用瀏覽器訪問http://IP_address/test.php,成功的話,出現(xiàn)一些 系統(tǒng),apache,php信息 5.安裝 Snort2.0 5.1建立snort配置文件和日。Linux 9系統(tǒng)下構(gòu)建小型入侵檢測系統(tǒng)( 二 )。" />

日本免费全黄少妇一区二区三区-高清无码一区二区三区四区-欧美中文字幕日韩在线观看-国产福利诱惑在线网站-国产中文字幕一区在线-亚洲欧美精品日韩一区-久久国产精品国产精品国产-国产精久久久久久一区二区三区-欧美亚洲国产精品久久久久

  1. 首頁 > 云知道 > >

Linux 9系統(tǒng)下構(gòu)建小型入侵檢測系統(tǒng)( 二 )

云知道


cd /www/htdocs
vi test.php
加入
lt;?php
hpinfo();
?>
用瀏覽器訪問http://IP_address/test.php,成功的話,出現(xiàn)一些
系統(tǒng),apache,php信息
5.安裝 Snort2.0
5.1建立snort配置文件和日志目錄
mkdir /etc/snort
mkdir /var/log/snort
tar -zxvf snort-2.x.x.tar.gz
cd snort-2.x.x
/configure --with-mysql=/usr/local/mysql
make
make install
5.2安裝規(guī)則和配置文件
cd rules (在snort安裝目錄下)
cp * /etc/snort
cd ./etc
cp snort.conf /etc/snort
cp *.config /etc/snort
5.3修改snort.conf(/etc/snort/snort.conf)
var HOME_NET 10.2.2.0/24 (修改為你的內(nèi)部網(wǎng)網(wǎng)絡(luò)地址,我的是
192.168.0.0/24)
var RULE_PATH ./rules 修改為 var RULE_PATH /etc/snort/
改變記錄日志數(shù)據(jù)庫:
output database: log, mysql, user=root password=your_password
dbname=snort host=localhost
5.4設(shè)置snort為自啟動:
在snort安裝目錄下
cd /contrib
cp S99snort /etc/init.d/snort
vi /etc/init.d/snort
修改snort如下:
CONFIG=/etc/snort/snort.conf
#SNORT_GID=nogroup (注釋掉)
#8194;$SNORT_PATH/snort -c ?$CONFIG -i ?$IFACE ?$OPTIONS
(去掉原文件中的 -g ?$SNORT_GID )
chmod 755 /etc/init.d/snort
cd /etc/rc3.d
ln -s /etc/init.d/snort S99snort
【Linux 9系統(tǒng)下構(gòu)建小型入侵檢測系統(tǒng)】ln -s /etc/init.d/snort K99snort
cd /etc/rc5.d
ln -s /etc/init.d/snort S99snort
ln -s /etc/init.d/snort K99snort
四.在mysql中建立數(shù)據(jù)庫
/usr/local/mysql/bin/mysql
mysql>SET PASSWORD FOR root@localhost=PASSWORD("your_password");
mysql>create database snort;
mysql>grant INSERT,SELECT on root.* to snort@localhost
mysql>quit;
進入snort安裝目錄:/usr/local/mysql/bin/mysql -p
gt;Enter password:
安裝DB表:(在contrib目錄)
zcat snortdb-extra.gz | /usr/local/mysql/bin/mysql -p snort
進入mysql數(shù)據(jù)庫,看看snort數(shù)據(jù)庫中的表:
/usr/local/mysql/bin/mysql -p
gt;Enter password:
mysql>show databases;
------------
| Database
------------
| mysql
| snort
| test
------------
3 rows in set (0.00 sec)
mysql>use snort;
mysql>show tables; 將會有這些:
------------------
| Tables_in_snort |
------------------
| data
| detail
| encoding
| event
| flags
| icmphdr
| iphdr
| opt
| protocols
| reference
| reference_system
| schema
| sensor
| services
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
------------------
19 rows in set (0.00 sec)
mysql>exit
五.安裝配置Web接口
安裝JPGraph1.11
cp jpgraph-1.11.tar.gz /www/htdocs
cd /www/htdocs
tar -xzvf jpgraph-1.xx.tar.gz
rm -rf jpgrap-1.xx.tar.gz
cd jpgraph-1.11
rm -rf README
rm -rf QPL.txt
安裝ADODB:
cp adodb330.tgz /www/htdocs/
cd /www/htdocs
tar -xzvf adodb330.tgz
rm -rf adodb330.tgz
安裝配置Acid:
cp acid-0.0.6b23.tar.gz /www/htdocs
cd /www/htdocs
tar -xvzf acid-0.9.6b23.tar.gz
rm -rf acid-0.9.6b23.tar.gz
cd /www/htodcs/acid/
編輯acid_conf.php,修改相關(guān)配置如下:
#8194;$DBlib_path = "/www/htdocs/adodb";
/* The type of underlying alert database
*
* MySQL : "mysql"
* PostgresSQL : "postgres"
* MS SQL Server : "mssql"
*/
#8194;$DBtype = "mysql";
/* Alert DB connection parameters
* - ?$alert_dbname : MySQL database name of Snort alert DB
* - ?$alert_host : host on which the DB is stored
* - ?$alert_port : port on which to access the DB
* - ?$alert_user : login to the database with this user

推薦閱讀