现有系统及环境
Fedora core2 with LAMP-installed with tarball
安装指引原文
http://www.snort.org/docs/setup..._base_SSL.pdf 这篇指引写得很好,以下将安装过程一步一步呈现出来,并且将可能碰到的几个小问题以及必须注意的地方特别提出来与大家共同切磋。
野人献曝,若有误谬的地方,请不吝指教,以免贻笑大方。
一、建立下载安装的目录/,以便于管理
#mkdir /usr/local/src/snortinstall
#cd /usr/local/src/snortintsall
#wget
http://www.snort.org/dl/cur....3.3.tar.gz #wget
http://easynews.dl.sourceforge.net/s...pcre-5.0.tar.gz #wget
http://easynews.dl.sourceforge.net/...db/adodb462.tgz #wget
http://easynews.dl.sourceforge.net/sourc.../base-1.1.2.tar.gz 二、安装次序: pcre, snort adodb, base
#cd /usr/local/src/snortinstall
#tar –xvzf pcre-5.0.tar.gz
#cd pcre-5.0
#./configure
#make
#make install
#tar -xvzf snort-2.3.3.tar.gz
#cd snort-2.3.3
#./configure --with-mysql=/usr/local/mysql --with-snmp
#make
#make install
注:mysql必须指定为您mysql的路径 --with-snmp是我自己加上去的
三、建立必要的目录及使用者、群组
#groupadd snort
#useradd -g snort snort
#mkdir /etc/snort
#mkdir /etc/snort/rules
#mkdir /var/log/snort
#cd /usr/local/src/snortinstall/snort-2.3.3/rules
#cp * /etc/snort/rules
#cd ../etc
#cp * /etc/snort
四、修改设定档 /etc/snort/snort.conf
#nano /etc/snort/snort.conf
var HOME_NET 10.2.2.0/24 → var HOME_NET 192.168.0.0/24
注:依照您的内部网路
var EXTERNAL_NET any → var EXTERNAL_NET !$HOME_NET
var RULE_PATH ../rules → var RULE_PATH /etc/snort/rules
output database: log, mysql, user=root password=password_of_root_mysql dbname=snort host=localhost
注:请注意,如果host=localhost被挤到次一行,记得在行尾加上”\”,否则会跟我一样得到下列悲惨的下场
FATAL ERROR: /etc/snort/snort.conf(538) => Unknown rule type: host=localhost
#nano /etc/rc.d/rc.local
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g snort -D
注:开机就启动snort
五、建立mysql资料库,这里直接用mysql的root作使用者,原作以snort为资料库使用者。
#mysql -uroot -p
Password:
mysql>create database snort;
mysql>use snort;
mysql>grant all on snort.* to root@localhost identified by 'password_of_root_mysql'
mysql>exit
#mysql -u root -p < /usr/local/src/snortinstall/snort-2.3.3/schemas/create_mysql snort
Enter password: password_of_root_mysql
确认一下资料库及资料表
#mysql -uroot -p
Password: password_of_root_mysql
mysql> show databases;
+------------+
| Database
+------------+
| mysql
| Snort
| test
+------------+
3 rows in set (0.00 sec)
mysql>use snort;
mysql>show tables;
+------------------+
| Tables_in_snort
+------------------+
| data
| detail
| encoding
| event
| icmphdr
| iphdr
| opt
| reference
| reference_system
| schema
| sensor
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
+------------------+
16 rows in set (0.00 sec)
mysql>exit
六、确定或安装php with gd
#yum install php-gd
注:tarball安装的php不用这个。由于我是根据鸟哥的教学以tarball安装php,如果您安装php时没安装gd的话,而且原来安装档还在的话可以回去重新安装
#cd /usr/local/php-x.x.x
#./config.nice --with-gd
#make; make install
七、安装base,先安装adodb,再安装base
安装adodb
#cd /usr/local/src/snortinstall
#cp adodb462.tgz /var/www/
#cd /var/www/
#tar -xvzf adodb462.tgz
#rm –rf adodb462.tgz
注:记得要修改权限,让httpd有使用权限,譬如我的httpd.conf使用者及群组是nobody, nobody
#chown -R nobody:nobody /var/www/adodb
安装base
#cd /usr/local/src/snortinstall
#cp base-1.1.2.tar.gz /usr/local/apache2/htdocs/
#cd /usr/local/apache2/htdocs
#tar –xvzf base-1.1.2.tar.gz
#rm –rf base-1.1.2.tar.gz
#mv base-1.1.2 base
接下来这些步骤不必做,如果您做了,安装base时,一样必须将base_conf.php移开。不过将设定值记好,等一下用浏览器安装base时用得着。
cp base_conf.php.dist base_conf.php
edit the “base_conf.php” file and insert the following perimeters
$BASE_urlpath = "/base";
$DBlib_path = "/var/www/adodb ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "root";
$alert_password = "password_of_root_mysql";
/* Archive DB connection parameters */
$archive_exists = 0; # Set this to 1 if you have an archive DBcd /var/www/html/base/
