為公司資訊安全要求,上周配置了一台網絡入侵檢測系統(NIDS),今天把安裝過程記錄下來,供自己和其它朋友們以後參考。
關于本NIDS成功安裝及本文的形成,我參考了很多網上的相關文檔,具體文檔略,不過非常感謝各位前輩們的無私奉獻。
<b>一、安裝環境</b>
作業系統:Red Hat Enterprise Linux 5.4
資料庫:MySQL:mysql-5.1.46
Web伺服器:Apache:httpd-2.2.15
WEB語言:PHP:php-5.2.13
<b>二、安裝MySQL</b>
軟體包mysql-5.1.46.tar.gz
下載下傳位址http://dev.mysql.com/downloads/mysql/
# tar -zxvf mysql-5.1.46.tar.gz //解壓縮
# cd mysql-5.1.46 //進入解壓縮後的檔案目錄
# ./configure --prefix=/usr/local/mysql \ //設定安裝目錄
--enable-thread-safe-client \ //編譯線程安全版的用戶端庫
--without-debug \ //關閉debug功能
# make //編譯
# make install //安裝
# /usr/local/mysql/bin/mysql_install_db //初始化授權表
# chown –R root /usr/local/mysql //檔案屬性改為root使用者
# chgrp –R root /usr/local/mysql //檔案屬性改為root使用者所屬組
# /usr/local/mysql/bin/mysqld_safe --user=root & //啟動MySQL
# /usr/local/mysql/bin/mysqladmin –u root password ‘123456’ //修改root使用者的密碼為123456
注:如果接下來在安裝Snort後進行配置測試時提示無法找到以下檔案:libmysqlclient.so.16和mysql.sock
請按照以下方法解決:
1、libmysqlclient.so.16:
方法1 # vi /etc/ ld.so.conf 向此檔案添加以下兩行内容
/usr/local/mysql/lib/mysql
/usr/local/lib
儲存ld.so.conf退出
# ldconfig
方法2 # ln –s /usr/local/mysql/lib/mysql/libmysqlclient.so.16 /usr/local/lib/libmysqlclient.so.16
2、mysql.sock:
ln –s /var/lib/mysql/mysql.sock /tmp/mysql.sock
<b>三、安裝Apache</b>
軟體包httpd-2.2.15.tar.gz
下載下傳位址http://httpd.apache.org/download.cgi
# tar -zxvf httpd-2.2.15.tar.gz
# cd httpd-2.2.15
# ./configure --prefix=/usr/local/apache --enable-module=most --enable-shared=max –enable-so
# make
# make install
# /usr/local/apache/bin/apachectl start //啟動MySQL
<b>四、安裝PHP</b>
軟體包php-5.2.13.tar.gz
下載下傳位址http://www.php.net/downloads.php
# tar -zxvf php-5.2.13.tar.gz
# cd php-5.2.13
# ./configure –prefix=/usr/local/php \
–with-mysql=/usr/local/mysql --with-apxs2=/usr/local/apache/bin/apxs --with-zlib --with-gd --enable-sockets –disable-debug
# cp php.ini-dist /usr/local/php/lib/php.ini
<b>五、配置Apache</b><b>服務的httpd.conf</b><b>檔案及測試</b>
1、編輯/usr/local/apache/conf/httpd.conf檔案
在DirectoryIndex後添加index.php
在AddType application後面添加以下兩行
AddType application/x-httpd-php .php
AddType applicatoin/x-httpd-php-source .phps
2、重新開機apache
# /usr/local/apache/bin/apachectl restart
3、測試
寫個index.php檔案放入首頁所在目錄
内容如下:
<?
phpinfo();
?>
在浏覽器中輸入http://伺服器IP/
如果有php的資訊,則說明apache+php+mysql配置成功了,注意 gd和mysql的支援資訊
<b>六、安裝snort</b>
1、安裝pcre
軟體包pcre-8.02.tar.gz
下載下傳位址http://sourceforge.net/projects/pcre/files/
# tar –zxvf pcre-8.02.tar.gz
# cd pcre-8.02
# ./configure
2、安裝snort
軟體包snort-2.4.5.tar.gz
下載下傳位址http://down1.chinaunix.net/distfiles/snort-2.4.5.tar.gz
# tar -zxvf snort-2.4.5.tar.gz
# cd snort-2.4.5
# ./configure --with-mysql
# mkdir /etc/snort //建立snort目錄
# cd etc
# cp * /etc/snort //拷貝配置檔案
3、安裝snort rules
軟體包snortrules-pr-2.4.tar.gz
下載下傳位址http://down1.chinaunix.net/distfiles/snortrules-pr-2.4.tar.gz
# tar -zxvf snortrules-pr-2.4.tar.gz
# cd rules
# mkdir /etc/snort/rules //建立snort規則目錄
# mkdir /var/log/snort //建立snort日志目錄
# cp * /etc/snort/rules //拷貝規則
4、編輯/etc/snort/snort.conf檔案
更改var HOME_NET 192.168.6.0/24 //你的實際工作網段
更改”var RULE_PATH ../rules” 為 “var RULE_PATH /etc/snort/rules”
把下面一行前面的#去掉,并改為
output database: log,mysql, user=root password=mysql密碼 dbname=snort host=localhost
把以下11行前面的#号都删除
# include ?$RULE_PATH/web-attacks.rules
# include ?$RULE_PATH/backdoor.rules
# include ?$RULE_PATH/shellcode.rules
# include ?$RULE_PATH/policy.rules
# include ?$RULE_PATH/porn.rules
# include ?$RULE_PATH/info.rules
# include ?$RULE_PATH/icmp-info.rules
include ?$RULE_PATH/virus.rules
# include ?$RULE_PATH/chat.rules
# include ?$RULE_PATH/multimedia.rules
# include ?$RULE_PATH/p2p.rules
儲存退出
<b>七、建立snort</b><b>資料庫及檢查資料庫和資料結構</b>
1、建立snort資料庫
mysql&gt; create database snort;
mysql&gt; grant INSERT,SELECT on snort.* to root@localhost;
mysql&gt; exit
# mysql –u root -p < /usr/local/snort-2.4.5/schemas /create_mysql snort //為snort建立資料表
2、檢查資料庫和資料結構
# mysql -u root -p
Enter password: //輸入root密碼
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.46 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
| information_schema |
| mysql |
| snort |
| test |
4 rows in set (0.02 sec)
mysql> use snort;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+------------------+
| Tables_in_snort |
| data |
| detail |
| encoding |
| event |
| icmphdr |
| iphdr |
| opt |
| reference |
| reference_system |
| schema |
| sensor |
| sig_class |
| sig_reference |
| signature |
| tcphdr |
| udphdr |
16 rows in set (0.00 sec)
mysql> exit;
看到上面的表就成功了
<b>八、安裝配置和測試acid</b>
1、軟體包acid-0.9.6b23.tar.gz
下載下傳位址http://acidlab.sourceforge.net/
軟體包adodb511.tgz
下載下傳位址http://sourceforge.net/projects/adodb/files/
軟體包jpgraph-1.16.tar.gz
下載下傳位址http://sourceforge.net/projects/jpgraph/files/
2、安裝acid及相關支援檔案
把acid-0.9.6b23.tar.gz,adodb511.tgz,jpgraph-1.16.tar.gz放入網站根目錄下,我這裡是/usr/local/apache/htdocs
# cd /usr/local/apache/htdocs
# tar -zxvf jpgraph-1.16.tar.gz
# tar -zxvf adodb511.tgz
# mv jpgraph-1.16 jpgraph
# mv adodb5 adodb
# tar -zxvf acid-0.9.6b23.tar.gz
3、編輯/usr/local/apache/htdocs/acid/acid_conf.php
把“?$DBlib_path = ";” 改成“?$DBlib_path = "/usr/local/apache/htdocs/adodb”
?$alert_dbname = "snort";
?$alert_host = "localhost";
?$alert_port = "";
?$alert_user = "root";
?$alert_password = "test"; //改成你的資料庫密碼
?$archive_dbname = "snort";
?$archive_host = "localhost";
?$archive_port = "";
?$archive_user = "root";
?$archive_password = "test” //改成你的資料庫密碼
把“?$ChartLib_path = ";” 改成“?$ChartLib_path = "/usr/local/apache/htdocs/jpgraph/src";”
4、配置測試
重新開機apache
運作snort把資料寫入mysql
# snort -c /etc/snort/snort.conf
在浏覽器中輸入
http://你的主機位址/acid/acid_main.php,點"Setup Page"連結 -&gt;Create Acid AG
然後再通路http://你的主機位址/acid/ ACID界面出現
用一些掃描工具對主機進行掃描,将産生警告記錄,通路acid,可檢視記錄
<b>RHEL5.4</b><b>下Apache+php+MySQL+Snort+acid</b><b>配置完成,帖幾張圖檔秀一下</b>
<a href="http://winos.blog.51cto.com/attachment/201005/18/937089_1274156878y6tc.jpg"></a>
<a href="http://winos.blog.51cto.com/attachment/201005/18/937089_1274156881XRF2.jpg"></a>
<a href="http://winos.blog.51cto.com/attachment/201005/18/937089_1274156884PN6Z.jpg"></a>
<a href="http://winos.blog.51cto.com/attachment/201005/18/937089_1274156902F2IA.jpg"></a>
<a href="http://winos.blog.51cto.com/attachment/201005/18/937089_1274156906XIAv.jpg"></a>
本文轉自 linuxos 51CTO部落格,原文連結:http://blog.51cto.com/winos/317389,如需轉載請自行聯系原作者
![Windows下配置Apache的SSL服務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)