5.4设置snort为自启动：

　　在snort安装目录下

cd /contrib

cp S99snort /etc/init.d/snort

vi /etc/init.d/snort

　　修改snort如下：

CONFIG=/etc/snort/snort.conf

#SNORT_GID=nogroup (注释掉）

#8194;$SNORT_PATH/snort -c  $CONFIG -i  $IFACE  $OPTIONS

(去掉原文件中的 -g  $SNORT_GID )

chmod 755 /etc/init.d/snort

cd /etc/rc3.d

ln -s /etc/init.d/snort S99snort

ln -s /etc/init.d/snort K99snort

cd /etc/rc5.d

ln -s /etc/init.d/snort S99snort

ln -s /etc/init.d/snort K99snort四.在mysql中建立数据库

/usr/local/mysql/bin/mysql

mysql>SET PASSWORD FOR root@localhost=PASSWORD('your_password');

mysql>create database snort;

mysql>grant INSERT,SELECT on root.* to snort@localhost;

mysql>quit;

　　进入snort安装目录：

/usr/local/mysql/bin/mysql -p <./contrib/create_mysql snort

gt;Enter password:

　　安装DB表：(在contrib目录）

zcat snortdb-extra.gz | /usr/local/mysql/bin/mysql -p snort

　　进入mysql数据库，看看snort数据库中的表：

/usr/local/mysql/bin/mysql -p

gt;Enter password:

mysql>show databases;

+------------+

| Database

+------------+

| mysql

| snort

| test

+------------+

3 rows in set (0.00 sec)

mysql>use snort;

mysql>show tables; 将会有这些：

+------------------+

| Tables_in_snort |

+------------------+

| data

| detail

| encoding

| event

| flags

| icmphdr

| iphdr

| opt

| protocols

| reference

| reference_system

schema

| sensor

| services

| sig_class

| sig_reference

| signature

| tcphdr

| udphdr

+------------------+

19 rows in set (0.00 sec)

mysql>exit五.安装配置Web接口

　　安装JPGraph1.11

cp jpgraph-1.11.tar.gz /www/htdocs

cd /www/htdocs

tar -xzvf jpgraph-1.xx.tar.gz

rm -rf jpgrap-1.xx.tar.gz

cd jpgraph-1.11

rm -rf README

rm -rf QPL.txt

　　安装ADODB:

cp adodb330.tgz /www/htdocs/

cd /www/htdocs

tar -xzvf adodb330.tgz

rm -rf adodb330.tgz

　　安装配置Acid:

cp acid-0.0.6b23.tar.gz /www/htdocs

cd /www/htdocs

tar -xvzf acid-0.9.6b23.tar.gz

rm -rf acid-0.9.6b23.tar.gz

cd /www/htodcs/acid/编辑acid_conf.php,修改相关配置如下：

#8194;$DBlib_path = "/www/htdocs/adodb";

/* The type of underlying alert database

*

* MySQL : "mysql"

* PostgresSQL : "postgres"

* MS SQL Server : "mssql"

*/

#8194;$DBtype = "mysql";

/* Alert DB connection parameters

* -  $alert_dbname : MySQL database name of Snort alert DB

* -  $alert_host : host on which the DB is stored

* -  $alert_port : port on which to access the DB

* -  $alert_user : login to the database with this user

* -  $alert_password : password of the DB user

*

* This information can be gleaned from the Snort database

* output plugin configuration.

*/

#8194;$alert_dbname = "snort";

#8194;$alert_host = "localhost";

#8194;$alert_port = "";

#8194;$alert_user = "root";

#8194;$alert_password = "Your_Password";

/* Archive DB connection parameters */

#8194;$archive_dbname = "snort";

#8194;$archive_host = "localhost";

#8194;$archive_port = "";

#8194;$archive_user = "root";

#8194;$archive_password = "Your_Password ";

And a little further down

#8194;$ChartLib_path = "/www/htdocs/jpgraph-1.11/src";

/* File format of charts ('png', 'jpeg', 'gif') */

#8194;$chart_file_format = "png";

　　进入web界面： http://yourhost/acid/acid_main.php ,点"Setup Page"链接 ->Create Acid AG ,访问http://yourhost/acid将会看到ACID界面。

六.测试系统

　　重启系统或者直接启动相关后台程序：

/etc/init.d/mysql restart

/etc/init.d/snort start

/etc/init.d/httpd start

　　利用nmap,nessus,CIS或者X-scan对系统进行扫描，产生告警纪录。

　　http://yourhost/acid 察看纪录。

　　至此，一个功能强大的IDS配置完毕。各位可以利用web界面 远程登陆，监控主机所处局域网，同时安装phpMyAdmin对mysql 数据库进行操控。

上一页  [1] [2]