Snort+mysql+Apache(with mod_ssl)+php+ACID安装日志
一、运行环境
1.平台:
Fedora Core 4 (IP Address: 192.168.1.101)
2.所需软件:
报警+数据库:
snort-2.4.0.tar.gz snortrules-pr-2.4.tar.gz (snortrules for v2.4 unregistered user release) mysql-standard-4.1.13-pc-linux-gnu-i686.tar.gz create_mysql(script) 客户端显示:
apache_1.3.29.tar.gz mod_ssl-2.8.16-1.3.29.tar.gz php-4.4.0.tar.gz acid-0.9.6b23.tar.gz adodb465.tgz jpgraph-1.19.tar.gz 辅助管理工具:
webmin-1.220-1.noarch.rpm Net_SSLeay.pm-1.21.tar.gz snort-1.0.wbm(snort's webmin plugin) 3.软件下载地址
snort-2.4.0.tar.gz(http://www.snort.org)
snortrules-pr-2.4.tar.gz(http://www.snort.org) mysql-standard-4.1.13-pc-linux-gnu-i686.tar.gz(http://www.mysql.com) create_mysql script(http://cvs.sourceforge.net/viewcvs.py/snort/snort/contrib/) apache_1.3.29.tar.gz(http://www.apache.org)
mod_ssl-2.8.16-1.3.29.tar.gz(http://www.modssl.org) php-4.4.0.tar.gz(http://www.php.net) acid-0.9.6b23.tar.gz(http://acidlab.sourceforge.net) adodb465.tgz(http://adodb.sourceforge.net/) jpgraph-1.19.tar.gz(http://www.aditus.nu/jpgraph/index.php) webmin-1.220-1.noarch.rpm(http://www.webmin.com/)
Net_SSLeay.pm-1.21.tar.gz(http://symlabs.com/Net_SSLeay/) snort-1.0.wbm (http://www.snort.org/dl/contrib/front_ends/webmin_plugin/) 二、安装
1.准备
ssh root登录FC4,将上述所需文件拷贝至/home
2.安装mysql
# groupadd mysql
# useradd -g mysql mysql # cd /home # tar -vxzf mysql-standard-4.1.14-pc-linux-gnu-i686.tar.gz # mv mysql-standard-4.1.14-pc-linux-gnu-i686 /usr/local/mysql # cd /usr/local/mysql # chown -R root . # chown -R mysql data # chgrp -R mysql . # scripts/mysql_install_db --user=mysql # /usr/local/mysql/support-files/mysql.server start 3.创建snort数据库
# /usr/local/mysql/bin/mysql
mysql> mysql>set password for 'root'@'localhost'=password('linghood'); mysql>create database snort; # /usr/local/mysql/bin/mysql -u root -p
mysql>connect snort; mysql>source /home/create_mysql; //指定create_mysql脚本的路径 mysql>grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort; mysql>grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost; mysql>connect mysql; mysql>set password for 'snort'@'localhost'=password('linghoodids'); mysql>set password for 'snort'@'%'=password('linghoodids'); mysql>flush privileges; 4.安装并启动snort # cd/home
# tar -vxzf snort-2.4.0.tar.gz # mv snort-2.4.0 /usr/local/snort # cd /usr/local/snort # ./configure --with-mysql=/usr/local/mysql # make # make install # mkdir /var/snort
# mkdir /var/log/snort # mkdir /etc/snort(存放rules) # cd /home
# tar -vxzf snortrules-pr-2.4.tar.gz # mv rules /etc/snort # mv doc /etc/snort 修改/etc/snort/rules/snort.conf: (1)将var RULE_PATH ../rules一行注释掉 (2)增加output database: log, mysql, user=snort password=linghoodids dbname=snort host=localhost (3)修改include部分 include $RULE_PATH/bad-traffic.rules -> include bad-traffic.rules (and so on...) 启动snort(example):
# snort -d -D -c /etc/snort/rules/snort.conf 5.安装apache+mod_ssl # cd /home
# tar -vxzf apache_1.3.29.tar.gz # tar -vxzf mod_ssl-2.8.16-1.3.29.tar.gz # cd mod_ssl-2.8.16-1.3.29
# ./configure --with-apache=../apache_1.3.29 # cd ../apache_1.3.29
# SSL_BASE=SYSTEM \ ./configure \ --prefix=/usr/local/apache \ --enable-module=ssl \ --enable-module=so \ --enable-module=rewrite # make # make certificate # make install 6.安装PHP # cd /home
# tar -vxzf php-4.4.0.tar.gz # cd php-4.4.0 # CFLAGS="-DEAPI -fPIC" \ ./configure \ --prefix=/usr/local/php \ --with-mysql=/usr/local/mysql \ --with-apxs=/usr/local/apache/bin/apxs \ --with-gd --with-zlib --enable-sockets # make # make install 注:mod_ssl uses Apache's EAPI, so you need compile PHP with -DEAPI.
7.安装acid+adodb+jpgraph 解压acid-0.9.6b23.tar.gz,adodb465.tgz,gd-2.0.33.tar.gz,jpgraph-1.19.tar.gz
并拷贝到/var/www/html(去掉目录名中的版本号) # vi /var/www/html/acid/acid_conf.php
修改以下内容: $DBlib_path="../adodb"; $alert_dbname="snort"; $alert_user="snort"; $alert_password="linghoodids"; $Chartlib_path="../jpgraph/src"; 8.修改selinux配置及apache配置 # vi /etc/selinux/config
SELINUX=disabled (否则会导致libphp4.so segment fault) # vi /usr/local/apache/conf/httpd.conf
ServerName 192.168.1.101
DocumentRoot "/var/www/html" AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps ##
## SSL Virtual Host Context ## # General setup for the virtual host DocumentRoot "/var/www/html" ServerName 192.168.1.101 注:不要忘记配置firewall允许https.
9.配置自启动并重启计算机
# vi /etc/rc.d/rc.local
#start mysqld
/usr/local/mysql/support-files/mysql.server start #start httpd /usr/local/apache/bin/apachectl startssl #start snort /usr/local/bin/snort -d -D -c /etc/snort/rules/snort.conf # reboot
10.测试连接acid和初始化 Click "Setup page" to "Create ACID AG"
到现在为止,Snort+mysql+Apache(with mod_ssl)+php+ACID已经可以正常工作了。
11.辅助管理工具(图形界面管理snort) (1) 安装Net_SSL(Redhat9 is broken) # cd /home
# tar -vxzf Net_SSLeay.pm-1.21.tar.gz # cd Net_SSLeay.pm-1.21 # ./Makefile.PL # make install (2)安装webmin
# cd /home
# rpm -ivh webmin-1.220-1.noarch.rpm (3)测试连接,并安装snort module
Webmin Configuration -> SSL Encryption -> 生成新的SSL key
Webmin Configuration -> Webmin Modules -> 安装snort-1.0.wbm Servers -> Snort IDS Admin -> 进行配置: Full path to snort executable -> /usr/local/bin/snort -d -D -c /etc/snort/rules/snort.conf Full path to snort configuration file -> /etc/snort/rules/snort.conf Full path to snort rule files directory -> /etc/snort/rules Full path to snort PID file -> /var/run/snort_eth0.pid (4)save之后就可以打开snort的配置界面。
12.限定apache只允许https连接
修改/usr/local/apache/conf/httpd.conf如下
#Listen 80 Listen 443 13.给Apache加简单的访问控制
(1)创建一个授权用户并设置密码
# /usr/local/apache/bin/htpasswd -c /usr/local/apache/conf/auth.users linghood
New password: ****** Re-type new password: ****** Adding password for user linghood (2)修改/usr/local/apache/conf/httpd.conf文件如下
# Options FollowSymLinks # AllowOverride None AuthType Basic AuthName "IDS" AuthUserFile /usr/local/apache/conf/auth.users Require valid-user # Options Indexes FollowSymLinks MultiViews # AllowOverride None # Order allow,deny # Allow from all AuthType Basic AuthName "IDS" AuthUserFile /usr/local/apache/conf/auth.users Require valid-user |
zywhy
博客统计信息
热门文章
最新评论
友情链接