2006-03-23
          
		
		by?linghood? 
          ? 
          一、運(yùn)行環(huán)境 

          1.平臺(tái): 

          Fedora?Core?4?(IP?Address:?192.168.1.101) 

          2.所需軟件: 

          報(bào)警+數(shù)據(jù)庫(kù): 
          snort-2.4.0.tar.gz 
          snortrules-pr-2.4.tar.gz?(snortrules?for?v2.4?unregistered?user?release) 
          mysql-standard-4.1.13-pc-linux-gnu-i686.tar.gz 
          create_mysql(script) 

          客戶端顯示: 
          apache_1.3.29.tar.gz 
          mod_ssl-2.8.16-1.3.29.tar.gz 
          php-4.4.0.tar.gz 
          acid-0.9.6b23.tar.gz 
          adodb465.tgz 
          jpgraph-1.19.tar.gz 

          輔助管理工具: 
          webmin-1.220-1.noarch.rpm 
          Net_SSLeay.pm-1.21.tar.gz 
          snort-1.0.wbm(snort's?webmin?plugin) 

          3.軟件下載地址 

          snort-2.4.0.tar.gz(http://www.snort.org) 
          snortrules-pr-2.4.tar.gz(http://www.snort.org) 
          mysql-standard-4.1.13-pc-linux-gnu-i686.tar.gz(http://www.mysql.com) 
          create_mysql?script(http://cvs.sourceforge.net/viewcvs.py/snort/snort/contrib/) 

          apache_1.3.29.tar.gz(http://www.apache.org) 
          mod_ssl-2.8.16-1.3.29.tar.gz(http://www.modssl.org) 
          php-4.4.0.tar.gz(http://www.php.net) 
          acid-0.9.6b23.tar.gz(http://acidlab.sourceforge.net) 
          adodb465.tgz(http://adodb.sourceforge.net/) 
          jpgraph-1.19.tar.gz(http://www.aditus.nu/jpgraph/index.php) 

          webmin-1.220-1.noarch.rpm(http://www.webmin.com/) 
          Net_SSLeay.pm-1.21.tar.gz(http://symlabs.com/Net_SSLeay/) 
          snort-1.0.wbm?(http://www.snort.org/dl/contrib/front_ends/webmin_plugin/) 

          二、安裝 

          1.準(zhǔn)備 

          ssh?root登錄FC4,將上述所需文件拷貝至/home 

          2.安裝mysql 

          #?groupadd?mysql 
          #?useradd?-g?mysql?mysql 
          #?cd?/home 
          #?tar?-vxzf?mysql-standard-4.1.14-pc-linux-gnu-i686.tar.gz 
          #?mv?mysql-standard-4.1.14-pc-linux-gnu-i686?/usr/local/mysql 
          #?cd?/usr/local/mysql 
          #?chown?-R?root??. 
          #?chown?-R?mysql?data 
          #?chgrp?-R?mysql?. 
          #?scripts/mysql_install_db?--user=mysql 
          #?/usr/local/mysql/support-files/mysql.server?start 

          3.創(chuàng)建snort數(shù)據(jù)庫(kù) 

          #?/usr/local/mysql/bin/mysql 
          mysql>; 
          mysql>;set?password?for?'root'@'localhost'=password('linghood'); 
          mysql>;create?database?snort; 

          #?/usr/local/mysql/bin/mysql?-u?root?-p 
          mysql>;connect?snort; 
          mysql>;source?/home/create_mysql;?//指定create_mysql腳本的路徑 
          mysql>;grant?CREATE,INSERT,SELECT,DELETE,UPDATE?on?snort.*?to?snort; 
          mysql>;grant?CREATE,INSERT,SELECT,DELETE,UPDATE?on?snort.*?to?snort@localhost; 
          mysql>;connect?mysql; 
          mysql>;set?password?for?'snort'@'localhost'=password('linghoodids'); 
          mysql>;set?password?for?'snort'@'%'=password('linghoodids'); 
          mysql>;flush?privileges; 


          4.安裝并啟動(dòng)snort 


          #?cd/home 
          #?tar?-vxzf?snort-2.4.0.tar.gz 
          #?mv?snort-2.4.0?/usr/local/snort 
          #?cd?/usr/local/snort 
          #?./configure?--with-mysql=/usr/local/mysql 
          #?make 
          #?make?install 

          #?mkdir?/var/snort 
          #?mkdir?/var/log/snort 
          #?mkdir?/etc/snort(存放rules) 

          #?cd?/home 
          #?tar?-vxzf?snortrules-pr-2.4.tar.gz 
          #?mv?rules?/etc/snort 
          #?mv?doc?/etc/snort 


          修改/etc/snort/rules/snort.conf: 
          (1)將var?RULE_PATH?../rules一行注釋掉 
          (2)增加output?database:?log,?mysql,?user=snort?password=linghoodids?dbname=snort?host=localhost 
          (3)修改include部分 
          ???include?$RULE_PATH/bad-traffic.rules??->;??include?bad-traffic.rules? 
          ???(and?so?on...) 

          啟動(dòng)snort(example): 
          #?snort?-d?-D?-c?/etc/snort/rules/snort.conf 


          5.安裝apache+mod_ssl 

          #?cd?/home 
          #?tar?-vxzf?apache_1.3.29.tar.gz 
          #?tar?-vxzf?mod_ssl-2.8.16-1.3.29.tar.gz 

          #?cd?mod_ssl-2.8.16-1.3.29 
          #?./configure?--with-apache=../apache_1.3.29 

          #?cd?../apache_1.3.29? 
          #?SSL_BASE=SYSTEM?\ 
          ??./configure?\ 
          ??????--prefix=/usr/local/apache?\ 
          ??????--enable-module=ssl?\ 
          ??????--enable-module=so?\ 
          ??????--enable-module=rewrite? 
          ?????? 
          #?make 
          #?make?certificate 
          #?make?install 


          6.安裝PHP 

          #?cd?/home 
          #?tar?-vxzf?php-4.4.0.tar.gz 
          #?cd?php-4.4.0 
          #?CFLAGS="-DEAPI?-fPIC"?\ 
          ??./configure?\ 
          ??????--prefix=/usr/local/php?\ 
          ??????--with-mysql=/usr/local/mysql?\ 
          ??????--with-apxs=/usr/local/apache/bin/apxs?\ 
          ??????--with-gd 
          ??????--with-zlib 
          ??????--enable-sockets 
          #?make 
          #?make?install 

          注:mod_ssl?uses?Apache's?EAPI,?so?you?need?compile?PHP?with?-DEAPI. 


          7.安裝acid+adodb+jpgraph 

          解壓acid-0.9.6b23.tar.gz,adodb465.tgz,gd-2.0.33.tar.gz,jpgraph-1.19.tar.gz 
          并拷貝到/var/www/html(去掉目錄名中的版本號(hào)) 

          #?vi?/var/www/html/acid/acid_conf.php 
          修改以下內(nèi)容: 
          $DBlib_path="../adodb";? 
          $alert_dbname="snort";? 
          $alert_user="snort";? 
          $alert_password="linghoodids";? 
          $Chartlib_path="../jpgraph/src"; 


          8.修改selinux配置及apache配置 

          #?vi?/etc/selinux/config 
          ?? 
          ????SELINUX=disabled 
          ????(否則會(huì)導(dǎo)致libphp4.so?segment?fault) 

          #?vi?/usr/local/apache/conf/httpd.conf 

          ????ServerName?192.168.1.101? 
          ????DocumentRoot?"/var/www/html" 
          ???? 
          ????AddType?application/x-httpd-php?.php 
          ????AddType?application/x-httpd-php-source?.phps 

          ????## 
          ????##?SSL?Virtual?Host?Context 
          ????## 
          ???? 
          ????#??General?setup?for?the?virtual?host 
          ????DocumentRoot?"/var/www/html" 
          ????ServerName?192.168.1.101 
          ? 

          注:不要忘記配置firewall允許https. 

          9.配置自啟動(dòng)并重啟計(jì)算機(jī) 

          #?vi?/etc/rc.d/rc.local 

          ????#start?mysqld 
          ????/usr/local/mysql/support-files/mysql.server?start 
          ????#start?httpd 
          ????/usr/local/apache/bin/apachectl?startssl 
          ????#start?snort 
          ????/usr/local/bin/snort?-d?-D?-c?/etc/snort/rules/snort.conf 

          #?reboot 


          10.測(cè)試連接acid和初始化 

          https://192.168.1.101/acid?or?http://192.168.1.101/acid 

          Click?"Setup?page"?to?"Create?ACID?AG" 

          到現(xiàn)在為止,Snort+mysql+Apache(with?mod_ssl)+php+ACID已經(jīng)可以正常工作了。 


          11.輔助管理工具(圖形界面管理snort): 


          (1)?安裝Net_SSL(Redhat9?is?broken) 

          #?cd?/home 
          #?tar?-vxzf?Net_SSLeay.pm-1.21.tar.gz 
          #?cd?Net_SSLeay.pm-1.21? 
          #?./Makefile.PL 
          #?make?install 

          (2)安裝webmin 

          #?cd?/home 
          #?rpm?-ivh?webmin-1.220-1.noarch.rpm 

          (3)測(cè)試連接,并安裝snort?module 

          https://127.0.0.1:10000,使用root+密碼登錄 

          ??Webmin?Configuration?->;?SSL?Encryption?->;?生成新的SSL?key 
          ??Webmin?Configuration?->;?Webmin?Modules?->;?安裝snort-1.0.wbm 
          ??Servers?->;?Snort?IDS?Admin?->;?進(jìn)行配置: 
          ?????Full?path?to?snort?executable?->;?? 
          ?????/usr/local/bin/snort?-d?-D?-c?/etc/snort/rules/snort.conf 
          ????? 
          ?????Full?path?to?snort?configuration?file?->;??? 
          ?????/etc/snort/rules/snort.conf 
          ????? 
          ?????Full?path?to?snort?rule?files?directory?->;?? 
          ?????/etc/snort/rules 
          ????? 
          ?????Full?path?to?snort?PID?file?->;?? 
          ?????/var/run/snort_eth0.pid 

          (4)save之后就可以打開snort的配置界面。 

          12.限定apache只允許https連接 

          修改/usr/local/apache/conf/httpd.conf如下 

          ; 
          #Listen?80 
          Listen?443 
          ; 

          13.給Apache加簡(jiǎn)單的訪問(wèn)控制 

          (1)創(chuàng)建一個(gè)授權(quán)用戶并設(shè)置密碼 
          #?/usr/local/apache/bin/htpasswd?-c?/usr/local/apache/conf/auth.users?linghood 
          New?password:?****** 
          Re-type?new?password:?****** 
          Adding?password?for?user?linghood 

          (2)修改/usr/local/apache/conf/httpd.conf文件如下 

          ; 
          #????Options?FollowSymLinks 
          #????AllowOverride?None 
          AuthType?Basic 
          AuthName?"IDS" 
          AuthUserFile?/usr/local/apache/conf/auth.users 
          Require?valid-user 
          ; 

          ; 
          #????Options?Indexes?FollowSymLinks?MultiViews 
          #????AllowOverride?None 
          #????Order?allow,deny 
          #????Allow?from?all 
          AuthType?Basic 
          AuthName?"IDS" 
          AuthUserFile?/usr/local/apache/conf/auth.users 
          Require?valid-user 
          ;
          

          
	
          


          
	    
    




          





          


          

	
          
		
          
				
		
	
		
          
		
		
          只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。
          
		
          
			
		
          
			
		
          
		
		
          
		


          

		          		
		
          
		
          			
		
		
		
		
          
		
          
		
		
          
		
          
			網(wǎng)站導(dǎo)航:
		
		
          
		
          
			
		
          	
		
          
			 
		
          
		
          
			
		
          
		
          
			
				
		
          		
	
          	

          



          

				
          
	
	
	

          
	
          
posts - 51, comments - 17, trackbacks - 0, articles - 0
          
	
          Copyright © 笨蛋啊帆
          

          

          

    







          
        
	




主站蜘蛛池模板:
崇仁县|
黄骅市|
鹿邑县|
渝北区|
攀枝花市|
海安县|
怀化市|
江达县|
阿瓦提县|
诸暨市|
富锦市|
闽清县|
茌平县|
当涂县|
新密市|
乌拉特前旗|
宜宾县|
栾川县|
邵东县|
屏山县|
平和县|
南涧|
阿坝县|
嘉定区|
九龙城区|
焦作市|
收藏|
公安县|
浦江县|
梁河县|
泽州县|
桑植县|
佛坪县|
铁岭市|
濮阳市|
随州市|
洪湖市|
绵阳市|
广平县|
佳木斯市|
清流县|