zoukankan      html  css  js  c++  java
  • Linux系统安装IDS(snort工具)

    第一步:预装daq所需程序

    snort使用数据采集器(daq)监听防火墙数据包队列,所以按照daq。需预装的程序有:flex、bison、libcap。

    sudo apt-get install flex
    sudo apt-get install bison
    sudo aptitude install libpcap-dev

    第二步:安装daq

    wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
    
    tar xvfz daq-2.0.6.tar.gz
                          
    cd daq-2.0.6
    ./configure && make && sudo make install

    第三步:安装snort所需程序

    aptitude install libpcre3-dev
    aptitude install libdumbnet-dev
    aptitude install zlib1g-dev

    第四步:安装snort

    wget https://www.snort.org/downloads/snort/snort-2.9.12.tar.gz  
    
    tar xvfz snort-2.9.12.tar.gz
                          
    cd snort-2.9.12
    ./configure --enable-sourcefire && make && sudo make install

    第五步:运行 snort 会要求你安装响应包,安装即可

    //运行snort -V
    
    //提示安装下面包
    
    apt-get install snort
    apt-get install snort-mysql
    apt-get install snort-pgsql
    //此时snort已经可以运行,看到一只小猪

    ,,_ -*> Snort! <*-
    o" )~ Version 2.9.2 IPv6 GRE (Build 78)
    '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
    Copyright (C) 1998-2011 Sourcefire, Inc., et al.
    Using libpcap version 1.1.1
    Using PCRE version: 8.12 2011-01-15
    Using ZLIB version: 1.2.3.4



    //-----------------

    //安装一些依赖包,为后面的图形化做准备

    安装apache

    apt-get install apache2

    安装mysql

    apt-get install mysql-server

    安装php

    apt-get install php5

     第六步:为snort创建一个数据库,和一个用户

    $ mysql –u root –p
    
    mysql> CREATE DATABASE snort;
    mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort@localhost;
    mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort;
    mysql> SET PASSWORD FOR snort@localhost=PASSWORD('yourpassword');
    mysql> exit

     第七步:修改snor配置文件

    snort的配置文件在/etc/snort/snort.conf

    打开该文件将 HOME_NET 有关项注释掉,然后将 HOME_NET 设置为本机 IP 所在网络,将 EXTERNAL_NET 相关项注释掉,设置其为非本机网络,如下所示:

    其中需要修改的内容如下所示:
    45行 ipvar HOME_NET any > ipvar HOME_NET 192.168.x.x 你的的IP网段,写成CIDR格式,可以添加多个网段
    举例:ipvar HOME_NET [192.168.0.0/16,172.16.0.0/16]

    ipvar EXTERNAL_NET any > ipvar EXTERNAL_NET!$HOME_NET

     第八步:试运行

    snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf
    
    
    若出现如下错误
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !! WARNING: The database output plugins are considered deprecated as
    !!          of Snort 2.9.2 and will be removed in Snort 2.9.3.
    !!          The recommended approach to logging is to use unified2 with
    !!          barnyard2 or similar.
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    database: must enter database name in configuration file
    
    
    解法:
    搞了好长时间,发现snort.conf配置文件549行左右有一条
    include database.conf
    注释掉

    第九步:运行snort,snort会监测eth0端口

    snort

    结果如下

    参考网址:

    snort官网

    centos平台基于snort、barnyard2以及base的IDS(入侵检测系统)的搭建与测试及所遇问题汇总

    linux入侵检测系统snort安装配置

    Snort 用户手册

    在 Ubuntu 15.04 中如何安装和使用 Snort 

  • 相关阅读:
    CSS Transform让百分比宽高布局元素水平垂直居中
    Apache配置详解
    MAMP环境配置
    ajax 设置Access-Control-Allow-Origin实现跨域访问
    Git常用命令
    ThinkPHP3.2.3批量执行sql语句(带事务)
    MySQL 百万级分页优化(Mysql千万级快速分页)
    zabbix server端与agent端源码安装 自定义监控项
    Tomcat多实例集群架构 安全优化和性能优化
    Tomcat安装应用部署及配置文件解读
  • 原文地址:https://www.cnblogs.com/gejuncheng/p/10137006.html
Copyright © 2011-2022 走看看