1):安装 zlib-1.2.3.tar.gz
# cd /root/snortinstall
# tar -zxvf zlib-1.2.3.tar.gz
# cd zlib-1.2.3
# ./configure
# make test
# make install
2):安装libpcap-1.0.0.tar.gz
# tar -zxvf libpcap-1.0.0.tar.gz
# cd libpcap-1.0.0
# ./configure
# make
# make install
注意:
如果make报错如下
error: expected specifier-qualifier-list before __u32
解决办法
将
#include
加入到
/usr/include/linux/if_packet.h
3).安装gd-2.0.35.tar.bz2
tar xjvf gd-2.0.35.tar.bz2
./configure
make
make install
注意:make出错:
error: possibly undefined macro: AM_ICONV
解决办法:
安装gettext
下载了gettext-0.17.tar.gz
tar xzf gettext-0.17.tar.gz
cd gettext-0.17
./configure
make
make install
4)mysql
groupadd mysql
useradd -g mysql mysql
tar -zxvf Mysql-5.0.41.tar.gz
./configure --prefix=/usr/local/mysql
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
cd /usr/local/mysql
bin/mysql_install_db --user=mysql
chown -R root .
chown -R mysql var
chgrp -R mysql .
bin/mysqld_safe --user=mysql &
-------------------
加入系统服务
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
chkconfig --add mysql
service mysql start
---------------------------
#如果你修改数据库密码是碰到了socket '/tmp/mysql.sock' 错误 ,则你需要执行
#下面这个命令,mysql安装后的mysql.sock默认路径是/var/lib/mysql/mysql.sock
ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
5)apache
tar -zxvf httpd-2.2.11.tar.gz
cd httpd-2.2.11
./configure --prefix=/usr/local/apache --enable-so
make
make install
/usr/local/apache/bin/apachectl start #启动服务
echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.d/rc.local #开机启动
6)php
tar zxvf php-5.2.6.tar.gz
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --with-gd=/usr/local/gd --with-zlib --with- gettext
make
make install
cp php.ini-dist /usr/local/php/lib/php.ini
vi /usr/local/apache/conf/httpd.conf
在AddType application/x-gzip .gz .tgz行下加入下面2行
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
/usr/local/apache/bin/apachectl restart重启apache生效
测试
测试也很简单,在/usr/local/apache/htdocs/下面建立一个phpinfo.php文件,里面写
phpinfo();
?>
然后呢,在浏览器里面输入“”,如果页面上出现了PHP的版权信息及系 统配置情况,说明你的PHP已经可以使用了
7)安装clamav
useradd clamav
tar zxvf clamav-0.95.2.tar.gz
cd clamav-0.95.2
./configure
make
make install
8)安装pcre
tar xjvf pcre-7.9.tar.gz
cd pcre-7.9
./configure
make
make insatll
9)安装libnet
tar zxvf libnet-1.0.2a.tar.gz
cd libnet-1.0.2a
./configure
make
make install
10)安装barnyard
tar zxvf barnyard-0.2.0.tar.gz
cd barnyard-0.2.0
./configure
make
make install
11)安装snort
mkdir /etc/snort
mkdir /var/log/snort
tar zxvf snort-2.8.5.tar.gz
cd snort-2.8.5
./configure --enable-inline --enable-clamav --with-mysql=/usr/local/mysql
make
make install
12)安装snort-snaprules
tar zxvf snortrules-snapshot-2.8.tar.gz
cd rules
mkdir /etc/snort/rules
cp ./* /etc/snort/rules
cd ../etc
cp ./* /etc/snort
13)配置snort
vi /etc/snort/snort.conf
修改如下行:
var HOME_NET 192.168.20.0/24 本地网络
var RULE_PATH /etc/snort/rules 规则目录
output database: log, mysql, user=root password=mysql dbname=snort host=localhost 数据库信息
var HTTP_PORTS 80 监听端口
14)添加snort到自启动模式
cp /root/snort/snort-2.8.5/rpm/snortd /etc/init.d/
vi /etc/init.d/snortd
修改:. /etc/sysconfig/snort
为 . /etc/snort/snort.conf
chmod 755 /etc/init.d/snortd
chkconfig --add snortd
chkconfig --level 35 snortd on
15)导入snort数据
/usr/local/mysql/bin/mysql -uroot -p07050927 < /root/snort/snort- 2.8.5/schemas/create_mysql snort
16) 安装acid,adodb5,jpgraph
mkdir /usr/local/apache/htdocs/snort
tar zxvf acid
mv acid /usr/local/apache/htdocs/snort
tar adodb
mv adodb /usr/local/apache/htdocs/snort
tar jpgraph
mv jpgraph /usr/local/apache/htdocs/snort
17)配置
vi /usr/local/apache/htdocs/snort/acid/acid_conf.php
修改:$DBlib_path = "";
为 $DBlib_path = "/usr/local/apache/htdocs/snort/adodb5";
修改数据库配置
修改$ChartLib_path = "";
为$ChartLib_path = "/usr/local/apache/htdocs/snort/jpgraph/src";
snort -c /etc/snort/snort.conf -i eth0 -D
18)vi /etc/bashrc
添加如下内容:
export LANG='en_US'
alias l='ls -ablF'
export PATH=$PATH:./:/usr/sbin:/usr/bin:/sbin:/bin
export PCAP_FRAMES=max
执行:source /etc/bashrc
19)安装
IE输入:
如果一切正常的话,将能看到
“Analysis Console for Intrusion Databases”
这个标题,下面有个
“Use the Setup page to configure and optimize the DB”
的链接,点击链接, 进入DB setup页面,然后点击
“create acid ag”
会提示
“Successfully created 'acid_ag'
Successfully created 'acid_ag_alert'
Successfully created 'acid_ip_cache'
Successfully created 'acid_event'”
这时再点击下面的
“ Main page”
链接,将会进入主页面
至此完毕!
阅读(1886) | 评论(0) | 转发(0) |
