第一篇文章就這麼沉重,裝了這些花費我好幾天,my god。。。 現在把我安裝的過程以及遇到的一些問題和大家一起分享一下!
當然,安裝這些要下載一部分軟件,下載地址:http://sourceforge.net/
一、安裝mysql
我用到的是這三個安裝包:
MySQL-client-community-5.0.77-0.rhel5.i386.rpm
MySQL-server-community-5.0.77-0.rhel5.i386.rpm
MySQL-devel-community-5.0.77-0.rhel5.i386.rpm
這步很重要,因爲之前服務器上有mysql,我就沒重新安裝,結果在後來安裝php的時候遇到很多難以解決的問題。。。最後,解決的方法是。。。重新安裝mysql,由此走了很多彎路
首先用
rpm -qa | grep mysql
查找原系統中有關mysql的安裝包,然後用
rpm -e --nodeps mysql...
(mysql...此處是指在上一步中找的含mysql的安裝包的名字),全部卸掉;再查找
find / -name mysql
找到後全部刪掉(我是這麼做的,應該沒什麼影響)
其次 就是重新安裝mysql了,將下好的三個安裝包放在 /root 下,依次用以下命令安裝就可以了
rpm -ivh MySQL-server-community-5.0.77-0.rhel5.i386.rpm
rpm -ivh MySQL-client-community-5.0.77-0.rhel5.i386.rpm
rpm -ivh MySQL-devel-community-5.0.77-0.rhel5.i386.rpm
最後 測試一下mysql是否安裝成功,用下面命令
mysql
如果出現“mysql>”,恭喜! 安裝成功!
由於剛安裝好,默認是沒有密碼的。我們可以再給mysql加一個密碼123456,命令如下:
/usr/bin/mysqladmin -u root password 123456
再測試一下密碼是否設置成功
mysql -u root -p
Enter password: (輸入修改後的密碼123456)
如果沒什麼問題的話,應該出現“mysql>”
至此,mysql安裝告一段落。
二、安裝apache
我用的服務器上面自帶有apache,但我還是選擇了刪掉(查找“apache”“httpd”),然後重裝。用到的是這個安裝包 httpd-2.0.55.tar.gz
同樣,放在 /root 下,依次用以下5條命令完成安裝
tar -zxvf httpd-2.0.55.tar.gz
cd httpd-2.0.55
./configure --prefix=/usr/local/apache --enable-so
make
make install
然後開啓apache服務,命令如下
/usr/local/apache/bin/apachectl start
然後打開IE,輸入 http://192.***.***.***/(192.***.***.***爲服務器地址),你將會看到apache的頁面! 恭喜,apache你也安裝好了!
三、安裝php
將 php-5.2.9.tar.bz2 放在"/root"目錄下
# cd
# tar -xvjf php-5.2.9.tar.bz2
# cd php-5.2.9
# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-mysql --with-zlib --with-jpeg --with-gd --with-png --enable-track-vars --enable-sockets --disable-debug
# make
# make install
# cp php.ini-dist /usr/local/lib/php.ini
編輯 /usr/local/lib/php.ini 文件
把register_globals = Off改爲register_globals = On
保存退出
編輯/usr/local/apache/conf/httpd.conf文件
在DirectoryIndex index.html index.html.var後面加上index.php
在AddType application/x-gzip .gz .tgz
後面加上兩行
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
檢查有沒有LoadModule php5_module modules/libphp5.so這行
沒有的話自己加上
接下來要做的是將apache安裝爲系統服務
# cp /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/httpd
然後 vi /etc/rc.d/init.d/httpd 添加(#!/bin/sh下面)
# chkconfig: 2345 50 90
# description: Activates/Deactivates Apache Web Server
最後,運行chkconfig把Apache添加到系統的啓動服務組裏面:
# chkconfig --add httpd
# chkconfig httpd on
然後再
# service httpd start
寫個index.php文件放入主頁所在目錄,默認的應該是 /usr/local/apache/htdocs
內容如下:
<?
phpinfo();
?>
保存退出。
重啓apache
# /usr/local/apache/bin/apachectl restart
在瀏覽器中輸入http://192.***.***.***/index.php
若出現php的主頁,恭喜,php安裝成功!
四、安裝snort
在安裝snort前,先查看一下系統有沒有pcap
rpm -qa | grep pcap
應該出現兩個安裝包。如下
libpcap-devel-***
libpcap-***
若沒有,則下載,我安裝的是
libpcap-0.8.1-351.tar.gz
libpcap-devel-0.9.4-12.el5.i386.rpm
安裝如下:(文件均在 /root 目錄下)
# tar -zxvf libpcap-0.8.1-351.tar.gz
# cd libpcap-0.8.1
# ./configure --prefix=/usr/local/libpcap
# make
# make install
# cd
# rpm -ivh libpcap-devel-0.9.4-12.el5.i386.rpm
從snort官方網站下載最新版snort-2.8.3.2.tar.gz,放到"/root"目錄下
tar -zxvf snort-2.8.3.2.tar.gz
cd snort-2.8.3.2
./configure --prefix=/usr/local/snort --with-mysql --with-libpcap-libraries=/usr/local/libpcap/lib --with-libpcap-includes=/usr/local/libpcap/include (注意路徑要與實際的對應,用的時候最好先查找一下libpcap安裝在哪個目錄下)
make
make install
創建snort的配置文件目錄
# mkdir /etc/snort
# mkdir /var/log/snort
在snort源代碼目錄(/root/snort-2.8.3.2)下執行如下指令,複製默認的配置文件:
# cp etc/* /etc/snort/
下載snort規則 snortrules-snapshot-CURRENT.tar.gz 並解壓縮(在http://www.snort.org/ 註冊就可以下載到)
# cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
# cd /etc/snort/
# tar -zxvf snortrules-snapshot-CURRENT.tar.gz
測試snort的安裝:
# /usr/local/snort/bin/snort -V
若出現以下內容則表示安裝成功:
,,_ -*> Snort! <*-
o" )~ Version 2.8.3.2 (Build 22)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2008 Sourcefire Inc., et al.
Using PCRE version: 6.6 06-Feb-2006
創建snort存放日誌需要的mysql數據庫和數據庫用戶:
mysql -u root -p
mysql>create database snort;
mysql>use snort;
mysql>source /root/snort-2.8.3.2/schemas/create_mysql;(後邊的文件是snort源碼目錄下的建表文件)
mysql>grant all privileges on snort.* to [email protected] identified by '123456';
mysql> flush privileges;
配置/etc/snort/snort.conf:
修改:
var RULE_PATH ../rules
爲:
var RULE_PATH /etc/snort/rules
修改:
# output database: log, mysql, user=root password=test dbname=db host=localhost
爲:
output database: log, mysql, user=root password=123456 dbname=snort host=192.168.101.214
修改:
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
爲:
dynamicpreprocessor directory /usr/local/snort/lib/snort_dynamicpreprocessor/
修改:
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
爲:
dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so
測試snort的安裝與配置:
/usr/local/snort/bin/snort -c /etc/snort/snort.conf,如果輸出:
[ Port Based Pattern Matching Memory ]
+-[AC-BNFA Search Info Summary]------------------------------
| Instances : 249
| Patterns : 43581
| Pattern Chars : 410911
| Num States : 136291
| Num Match States : 15385
| Memory : 4.17Mbytes
| Patterns : 1.22M
| Match Lists : 1.11M
| Transitions : 1.77M
+-------------------------------------------------
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.8.3.1 (Build 17)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2008 Sourcefire Inc., et al.
Using PCRE version: 6.6 06-Feb-2006
Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.9 <Build 15>
Preprocessor Object: SF_DCERPC Version 1.1 <Build 4>
Preprocessor Object: SF_SSH Version 1.1 <Build 1>
Preprocessor Object: SF_SSLPP Version 1.1 <Build 2>
Preprocessor Object: SF_DNS Version 1.1 <Build 2>
Preprocessor Object: SF_Dynamic_Example_Preprocessor Version 1.0 <Build 1>
Preprocessor Object: SF_SMTP Version 1.1 <Build 7>
Preprocessor Object: SF_FTPTELNET Version 1.1 <Build 10>
Not Using PCAP_FRAMES
恭喜,snort安裝配置ok了!若想退出snort,使用Ctrl+C即可。
五、base的安裝
[root@s204 ~]# tar -zxvf base-1.4.1.tar.gz
首先要安裝base使用的的pear模塊:
[root@s204 ~]# find / -name pear
/tmp/pear
/usr/local/php/bin/pear
/root/php-5.2.9/pear
/root/adodb/pear
然後進入安裝php的那個文件夾
[root@s204 ~]# cd /usr/local/php/bin/
[root@s204 bin]# ./pear upgrade pear (更新失敗也沒關係,繼續下面的步驟)
[root@s204 bin]# ./pear install Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman(四個將被成功安裝)
[root@s204 bin]# cd
[root@s204 ~]# cd base-php4/(進入BASE的解壓縮目錄)
[root@s204 ~]# cp world_map6.png world_map6.txt /usr/local/php/lib/php/Image/Graph/Images/Maps(注意,cp前先查找一下Maps的實際目錄)
其次需要安裝adodb:
將下載到的 adodb507.gz 放到 "/usr/local/apache/htdocs" 目錄中
[root@s204 www]# tar -zxvf adodb507.gz
[root@s204 www]# mv adodb5 adodb
最後安裝base:
# cd
# mv base-php4/ base
# cp -r base/ /usr/local/apache/htdocs/
# cd /usr/local/apache/htdocs/base/
# cp base_conf.php.dist base_conf.php
修改base_conf.php中的響應內容:
$BASE_urlpath = "/base";
$DBlib_path = "/usr/local/apache/htdocs/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "192.***.***.***";
$alert_port = ''; //此行不改
$alert_user = "root";
$alert_password = "123456";
修改BASE內的符號連接:
# rm /usr/local/apache/htdocs/base/signatures (刪除原來的符號連接)
# ln -s /etc/snort/doc/signatures /usr/local/apache/htdocs/base/signatures (創建新的符號連接)
運行BASE:
http://192.***.***.***/base,頁面中會提示:The database version is valid, but the BASE DB structure (table: acid_ag)is not present. Use the Setup page
to configure and optimize the DB.
點擊:Setup page 創建對應的數據庫表。
(注意:在運行base主頁的時候,可能會出現帶有“mail"的錯誤,後面顯示的是29,30兩行。然後找到相應的文件,將其註釋掉就可以了。再有,我安裝的時候,若顯示中文界面,則會出現問題,無奈,又換了回來)
修改base_conf.php中:(中文界面!)
$BASE_Language = 'english';
爲:
$BASE_Language = 'simplified_chinese';
測試snort+base
啓動snort
# /usr/local/snort/bin/snort -c /etc/snort/snort.conf
一段時間後即可看到base的界面中已經有數據顯示。
將snort的啓動命令(/usr/local/snort/bin/snort -c /etc/snort/snort.conf &)放入/etc/rc.local文件的最後,使開機後自動以後臺方式運行snort。將snort主機所連接的交換機的接口配置爲鏡像口,以使snort能夠監聽到全網的數據包。