Chinaunix首页 | 论坛 | 博客
  • 博客访问: 360806
  • 博文数量: 100
  • 博客积分: 1894
  • 博客等级: 上尉
  • 技术积分: 951
  • 用 户 组: 普通用户
  • 注册时间: 2007-12-11 23:17
文章分类

全部博文(100)

文章存档

2018年(3)

2014年(2)

2013年(7)

2012年(10)

2011年(8)

2010年(6)

2009年(63)

2008年(1)

分类: 网络与安全

2009-09-30 13:29:08

1):安装 zlib-1.2.3.tar.gz
         # cd /root/snortinstall
         # tar -zxvf zlib-1.2.3.tar.gz
         # cd zlib-1.2.3
         # ./configure 
         # make test
         # make install
2):安装libpcap-1.0.0.tar.gz
         # tar -zxvf libpcap-1.0.0.tar.gz 
         # cd libpcap-1.0.0
         # ./configure 
         # make
         # make install
注意:
如果make报错如下
error: expected specifier-qualifier-list before __u32
解决办法
#include  
加入到
/usr/include/linux/if_packet.h
3).安装gd-2.0.35.tar.bz2
tar xjvf gd-2.0.35.tar.bz2
./configure
make
make install
注意:make出错:
error: possibly undefined macro: AM_ICONV
解决办法:
安装gettext
下载了gettext-0.17.tar.gz
tar xzf gettext-0.17.tar.gz
cd gettext-0.17
./configure
make
make install
4)mysql

groupadd mysql
useradd -g mysql mysql
tar -zxvf Mysql-5.0.41.tar.gz
./configure --prefix=/usr/local/mysql
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
cd /usr/local/mysql
bin/mysql_install_db --user=mysql
chown -R root .
chown -R mysql var
chgrp -R mysql .
bin/mysqld_safe --user=mysql &
-------------------
加入系统服务
cp /usr/local/mysql/share/mysql/mysql.server  /etc/init.d/mysql
chkconfig --add mysql
service mysql start
---------------------------
#如果你修改数据库密码是碰到了socket '/tmp/mysql.sock' 错误 ,则你需要执行
#下面这个命令,mysql安装后的mysql.sock默认路径是/var/lib/mysql/mysql.sock 
  ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
 
 
5)apache

tar -zxvf httpd-2.2.11.tar.gz
cd httpd-2.2.11
./configure --prefix=/usr/local/apache --enable-so
make
make install
/usr/local/apache/bin/apachectl start #启动服务
echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.d/rc.local  #开机启动

6)php


tar zxvf php-5.2.6.tar.gz
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --with-gd=/usr/local/gd --with-zlib --with- gettext
make
make install
cp php.ini-dist /usr/local/php/lib/php.ini
vi /usr/local/apache/conf/httpd.conf
在AddType application/x-gzip .gz .tgz行下加入下面2行
        AddType application/x-httpd-php .php
        AddType application/x-httpd-php-source .phps

/usr/local/apache/bin/apachectl restart重启apache生效

测试
测试也很简单,在/usr/local/apache/htdocs/下面建立一个phpinfo.php文件,里面写
     phpinfo();
?>
 
   然后呢,在浏览器里面输入“”,如果页面上出现了PHP的版权信息及系 统配置情况,说明你的PHP已经可以使用了

7)安装clamav
  useradd clamav
  tar zxvf clamav-0.95.2.tar.gz
  cd clamav-0.95.2
  ./configure
  make
  make install
 
8)安装pcre
tar xjvf pcre-7.9.tar.gz
cd pcre-7.9
./configure
make 
make insatll

9)安装libnet
tar zxvf libnet-1.0.2a.tar.gz
cd libnet-1.0.2a
./configure
make 
make install
10)安装barnyard
tar zxvf barnyard-0.2.0.tar.gz
cd barnyard-0.2.0
./configure
make
make install
11)安装snort
mkdir /etc/snort
mkdir /var/log/snort
tar zxvf snort-2.8.5.tar.gz
cd snort-2.8.5
./configure --enable-inline --enable-clamav --with-mysql=/usr/local/mysql
make
make install

12)安装snort-snaprules
tar zxvf snortrules-snapshot-2.8.tar.gz
cd rules
mkdir /etc/snort/rules
cp ./* /etc/snort/rules
cd ../etc
cp ./* /etc/snort

13)配置snort
vi /etc/snort/snort.conf
修改如下行:
var HOME_NET 192.168.20.0/24 本地网络
var RULE_PATH  /etc/snort/rules  规则目录
output database: log, mysql, user=root password=mysql dbname=snort host=localhost 数据库信息
var HTTP_PORTS 80 监听端口

14)添加snort到自启动模式
cp /root/snort/snort-2.8.5/rpm/snortd /etc/init.d/   
vi /etc/init.d/snortd
修改:. /etc/sysconfig/snort
为    . /etc/snort/snort.conf
chmod 755 /etc/init.d/snortd
chkconfig --add snortd
chkconfig --level 35 snortd on
15)导入snort数据
/usr/local/mysql/bin/mysql -uroot -p07050927 < /root/snort/snort- 2.8.5/schemas/create_mysql snort

16) 安装acid,adodb5,jpgraph
mkdir /usr/local/apache/htdocs/snort
tar zxvf acid 
mv acid /usr/local/apache/htdocs/snort
tar adodb
mv adodb /usr/local/apache/htdocs/snort
tar jpgraph
mv jpgraph /usr/local/apache/htdocs/snort
17)配置
vi /usr/local/apache/htdocs/snort/acid/acid_conf.php
修改:$DBlib_path = ""; 
为 $DBlib_path = "/usr/local/apache/htdocs/snort/adodb5";
修改数据库配置
修改$ChartLib_path = "";
为$ChartLib_path = "/usr/local/apache/htdocs/snort/jpgraph/src";
snort -c /etc/snort/snort.conf -i eth0 -D
18)vi /etc/bashrc
添加如下内容:
export LANG='en_US'
alias l='ls -ablF'
export PATH=$PATH:./:/usr/sbin:/usr/bin:/sbin:/bin
export PCAP_FRAMES=max
执行:source /etc/bashrc
19)安装
IE输入:
如果一切正常的话,将能看到
“Analysis Console for Intrusion Databases”
   这个标题,下面有个
   “Use the Setup page to configure and optimize the DB”
   的链接,点击链接, 进入DB setup页面,然后点击
          “create acid ag”
会提示
       “Successfully created 'acid_ag'
            Successfully created 'acid_ag_alert'
            Successfully created 'acid_ip_cache'
            Successfully created 'acid_event'”
   这时再点击下面的 
       “ Main page”
     链接,将会进入主页面
    
   

 至此完毕!
    
   
阅读(1885) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~