1、首页 网络知识 网络安全 在 RedHat9上构建小型的入侵检测系统 日期:2005-9-14 浏览次数:作者:Patrick S.Harper 出处:赛迪网Snort+Apache+PHP4+MySQL+Acid 一.系统平台 Redhat9.0发行版, 安装 gcc 及相关库文件,建议不要安装 Apache,PHP,MySQL,我们将用源码编译安装。基于安全方面的 考虑,可以设置一下 iptables只允许 SSH和 WWW访问。 二.软件 MySQL4.0.12 http:/mysql.secsup.org Snort2.0.0 http:/www.snort.org Apache2.
2、0.45 http:/www.apache.org PHP4.3.1 http:/ ADODBv3.30 http:/ Acid0.9.6b23 http:/ Zlib1.1.4 http:/ JPGraph1.11 http:/ LibPcap0.7.2 http:/www.tcpdump.org 建议到这个站点下载 http:/ 也可以到 http:/下载相关的 xx.src.rpm编译安装。如若安装了 rpm包,可以强行将其反安装 rpm -e -nodeps xx.xx 三.安装(建议将所有的包文件考到同一目录) 1.安装 zlib1.1.4 tar -xzvf zlib-xx.tar
3、.gz cd zlib-xx ./configure;make test make install cd . 2.安装 LibPcap0.7.2 tar -xzvf libpcap.tar.gz cd libpcap-xx ./configure make make install cd . 3.安装 MySQL4.0.12 3.1创建 mysql组和 mysql用户 groupadd mysql useradd -g mysql mysql 修改/root 下的.bash_profile 的这一行: $HOME/bin 为 $PATH: PATH= $HOME/bin:/usr/local/
4、mysql/bin $PATH: PATH= 3.2安装 mysql tar -xzvf mysql-xx.tar.gz cd mysql-xx ./configure -prefix=/usr/local/mysql make make install cd scripts ./mysql_install_db chown -R root /usr/local/mysql chown -R mysql /usr/local/mysql/var chgrp -R mysql /usr/local/mysql cd ./support-files/my-f /etc/f 向/etc/ld.so.
5、conf 中加入两行:/usr/local/mysql/lib/mysql /usr/local/lib 载入库,执行 ldconfig v3.3测试 mysql是否工作: cd /usr/local/mysql/bin/ ./mysqld_safe -user=mysql?php hpinfo(); ? 用浏览器访问 http:/IP_address/test.php,成功的话,出现一些系统,apache,php信息5.安装 Snort2.0 5.1建立 snort配置文件和日志目录 mkdir /etc/snort mkdir /var/log/snort tar -zxvf snort-
6、2.x.x.tar.gz cd snort-2.x.x ./configure -with-mysql=/usr/local/mysql make make install 5.2安装规则和配置文件 cd rules (在 snort安装目录下) cp * /etc/snort cd ./etc cp snort.conf /etc/snort cp *.config /etc/snort 5.3修改 snort.conf(/etc/snort/snort.conf) var HOME_NET 10.2.2.0/24 (修改为你的内部网网络地址,我的是 192.168.0.0/24) var
7、RULE_PATH ./rules 修改为 var RULE_PATH /etc/snort/ 改变记录日志数据库: output database: log, mysql, user=root password=your_password dbname=snort host=localhost 5.4设置 snort为自启动: 在 snort安装目录下 cd /contrib cp S99snort /etc/init.d/snort vi /etc/init.d/snort 修改 snort如下: CONFIG=/etc/snort/snort.conf #SNORT_GID=nogrou
8、p (注释掉) $CONFIG -i #8194;$SNORT_PATH/snort -c $OPTIONS $IFACE $SNORT_GID ) (去掉原文件中的 -g chmod 755 /etc/init.d/snort cd /etc/rc3.d ln -s /etc/init.d/snort S99snort ln -s /etc/init.d/snort K99snort cd /etc/rc5.d ln -s /etc/init.d/snort S99snortln -s /etc/init.d/snort K99snort四.在 mysql中建立数据库 /usr/local/
9、mysql/bin/mysql mysqlSET PASSWORD FOR rootlocalhost=PASSWORD(your_password); mysqlcreate database snort; mysqlgrant INSERT,SELECT on root.* to snortlocalhost; mysqlquit; 进入 snort安装目录:/usr/local/mysql/bin/mysql -p show databases; +-+ | Database +-+ | mysql | snort | test +-+ 3 rows in set (0.00 sec)
10、mysqluse snort; mysqlshow tables; 将会有这些: +-+ | Tables_in_snort | +-+ | data | detail | encoding | event | flags | icmphdr | iphdr | opt | protocols | reference | reference_system schema | sensor | services | sig_class | sig_reference | signature | tcphdr | udphdr +-+ 19 rows in set (0.00 sec) mysqlexit五.安装配置 Web接口 安装 JPGraph1.11 cp jpgraph-1.11.tar.gz /www/htdocs cd /www/htdocs tar -xzvf jpgraph-1.xx.tar.gz rm -rf jpgrap-1.xx.tar.gz cd jpgraph-1.11 rm -rf README
