Snort and base

snort
(http://www.snort.org/)

....................................

1安裝snort

主要有以下兩方法 

用原始檔案安裝
tar -zxvf snort-< version >.tar.gz
cd snort-< version >
./configure --prefix=/usr/local/snort --with-mysql=< mysql path >
make
make install

用yum安裝
yum install snort
yum install snort-mysql

ps:
在用原始檔案裝時可能會需要以下套件,可先用yum裝好 
yum install gcc gcc-c++ make libpcap libpcap-devel pcre-devel bison flex zlib zlib-devel mysql-server mysql-deve
ps:
snort2.9.4 on centos6 64位元版會需要以下兩套件,但yum沒有
libdnet(http://libdnet.sourceforge.net)
 #tar zxvf libdnet-1.12.tgz
 #./configure
 #make
 #make install
DAQ(http://www.snort.org/snort-downloads)
 #tar zxvf libdnet-1.12.tgz
 #./configure
 #make
 #make install


2下載rules
以snort帳號進入my account
進入Oinkcodes即有下載的指示

.........................................

編輯snort.conf
ps:snort預設讀取/etc/snort/snort.conf
ps:snort.conf範本可在原始目錄的etc中找到

指定監控範圍
var HOME_NET < range >
可以為any,ip,網段
ps:若要指定多個值時,各值以逗點隔開即可

指定rule位置
var RULE_PATH < path>

指定要使用的rule類型
include $RULE_PATH/.rules
可以為pop3,virus,...等,視rules檔中的內容而定

指定擷取封包的介面
INTERFACE=eth0
ps:若要指定多個介面,各介面以空白隔開即可

.......................................

設定mysql

1.1.先建立資料庫
mysql> create database snortdb;

mysql> grant all on snortdb.* to snortuser@localhost;
mysql> set password for snortuser@localhost=password('snortpassword');
mysql> flush privileges;
mysql> use snortdb;
1.2.匯入資料表
mysql> source /root/snort-< version >/schemas/create_mysql;

2.編輯snort.conf的輸出組態如下
database: log, mysql, user=snortuser password=snortpassword dbname=snortdb host=localhost

.......................................

測試snort.conf
snort -T -c < snort.conf位置 >
snort-mysql -T -c < snort.conf位置 >
ex:
snort -T -c /usr/local/snort/etc/snort.conf
snort-mysql -T -c /etc/snort/snort.conf

啟動
snort-mysql -c /etc/snort/snort.conf snort -D
-D是背景執行,預設ALERT記錄送到/var/log/snort/alert

ps
若/var/log/snort/alert內有訊息表示成功
若資料表siginature內有顯示訊息表示輸入進database成功

...........................

安裝base(Basic Analysis and Security Engine)
http://base.secureideas.net/

1
安裝相關元件
1.1
需有php-pear
pear install Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman
1.2
下載adodb5後解壓縮

2
安裝base
2.1
下載base後解壓縮到網頁目錄,並進入該目錄
2.2
mv base_conf.php.dist base_conf.php
2.3
進入base_conf.php後設定以下
$BASE_urlpath= "/base";
$DBlib_path= "/var/www/adodb5";
$DBtype= "mysql";
$alert_dbname= "snort";
$alert_host= "localhost";
$alert_port= "";
$alert_user= "snort";
$alert_password= "password";
2.4
開啟base網頁依指示完成最後程序

2009-10-17 22:36:49發表 2013-03-05 23:26:20修改   

數據分析
程式開發
計算機組織與結構
資料結構與演算法
Database and MySql
manage tool
windows
unix-like
linux service
network
network layer3
network layer2
network WAN
network service
作業系統
數位鑑識
資訊安全解決方案

資訊安全威脅
Cisco security
Cisco network
Cisco layer3
Cisco layer2



  登入      [牛的大腦] | [單字我朋友] Powered by systw.net