現有系統及環境
Fedora core2 with LAMP-installed with tarball
安裝指引原文
http://www.snort.org/docs/setup..._base_SSL.pdf 這篇指引寫得很好,以下將安裝過程一步一步呈現出來,並且將可能碰到的幾個小問題以及必須注意的地方特別提出來與大家共同切磋。
野人獻曝,若有誤謬的地方,請不吝指教,以免貽笑大方。
一、建立下載安裝的目錄/,以便於管理
#mkdir /usr/local/src/snortinstall
#cd /usr/local/src/snortintsall
#wget
http://www.snort.org/dl/cur....3.3.tar.gz #wget
http://easynews.dl.sourceforge.net/s...pcre-5.0.tar.gz #wget
http://easynews.dl.sourceforge.net/...db/adodb462.tgz #wget
http://easynews.dl.sourceforge.net/sourc.../base-1.1.2.tar.gz 二、安裝次序: pcre, snort adodb, base
#cd /usr/local/src/snortinstall
#tar –xvzf pcre-5.0.tar.gz
#cd pcre-5.0
#./configure
#make
#make install
#tar -xvzf snort-2.3.3.tar.gz
#cd snort-2.3.3
#./configure --with-mysql=/usr/local/mysql --with-snmp
#make
#make install
註:mysql必須指定為您mysql的路徑 --with-snmp是我自己加上去的
三、建立必要的目錄及使用者、群組
#groupadd snort
#useradd -g snort snort
#mkdir /etc/snort
#mkdir /etc/snort/rules
#mkdir /var/log/snort
#cd /usr/local/src/snortinstall/snort-2.3.3/rules
#cp * /etc/snort/rules
#cd ../etc
#cp * /etc/snort
四、修改設定檔 /etc/snort/snort.conf
#nano /etc/snort/snort.conf
var HOME_NET 10.2.2.0/24 → var HOME_NET 192.168.0.0/24
註:依照您的內部網路
var EXTERNAL_NET any → var EXTERNAL_NET !$HOME_NET
var RULE_PATH ../rules → var RULE_PATH /etc/snort/rules
output database: log, mysql, user=root password=password_of_root_mysql dbname=snort host=localhost
註:請注意,如果host=localhost被擠到次一行,記得在行尾加上”\”,否則會跟我一樣得到下列悲慘的下場
FATAL ERROR: /etc/snort/snort.conf(538) => Unknown rule type: host=localhost
#nano /etc/rc.d/rc.local
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g snort -D
註:開機就啟動snort
五、建立mysql資料庫,這裡直接用mysql的root作使用者,原作以snort為資料庫使用者。
#mysql -uroot -p
Password:
mysql>create database snort;
mysql>use snort;
mysql>grant all on snort.* to root@localhost identified by 'password_of_root_mysql'
mysql>exit
#mysql -u root -p < /usr/local/src/snortinstall/snort-2.3.3/schemas/create_mysql snort
Enter password: password_of_root_mysql
確認一下資料庫及資料表
#mysql -uroot -p
Password: password_of_root_mysql
mysql> show databases;
+------------+
| Database
+------------+
| mysql
| Snort
| test
+------------+
3 rows in set (0.00 sec)
mysql>use snort;
mysql>show tables;
+------------------+
| Tables_in_snort
+------------------+
| data
| detail
| encoding
| event
| icmphdr
| iphdr
| opt
| reference
| reference_system
| schema
| sensor
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
+------------------+
16 rows in set (0.00 sec)
mysql>exit
六、確定或安裝php with gd
#yum install php-gd
註:tarball安裝的php不用這個。由於我是根據鳥哥的教學以tarball安裝php,如果您安裝php時沒安裝gd的話,而且原來安裝檔還在的話可以回去重新安裝
#cd /usr/local/php-x.x.x
#./config.nice --with-gd
#make; make install
七、安裝base,先安裝adodb,再安裝base
安裝adodb
#cd /usr/local/src/snortinstall
#cp adodb462.tgz /var/www/
#cd /var/www/
#tar -xvzf adodb462.tgz
#rm –rf adodb462.tgz
註:記得要修改權限,讓httpd有使用權限,譬如我的httpd.conf使用者及群組是nobody, nobody
#chown -R nobody:nobody /var/www/adodb
安裝base
#cd /usr/local/src/snortinstall
#cp base-1.1.2.tar.gz /usr/local/apache2/htdocs/
#cd /usr/local/apache2/htdocs
#tar –xvzf base-1.1.2.tar.gz
#rm –rf base-1.1.2.tar.gz
#mv base-1.1.2 base
接下來這些步驟不必做,如果您做了,安裝base時,一樣必須將base_conf.php移開。不過將設定值記好,等一下用瀏覽器安裝base時用得著。
cp base_conf.php.dist base_conf.php
edit the “base_conf.php” file and insert the following perimeters
$BASE_urlpath = "/base";
$DBlib_path = "/var/www/adodb ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "root";
$alert_password = "password_of_root_mysql";
/* Archive DB connection parameters */
$archive_exists = 0; # Set this to 1 if you have an archive DBcd /var/www/html/base/
