1、需要準備的系統包如下(在RHEL5.4的光盤中都能找到)
1)zlib
2)libpcap
3)libxml2
4)libpng
5)gd
6)perl-DBI
2、所有的tar包我都拷貝到了/usr/local/src這個目錄下:
[root@rhel5 DBD-mysql-3.0002]# make
[root@rhel5 DBD-mysql-3.0002]# make install
5、安裝snort
[root@rhel5 DBD-mysql-3.0002]# cd /usr/local/src
[root@rhel5 src]# tar zxf snort-2.8.4.1.tar.gz
[root@rhel5 src]# cd snort-2.8.4.1
1) Snort調用mysql
[root@rhel5 snort-2.8.4.1]# ./configure --with-mysql=/usr/local/mysql
1) 執行make
[root@rhel5 snort-2.8.4.1]#make
2) 執行make install
[root@rhel5 snort-2.8.4.1]#make instal
4)創建配置文件目錄
[root@rhel5 snort-2.8.4.1]# mkdir /etc/snort
5)日誌目錄
[root@rhel5 snort-2.8.4.1]# mkdir /var/log/snort
6)安裝snort規則
[root@rhel5 src]# tar zxf snortrules-snapshot-2860.tar.gz
[root@rhel5 src]# tar zxf snortrules-snapshot-CURRENT.tar.gz
[root@rhel5 src]# mv rules/ /etc/snort
[root@rhel5 etc]# cp * /etc/snort/
[root@rhel5 etc]# ll /etc/snort
7)修改/etc/snort/snort.conf文件
監聽的本地網段
Rules的路徑
修改用戶,密碼,以及主機名,還有就是把前面的#號去掉
保存退出
8)創建snort數據庫
##賦予root用戶遠程密碼123
##用root用戶遠程登錄mysql,輸入密碼(111111)
[root@rhel5 /]# /usr/local/mysql/bin/mysqladmin -u root password 111111
[root@rhel5 /]# /usr/local/mysql/bin/mysql -u root –p
mysql> SET PASSWORD FOR root@localhost=PASSWORD('111111');
mysql> create database snort;
mysql> connect snort;
mysql> source /usr/local/src/snort-2.8.4.1/schemas/create_mysql;
執行下列命令:
mysql>grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;
Query OK, 0 rows affected (0.00 sec)
mysql>grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges; ##刷新
Query OK, 0 rows affected (0.01 sec)
退出數據庫,啓動snort
[root@rhel5 ~]# snort -c /etc/snort/snort.conf
看到以上信息,說明snort基本上安裝OK!!
6、安裝apache
[root@rhel5 ~]# cd /usr/local/src
[root@rhel5 src]# tar zxf httpd-2.2.15.tar.gz
[root@rhel5 src]# cd httpd-2.2.15
[root@rhel5 httpd-2.2.15]# ./configure --prefix=/usr/local/apache --enable-module=ssl --enable-module=so
[root@rhel5 httpd-2.2.15]# make
[root@rhel5 httpd-2.2.15]# make install
1) 啓動apache
[root@rhel5 httpd-2.2.15]# /usr/local/apache/bin/apachectl start
查看端口信息:(這裏的tcp鏈接呢是有80的,說明我們Apache安裝成功)
[root@rhel5 httpd-2.2.15]# netstat -tnl
從上圖中,我們還可以看到3306端口是mysql的端口
7)安裝PHP
[root@rhel5 src]# tar zxf php-5.2.13.tar.gz
[root@rhel5 src]# cd php-5.2.13
[root@rhel5 php-5.2.13]# ./configure \
>--prefix=/usr/local/php \
>--with-mysql=/usr/local/mysql \
>--with-apxs2=/usr/local/apache/bin/apxs \
> --with-gd \
>--with-zlib
[root@rhel5 php-5.2.13]# make
[root@rhel5 php-5.2.13]# make install 1)複製配置文件 [root@rhel5 php-5.2.13]# cp php.ini-dist /usr/local/bin/php.ini 2)修改apache配置文件 使其能夠識別.PHP結尾的網頁文件 [root@rhel5 php-5.2.13]# echo "AddType application/x-httpd-php .php">> /usr/local/apache/conf/httpd.conf 3) 重啓Apache 服務 [root@rhel5 php-5.2.13]# /usr/local/apache/bin/apachectl stop [root@rhel5 php-5.2.13]# /usr/local/apache/bin/apachectl start 4) 寫一個php的測試頁 [root@rhel5 php-5.2.13]# vi /usr/local/apache/htdocs/index.php
<?
echo "where to use PHP test page!"; mysql_connect ("localhost","root","111111"); mysql_query ("create database test01;"); ?> 5)在遊覽其中輸入http://IP地址/index.php:如下圖所示: 6)登陸到mysql看看數據庫中是否建立了test01這個數據庫 [root@rhel5 /]# /usr/local/mysql/bin/mysql -u root -p mysql> show databases; 8、安裝acid+adodb+jpgraph [root@rhel5 src]# tar zxf acid-0.9.6b23.tar.gz [root@rhel5 src]# tar zxf adodb511.tgz [root@rhel5 src]# tar zxf jpgraph-3.0.7.tar.gz [root@rhel5 src]# mv acid /usr/local/apache/htdocs/ [root@rhel5 src]# mv adodb5 /usr/local/apache/htdocs/adodb [root@rhel5 src]# mv jpgraph-3.0.7 /usr/local/apache/htdocs/jpgraph 這裏呢,我是剪切過去的,但adodb5 和jpgraph-1.27是剪切後改名字爲adodb 和jpgraph 修改acid的配置文件 修改數據庫名字,端口默認那就好了,用戶名 ,已經用戶密碼 /usr/local/mysql/bin/mysqld_safe --user=mysql & snort -d -D -c /etc/snort/snort.conf /usr/local/apache/bin/apachectl start 這些命令呢。我們可以寫入/etc/rc.local 讓它開機自動運行 9登陸到acid控制檯 1)打開瀏覽器 輸入http://你的ip地址/acid/acid_main.php,選擇setup page
2)選擇“Create ACID AG ”按鈕
3)可以看到已經成功安裝了 4)點擊 “Home”,返回ACID控制檯的首頁,在這裏就可以看到具體的一些信息了:
好了,一個簡單的snort搭建就結束了,對snort的深入研究估計還要等一段時間,如果大家需要以上的軟件包,請留下郵箱(確保你的郵箱可以接收超過50M的郵件!!!)