Chinaunix首页 | 论坛 | 博客
  • 博客访问: 557293
  • 博文数量: 104
  • 博客积分: 4131
  • 博客等级: 上校
  • 技术积分: 1137
  • 用 户 组: 普通用户
  • 注册时间: 2009-07-31 15:05
文章分类

全部博文(104)

文章存档

2011年(13)

2010年(23)

2009年(68)

我的朋友

分类: LINUX

2009-11-03 11:02:03

18.在mysql中建立数据库
# /usr/local/mysql/bin/mysql -p
出错的话,先试:
# /usr/local/mysql/bin/mysqld_safe &
# /usr/local/mysql/bin/mysql -p
mysql>SET PASSWORD FOR );
mysql>create database snort;
mysql>grant INSERT,SELECT on root.* to snort@localhost;
mysql>quit;
# cd /usr/local/tarballs/snort-2.8.3.1/schemas
# /usr/local/mysql/bin/mysql -p
>Enter password:baoqunmin
进入mysql数据库,看看snort数据库中的表:
/usr/local/mysql/bin/mysql -p
>Enter password:baoqunmin
mysql>show databases;
mysql>use snort;
mysql>show tables;
mysql>exit;
19.安装配置WEB接口
# cp /usr/local/tarballs/acid-0.9.6b23.tar.gz /www/htdocs
# cp /usr/local/tarballs/adodb498.tgz /www/htdocs
# cp /usr/local/tarballs/jpgragh-3.0.6.tar.bz2 /www/htdocs
# cd /www/htdocs
# tar -jxvf jpgragh-3.0.6.tar.bz2
# tar -zxvf adodb498.tgz
# tar -zxvf acid-0.9.6b23.tar.gz
# cd acid
# gedit acid_conf.php
配置如下(修改有红色标注):
$ACID_VERSION = "0.9.6b23";
/* Path to the DB abstraction library
 *  (Note: DO NOT include a trailing backslash after the directory)
 *   e.g. $foo = "/tmp"      [OK]
 *        $foo = "/tmp/"     [OK]
 *        $foo = "c:\tmp"    [OK]
 *        $foo = "c:\tmp\"   [WRONG]
 */
$DBlib_path = "/www/htdocs/adodb";
/* The type of underlying alert database
 *
 *  MySQL       : "mysql"
 *  PostgresSQL : "postgres"
 *  MS SQL Server : "mssql"
 */
$DBtype = "mysql";
/* Alert DB connection parameters
 *   - $alert_dbname   : MySQL database name of Snort alert DB
 *   - $alert_host     : host on which the DB is stored
 *   - $alert_port     : port on which to access the DB
 *   - $alert_user     : login to the database with this user
 *   - $alert_password : password of the DB user
 *
 *  This information can be gleaned from the Snort database
 *  output plugin configuration.
 */
$alert_dbname   = "snort";
$alert_host     = "localhost";
$alert_port     = "";
$alert_user     = "root";
$alert_password = "baoqunmin";
/* Archive DB connection parameters */
$archive_dbname   = "snort";
$archive_host     = "localhost";
$archive_port     = "";
$archive_user     = "root";
$archive_password = "baoqunmin";
/* Type of DB connection to use
 *   1  : use a persistant connection (pconnect)
 *   2  : use a normal connection (connect)
 */
$db_connect_method = 1;
/* Use referential integrity
 *   1  : use
 *   0  : ignore (not installed)
 *
 * Note: Only PostgreSQL and MS-SQL Server databases support
 *       referential integrity.  Use the associated
 *       create_acid_tbls_?_extra.sql script to add this
 *       functionality to the database.
 *
 *       Referential integrity will greatly improve the
 *       speed of record deletion, but also slow record
 *       insertion.
 */
$use_referential_integrity = 0;
/* Path to the graphing library
 *  (Note: DO NOT include a trailing backslash after the directory)
 */
$ChartLib_path = "/www/htdocs/src";
/* File format of charts ('png', 'jpeg', 'gif') */
$chart_file_format = "png";
/* Chart default colors - (red, green, blue)
 *    - $chart_bg_color_default    : background color of chart
 *    - $chart_lgrid_color_default : gridline color of chart
 *    - $chart_bar_color_default   : bar/line color of chart
 */
$chart_bg_color_default     = array(255,255,255);
$chart_lgrid_color_default  = array(205,205,205);
$chart_bar_color_default    = array(190, 5, 5);
/* Maximum number of rows per criteria element */
$MAX_ROWS = 10;
/* Number of rows to display for any query results */
$show_rows = 50;
/* Number of items to return during a snapshot
 *  Last _X_ # of alerts/unique alerts/ports/IP
 */
$last_num_alerts = 15;
$last_num_ualerts = 15;
$last_num_uports = 15;
$last_num_uaddr = 15;
/* Number of items to return during a snapshot
 *  Most Frequent unique alerts/IPs/ports
 */
$freq_num_alerts = 5;
$freq_num_uaddr = 15;
$freq_num_uports = 15;
/* Number of scroll buttons to use when displaying query results */
$max_scroll_buttons = 12;
/* Debug mode     - how much debugging information should be shown
 * Timing mode    - display timing information
 * SQL trace mode - log SQL statements
 *   0 : no extra information
 *   1 : debugging information
 *   2 : extended debugging information
 *
 * HTML no cache - whether a no-cache directive should be sent
 *                 to the browser (should be = 1 for IE)
 *
 * SQL trace file - file to log SQL traces
 */
$debug_mode = 0;
$debug_time_mode = 1;
$html_no_cache = 1;
$sql_trace_mode = 0;
$sql_trace_file = "";
/* Auto-Screen refresh
 * - Refresh_Stat_Page - Should certain statistics pages refresh?
 * - Stat_Page_Refresh_Time - refresh interval (in seconds)
 */
$refresh_stat_page = 1;
$stat_page_refresh_time = 180;
/* Display First/Previous/Last timestamps for alerts or
 * just First/Last on the Unique Alert listing.
 *    1: yes
 *    0: no
 */
$show_previous_alert = 0;
/* Sets maximum execution time (in seconds) of any particular page.
 * Note: this overrides the PHP configuration file variable
 *       max_execution_time.  Thus script can run for a total of
 *       ($max_script_runtime + max_execution_time) seconds
 */
$max_script_runtime = 180;
/* How should the IP address criteria be entered in the Search screen?
 *   1 : each octet is a separate field
 *   2 : entire address is as a single field
 */
$ip_address_input = 2;
/* Should a combo box with possible signatures be displayed on the
 * search form. (Requires Javascript)
 *   0 : disabled
 *   1 : show only non pre-processor signatures (e.g., ignore portscans)
 *   2 : show all signatures
 */
$use_sig_list = 0;
/* Resolve IP to FQDN (on certain queries?)
 *    1 : yes
 *    0 : no
 */
$resolve_IP = 1;
/* Should summary stats be calculated on every Query Results page
 * (Enabling this option will slow page loading time)
 */
$show_summary_stats = 0;
/* DNS cache lifetime (in minutes) */
$dns_cache_lifetime = 20160;
/* Whois information cache lifetime (in minutes) */
$whois_cache_lifetime = 40320;
/* Snort spp_portscan log file */
$portscan_file = "";
/* Event cache Auto-update
 *
 *  Should the event cache be verified and updated on every
 *  page log?  Otherwise, the cache will have to be explicitly
 *  updated from the 'cache and status' page.
 *
 *  Note: enabling this option could substantially slow down
 *  the page loading time when there are many uncached alerts.
 *  However, this is only a one-time penalty.
 *
 *   1 : yes
 *   0 : no
 */
$event_cache_auto_update = 1;
/* Maintain a history of the visited pages so that the "Back"
 * button can be used.
 *
 * Note: Enabling this option will cause the PHP-session to
 * grow substantially after many pages have been viewed causing
 * a slow down in page loading time. Periodically return to the
 * main page to clear the history.
 *
 *   1 : yes
 *   0 : no
 */
$maintain_history = 1;
/* Level of detail to display on the main page.
 *
 * Note: The presence of summary statistics will slow page loading time
 *
 *   1 : show both the links and summary statistics
 *   0 : show only the links and a count of the number of alerts
 */
$main_page_detail = 1;
/*
 * External URLs
 */
/* Whois query */
$external_whois_link = "=";
//$external_whois_link = "="
 /* DNS query */
$external_dns_link = "=";
/* SamSpade "all" query */
$external_all_link = "=";
/* TCP/UDP port database */
$external_port_link = "=";
//$external_port_link = "=";
/* Signature references */
$external_sig_link = array("bugtraq"   => array("http://www.securityfocus.com/bid/", ""),
                           "snort"     => array("=", ""),
                           "cve"       => array("=", ""),
                           "arachnids" => array("", ""),
                           "mcafee"    => array("_", ".htm"),
                           "icat"      => array("=", ""));
/* Email Alert action
 *
 * - action_email_from : email address to use in the FROM field of the mail message
 * - action_email_subject : subject to use for the mail message
 * - action_email_msg : additional text to include in the body of the mail message
 * - action_email_mode : specifies how the alert information should be enclosed
 *     0 : alerts should be in the body of the message
 *     1 : alerts should be enclosed in an attachment
 */
$action_email_from = "ACID Alert ";
$action_email_subject = "ACID Incident Report";
$action_email_msg = "";
$action_email_mode = 0;
/* Custom (user) PHP session handlers
 *
 * - use_user_session : sets whether user PHP session can be used (configured
 *                      with the session.save_handler variable in php.ini)
 *      0 : no
 *      1 : yes (assuming that 'user_session_path' and 'user_session_function'
 *               are configured correctly)
 * - user_session_path : file to include that implements the custom PHP session
 *                       handler
 * - user_session_function : function to invoke in the custom session
 *                           implementation that will register the session handler
 *                           functions
 */
$use_user_session = 0;
$user_session_path = "";
$user_session_function = "";
?>

 


 
阅读(1931) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~