爲公司信息安全要求,上週配置了一臺網絡***檢測系統(NIDS),今天把安裝過程記錄下來,供自己和其它朋友們以後參考。關於本NIDS成功安裝及本文的形成,我參考了很多網上的相關文檔,具體文檔略,不過非常感謝各位前輩們的無私奉獻。
一、安裝環境操作系統:Red Hat Enterprise Linux 5.4數據庫:MySQL:mysql-5.1.46Web服務器:Apache:httpd-2.2.15WEB語言:PHP:php-5.2.13
二、安裝MySQL軟件包mysql-5.1.46.tar.gz下載地址http://dev.mysql.com/downloads/mysql/# tar -zxvf mysql-5.1.46.tar.gz //解壓縮# cd mysql-5.1.46 //進入解壓縮後的文件目錄# ./configure --prefix=/usr/local/mysql \ //設定安裝目錄--enable-thread-safe-client \ //編譯線程安全版的客戶端庫--without-debug \ //關閉debug功能# make //編譯# make install //安裝# /usr/local/mysql/bin/mysql_install_db //初始化授權表# chown –R root /usr/local/mysql //文件屬性改爲root用戶# chgrp –R root /usr/local/mysql //文件屬性改爲root用戶所屬組# /usr/local/mysql/bin/mysqld_safe --user=root & //啓動MySQL# /usr/local/mysql/bin/mysqladmin –u root password ‘123456’ //修改root用戶的密碼爲123456注:如果接下來在安裝Snort後進行配置測試時提示無法找到以下文件:libmysqlclient.so.16和mysql.sock請按照以下方法解決:1、libmysqlclient.so.16:方法1 # vi /etc/ ld.so.conf 向此文件添加以下兩行內容/usr/local/mysql/lib/mysql/usr/local/lib保存ld.so.conf退出# ldconfig方法2 # ln –s /usr/local/mysql/lib/mysql/libmysqlclient.so.16 /usr/local/lib/libmysqlclient.so.162、mysql.sock:ln –s /var/lib/mysql/mysql.sock /tmp/mysql.sock
三、安裝Apache軟件包httpd-2.2.15.tar.gz下載地址http://httpd.apache.org/download.cgi# tar -zxvf httpd-2.2.15.tar.gz# cd httpd-2.2.15# ./configure --prefix=/usr/local/apache --enable-module=most --enable-shared=max –enable-so# make# make install# /usr/local/apache/bin/apachectl start //啓動MySQL
四、安裝PHP軟件包php-5.2.13.tar.gz下載地址http://www.php.net/downloads.php# tar -zxvf php-5.2.13.tar.gz# cd php-5.2.13# ./configure –prefix=/usr/local/php \–with-mysql=/usr/local/mysql --with-apxs2=/usr/local/apache/bin/apxs --with-zlib --with-gd --enable-sockets –disable-debug# make# make install# cp php.ini-dist /usr/local/php/lib/php.ini
五、配置Apache服務的httpd.conf文件及測試1、編輯/usr/local/apache/conf/httpd.conf文件在DirectoryIndex後添加index.php在AddType application後面添加以下兩行AddType application/x-httpd-php .phpAddType applicatoin/x-httpd-php-source .phps2、重啓apache# /usr/local/apache/bin/apachectl restart3、測試寫個index.php文件放入主頁所在目錄內容如下:<?phpinfo();?>在瀏覽器中輸入http://服務器IP/如果有php的信息,則說明apache+php+mysql配置成功了,注意 gd和mysql的支持信息
六、安裝snort1、安裝pcre軟件包pcre-8.02.tar.gz下載地址http://sourceforge.net/projects/pcre/files/# tar –zxvf pcre-8.02.tar.gz# cd pcre-8.02# ./configure# make# make install2、安裝snort軟件包snort-2.4.5.tar.gz下載地址http://down1.chinaunix.net/distfiles/snort-2.4.5.tar.gz# tar -zxvf snort-2.4.5.tar.gz# cd snort-2.4.5# ./configure --with-mysql# make# make install# mkdir /etc/snort //建立snort目錄# cd etc# cp * /etc/snort //拷貝配置文件3、安裝snort rules軟件包snortrules-pr-2.4.tar.gz下載地址http://down1.chinaunix.net/distfiles/snortrules-pr-2.4.tar.gz# tar -zxvf snortrules-pr-2.4.tar.gz# cd rules# mkdir /etc/snort/rules //建立snort規則目錄# mkdir /var/log/snort //建立snort日誌目錄# cp * /etc/snort/rules //拷貝規則4、編輯/etc/snort/snort.conf文件更改var HOME_NET 192.168.6.0/24 //你的實際工作網段更改”var RULE_PATH ../rules” 爲 “var RULE_PATH /etc/snort/rules”把下面一行前面的#去掉,並改爲output database: log,mysql, user=root password=mysql密碼 dbname=snort host=localhost把以下11行前面的#號都刪除# include ?$RULE_PATH/web-attacks.rules# include ?$RULE_PATH/backdoor.rules# include ?$RULE_PATH/shellcode.rules# include ?$RULE_PATH/policy.rules# include ?$RULE_PATH/porn.rules# include ?$RULE_PATH/info.rules# include ?$RULE_PATH/icmp-info.rulesinclude ?$RULE_PATH/virus.rules# include ?$RULE_PATH/chat.rules# include ?$RULE_PATH/multimedia.rules# include ?$RULE_PATH/p2p.rules保存退出
七、建立snort數據庫及檢查數據庫和數據結構1、建立snort數據庫mysql> create database snort;mysql> grant INSERT,SELECT on snort.* to root@localhost;mysql> exit# mysql –u root -p < /usr/local/snort-2.4.5/schemas /create_mysql snort //爲snort建立數據表2、檢查數據庫和數據結構# mysql -u root -pEnter password: //mysql> exit;看到上面的表就成功了
八、安裝配置和測試acid1、軟件包acid-0.9.6b23.tar.gz下載地址http://acidlab.sourceforge.net/軟件包adodb511.tgz下載地址http://sourceforge.net/projects/adodb/files/軟件包jpgraph-1.16.tar.gz下載地址http://sourceforge.net/projects/jpgraph/files/2、安裝acid及相關支持文件把acid-0.9.6b23.tar.gz,adodb511.tgz,jpgraph-1.16.tar.gz放入網站根目錄下,我這裏是/usr/local/apache/htdocs# cd /usr/local/apache/htdocs# tar -zxvf jpgraph-1.16.tar.gz# tar -zxvf adodb511.tgz# mv jpgraph-1.16 jpgraph# mv adodb5 adodb# tar -zxvf acid-0.9.6b23.tar.gz3、編輯/usr/local/apache/htdocs/acid/acid_conf.php把“?$DBlib_path = ";” 改成“?$DBlib_path = "/usr/local/apache/htdocs/adodb”?$alert_dbname = "snort";?$alert_host = "localhost";?$alert_port = "";?$alert_user = "root";?$alert_password = "test"; //改成你的數據庫密碼?$archive_dbname = "snort";?$archive_host = "localhost";?$archive_port = "";?$archive_user = "root";?$archive_password = "test” //改成你的數據庫密碼把“?$ChartLib_path = ";” 改成“?$ChartLib_path = "/usr/local/apache/htdocs/jpgraph/src";”保存退出4、配置測試重啓apache# /usr/local/apache/bin/apachectl restart運行snort把數據寫入mysql# snort -c /etc/snort/snort.conf在瀏覽器中輸入http://你的主機地址/acid/acid_main.php,點"Setup Page"鏈接 ->Create Acid AG然後再訪問http://你的主機地址/acid/ ACID界面出現用一些掃描工具對主機進行掃描,將產生警告記錄,訪問acid,可查看記錄 RHEL5.4下Apache+php+MySQL+Snort+acid配置完成,帖幾張圖片秀一下 
本文出自 “Michael的博客” 博客,請務必保留此出處http://winos.blog.51cto.com/937089/317389