this is stating everything except HOME_NET is external)
Change "var RULE_PATE ../rules" to "var RULE_PATH /etc/snort/rules"

Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.
Save and quit.

11、
mysql -u root -p
mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');
mysql> create database snort;
mysql> exit
mysql -D snort -u root -p < /root/snorttmp/snort-2.8.0/schemas/create_mysql
vim /etc/snort/rules/web-misc.rules
Comment out line's 97, 98, and 452 with a "#" (no quotes).

12、
snort -c /etc/snort/snort.conf
If everything went well you should see an ascii pig.

To end the test hit ctrl + c.

13、
vim /var/www/test.php
write in it:
<?php
phpinfo();
?>

vim /etc/php5/apache2/php.ini
You need to add the following under "Dynamic Extensions".

extension=mysql.so
extension=gd.so

/etc/init.d/apache2 restart
ifconfig -a

14、
mv /root/snorttmp/adodb5 /var/www/
mkdir /var/www/web
mv /root/snorttmp/base-1.3.8 /var/www/web/
chmod 757 /var/www/web/base-1.3.8
vim /var/www/web/base-1.3.8/setup/setup1.php
Find the line that says "base_header" and change it to "header".

Save and exit.

pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha

15、
Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/base-1.3.8/setup.

Click continue on the first page.

Step 1 of 5: Enter the path to ADODB.
This is /var/www/adodb5.
Step 2 of 5:
Database type = MySQL, Database name = snort, Database Host = localhost, Database username = root, Database Password =

YOUR_PASSWORD
Step 3 of 5: If you want to use authentication enter a username and password here.
Step 4 of 5: Click on Create BASE AG.
Step 5 of 5: one step 4 is done at the bottom click on Now continue to step 5.
Bookmark this page.

Change the permissions back on the /var/www/web/base-1.3.8 folder.

# chmod 775 /var/www/web/base-1.3.8

We are done. Congrats!!!
To start Snort in the terminal type:

# snort -c /etc/snort/snort.conf -i eth0 -D

This starts snort using eth0 interface in a daemon mode.

To make sure it is running you can check with the following command:

# ps aux | grep snort

If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.

If you would like to learn how to write your own Snort rules there is a guide at

http://www.snort.org/docs/snort_manual/node16.html.
Good luck.

分享到：