libpcap是unix/Linux平台下捕获网络数据包的函数库;
mysql是数据库,存放捕获的数据;
apache是web服务器;
php是网页脚本语言;
adodb为PHP提供数据库的支持(ADOdb is a database abstraction library for PHP);
base是基本的分析和安全引擎,它以ACID项目的代码为基础,提供web前端,查询和分析来自snort入侵检测系统的报警(BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system);apache和php的安装就是为base服务的。
安装mysql
groupadd mysql
useradd -g mysql mysql
tar -zxvf mysql-VERSION.tar.gz
ln -s mysql-VERSION /usr/local/mysql
cd /usr/local/mysql
chown -R mysql.mysql .
bin/mysql_install_db –user=mysql
chown -R root .
chown -R mysql data
bin/mysqld_safe –user=mysql &
/usr/local/mysql/bin/mysqladmin -u root password root
tar -zvxf httpd-2.2.3.tar.gz
cd httpd-2.2.3
./configure –prefix=/usr/local/apache –sysconfdir=/etc –enable-modules=so
make
make install
tar zxvf jpegsrc-6b.tar.gz
cd jpeg-6b
./configure
make
mkdir -p /usr/local/man/man1
make install
make install-lib
tar zxvf freetype-2.1.10.tar.gz
cd freetype-2.1.10
./configure
make
make install
tar zxvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
make
make install
tar zxvf libpng-1.2.8-config.tar.gz
cd libpng-1.2.8-config
cp scripts/makefile.gcmmx makefile
make
make install
tar zxvf gd-2.0.33.tar.gz
cd gd-2.0.33
./configure
make
make install
cp gd.h /usr/local/lib/
tar zxvf libxml2-2.6.22.tar.gz
cd libxml2-2.6.22
./configure
make
make install
tar zxvf libxml2-2.6.22.tar.gz
cd libxml2-2.6.22
./configure
make
make install
tar zxvf php-5.2.tar.gz
cd php-5.2
./configure –prefix=/usr/local/php –with-apxs2=/usr/local/apache/bin/apxs –with-config-file-path=/etc –enable-sockets –with-mysql=/usr/local/mysql –with-gd –with-ttf –with-zlib-dir –with-png-dir –with-jpeg-dir
make
make install
cp ./php.ini-dist /usr/local/php5/etc/php.ini
vi /etc/httpd.conf
=============================
+LoadModule php5_module modules/libphp5.so
+AddType application/x-httpd-php .php .phtml
+AddType application/x-httpd-php-source .phps
=============================
#/usr/local/apache/bin/apachctl start
tar -zxvf libpcap-0.9.5.tar.gz
cd libpcap-0.9.5
./configure
make
make install
tar jxvf pcre-7.8.tar.bz2
cd pcre-7.8
./configure
make
make install
tar zxvf snort-2.6.1.tar.gz
cd snort-2.6.1
./configure –prefix=/usr/local/snort –with-mysql=/usr/local/mysql/
make
make install
cd /usr/local/snort
tar zxvf snortrules-snapshot-CURRENT.tar.gz
cp /usr/local/src/snort-2.6.1/etc/snort.conf /usr/local/snort/etc/
cp /usr/local/src/snort-2.6.1/etc/*.config /usr/local/snort/etc/
/usr/local/mysql/bin/mysql -u root -p
create database snort;
create database snort_archive;
use snort;
source /usr/local/src/snort-2.6.1/schemas/create_mysql;
use snort_archive;
source /usr/local/src/snort-2.6.1/schemas/create_mysql;
mkdir /var/log/snort
vi snort.conf
=============================
var HOME_NET 10.1.1.0/24
var RULE_PATH /usr/local/snort/rules
dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so
dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so
dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so
dynamicpreprocessor file /usr/local/snort/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so
dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so
output database: alert, mysql, user=root password=your_password dbname=snort host=localhost
=============================
mv adodb493a.gz /usr/local/
cd /usr/local/
tar zxvf adodb493a.gz
cp base-1.1.2.tar.gz /usr/local/apache/htdocs/
cd /usr/local/apache/htdocs
tar zxvf base-1.1.2.tar.gz
cp base_conf.php.dist base_conf.php
vi base_conf.php
=================================
$BASE_urlpath = “/base”;
$DBlib_path = “/usr/local/adodb”;
$DBtype = “mysql”;
$alert_dbname = “snort”;
$alert_host = “localhost”;
$alert_port = “”;
$alert_user = “root”;
$alert_password = “root”;
=================================
/usr/local/php/bin/pear install Image_Canvas-0.3.0.tgz
/usr/local/php/bin/pear install Numbers_Roman-1.0.1.tgz
/usr/local/php/bin/pear install Numbers_Words-0.15.0.tgz
/usr/local/php/bin/pear install Image_Graph-0.7.2.tgz
/usr/local/snort/bin/snort -c /usr/local/snort/etc/snort.conf