1.建立一个C:\IDS目录,后面所有ids相关软件均装入IDS目录;
2.安装apache(注意点:ServerName设置为本机IP)
测试方法:浏览器内能看到网页
3.解压缩php软件包,拷贝到IDS目录,
copy php5ts.dll到c:\windows\system32目录
copy php.ini-dist到c:\windows目录改名为php.ini
4.关联apache和php
修改apache配置文件(c:\ids\apache2.2\conf\httpd.conf)在一段LoadModule后面加入
LoadModule php5_module "C:\IDS\php5.2.6\php5apache2_2.dll"
AddType application/x-httpd-php .php
验证方法:
在C:\IDS\Apache2.2\htdocs建文件test.php
内容为:
phpinfo();
?>
重启apache
浏览器访问http:\\ip\test.php能看到php相关信息;
5.让apache和php支持gd库
修改php.ini文件
找到;extension=php_gd2.dll
去掉前面的“;”
将C:\IDS\php5.2.6\ext\php_gd2.dll拷贝c:\windows目录
测试方法:
重启apache
浏览器访问http:\\ip\test.php
将会看到网页上有一个关于GD的栏目;
6.安装snort需要先安装winpcap
测试:命令行进入c:\ids\snort\bin目录
执行命令snort -W 能识别到网卡
7.安装mysql一路下一步,到服务这一个页面,在
Include Bin Directory in windows PATH上打勾
下一个页面设置密码,下方打勾
8.建立snort所需要数据库
进入mysql
create database snort;
create database snort_archive;
用命令show databases;验证
将C:\IDS\Snort\schemas\create_mysql拷贝到C:\IDS\MySQL Server 5.0\bin
再次进入mysql执行create_mysql脚本生成snort所需表格
use snort;
source create_mysql;
use snort_archive;
source create_mysql;
可用show tables;验证
授权
grant all on snort.* to root@localhost
grant all on snort_archive.* to root@localhost
9.关联apache/php/mysql
修改c:\windows\php.ini
将;extension=php_mysql.dll这一句去掉;
将C:\IDS\php5.2.6\extphp_mysql.dll拷贝到windows目录
将C:\IDS\php5.2.6\libmysql.dll拷贝到system32目录
测试方法:
重启mysql
net stop mysql
net start mysql
重启apache
浏览器查看http:\\ip\test.php,能看到关于mysql的段落
10.将adodb加压到php目录下
C:\IDS\php5.2.6\adodb5
11.将jpgraph加压到php目录下
C:\IDS\php5.2.6\jpgraph-2.3.3
12.解压acid到C:\IDS\Apache2.2\htdocs\acid
修改配置文件C:\IDS\Apache2.2\htdocs\acid\acid_conf.php
$DBlib_path = "C:\IDS\php5.2.6\adodb5";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "3306";
$alert_user = "root";
$alert_password = "123456";
$archive_dbname = "snort_archive";
$archive_host = "localhost";
$archive_port = "3306";
$archive_user = "root";
$archive_password = "123456";
$ChartLib_path = "C:\IDS\php5.2.6\jpgraph-2.3.3\src";
测试:访问http:\\ip\acid能看到acid页面
访问
点右边create acid ag按钮
13.配置c:\ids\snort\etc\snort.conf
修改include classification.config
为include C:\IDS\Snort\etc\classification.config
修改include reference.config
为:include C:\IDS\Snort\etc\reference.config
在一段output database下方加
output database: alert, mysql, host=localhost port=3306 user=root password=123456 dbname=snort enconding=hex detail=full
将dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
修改为dynamicpreprocessor directory C:\IDS\Snort\lib\snort_dynamicpreprocessor
将dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
修改为dynamicengine C:\IDS\Snort\lib\snort_dynamicengine\sf_engine.dll
14.解压规则把doc/rules/rules_so目录复制到snort目录下
运行snort -c "c:\ids\snort\etc\snort.conf" -l "c:\ids\snort\log" -d -e -X -i 2
报此信息:Not Using PCAP_FRAMES
ctrl+c结束
运行set PCAP_FRAMES=MAX , snort -W
然后再次运行snort -c "c:\ids\snort\etc\snort.conf" -l "c:\ids\snort\log" -d -e -X -i 2
15.
阅读(4316) | 评论(1) | 转发(0) |