一、安装Snort
1.安装libpcap
1
|
apt- get install libpcap-dev
|
2.安装snort
1
2
|
apt- get install snort
apt- get install snort-mysql
|
3.创建数据库及用户
1
2
3
4
5
|
mysql> CREATE DATABASE snort; mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort@localhost; mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort; mysql> SET PASSWORD FOR snort@localhost=PASSWORD( 'snort-db' ); //此处snort-db为密码
mysql> exit |
4.创建数据库表结构
1
2
|
$ cd /usr/share/doc/snort-mysql $ zcat create_mysql.gz | mysql -u snort -D snort -psnort-db |
5.设置 snort 把 log 文件输出到 MySQL 数据库中
1
|
$ sudo vi /etc/snort/snort.conf |
1)将 "ipvar HOME_NET any"更换为"ipvar HOME_NET 192.168.0.0/16"
2)将"ipvar EXTERNAL_NET any"注释掉
3)将"ipvar EXTERNAL_NET !$HOME_NET"注释去掉
4)将日志输出设置到 MySQL 数据库中,如下所示:
1
|
output database: log, mysql, dbname=snort user=snort password=snort-db host=localhost |
1
|
$ sudo vi /etc/snort/database.conf |
1)注释掉第一行
2)添加
1
|
output database: log, mysql, dbname=snort user=snort password=snort-db host=localhost |
6.配置snort
1
|
snort -g snort -c /etc/snort/snort.conf |
7.启动snort
1
|
service snort start |
二、安装和配置 acid-base
1
2
|
apt- get install php5-adodb
apt- get install acidbase
|
3.修改acidbase apache配置文件
1
|
vi /etc/apache2/conf.d/acidbase.conf |
修改为
1
2
3
4
5
6
7
8
9
10
11
12
|
<DirectoryMatch /usr/share/acidbase/> Options FollowSymLinks
#AllowOverride None
#order deny,allow
#deny from all
allow from 221.13 . 130.115
<IfModule mod_php5.c>
php_flag magic_quotes_gpc Off
php_flag track_ var s On
php_value include_path .:/usr/share/php
</IfModule>
</DirectoryMatch> |
3.添加可执行php的目录
1
|
vi /etc/php5/apache2/php.ini |
1
|
open_basedir = "/var/ftp/public/:/var/tmp/:/tmp/:/usr/share/acidbase:/etc/acidbase/:/usr/share/php/adodb/"
|
4.重启apache
1
|
service apache2 restart |