为公司信息安全要求,上周配置了一台网络***检测系统(NIDS),今天把安装过程记录下来,供自己和其它朋友们以后参考。关于本NIDS成功安装及本文的形成,我参考了很多网上的相关文档,具体文档略,不过非常感谢各位前辈们的无私奉献。


一、安装环境操作系统:Red Hat Enterprise Linux 5.4数据库:MySQL:mysql-5.1.46Web服务器:Apache:httpd-2.2.15WEB语言:PHP:php-5.2.13 


二、安装MySQL软件包mysql-5.1.46.tar.gz下载地址http://dev.mysql.com/downloads/mysql/# tar -zxvf mysql-5.1.46.tar.gz //解压缩# cd mysql-5.1.46 //进入解压缩后的文件目录# ./configure --prefix=/usr/local/mysql \ //设定安装目录--enable-thread-safe-client \ //编译线程安全版的客户端库--without-debug \ //关闭debug功能# make //编译# make install //安装# /usr/local/mysql/bin/mysql_install_db //初始化授权表# chown –R root /usr/local/mysql //文件属性改为root用户# chgrp –R root /usr/local/mysql //文件属性改为root用户所属组# /usr/local/mysql/bin/mysqld_safe --user=root & //启动MySQL# /usr/local/mysql/bin/mysqladmin –u root password ‘123456’ //修改root用户的密码为123456注:如果接下来在安装Snort后进行配置测试时提示无法找到以下文件:libmysqlclient.so.16和mysql.sock请按照以下方法解决:1、libmysqlclient.so.16:方法1 # vi /etc/ ld.so.conf 向此文件添加以下两行内容/usr/local/mysql/lib/mysql/usr/local/lib保存ld.so.conf退出# ldconfig方法2 # ln –s /usr/local/mysql/lib/mysql/libmysqlclient.so.16 /usr/local/lib/libmysqlclient.so.162、mysql.sock:ln –s /var/lib/mysql/mysql.sock /tmp/mysql.sock 


三、安装Apache软件包httpd-2.2.15.tar.gz下载地址http://httpd.apache.org/download.cgi# tar -zxvf httpd-2.2.15.tar.gz# cd httpd-2.2.15# ./configure --prefix=/usr/local/apache --enable-module=most --enable-shared=max –enable-so# make# make install# /usr/local/apache/bin/apachectl start //启动MySQL


 四、安装PHP软件包php-5.2.13.tar.gz下载地址http://www.php.net/downloads.php# tar -zxvf php-5.2.13.tar.gz# cd php-5.2.13# ./configure –prefix=/usr/local/php \–with-mysql=/usr/local/mysql --with-apxs2=/usr/local/apache/bin/apxs --with-zlib --with-gd --enable-sockets –disable-debug# make# make install# cp php.ini-dist /usr/local/php/lib/php.ini 


五、配置Apache服务的httpd.conf文件及测试1、编辑/usr/local/apache/conf/httpd.conf文件在DirectoryIndex后添加index.php在AddType application后面添加以下两行AddType application/x-httpd-php .phpAddType applicatoin/x-httpd-php-source .phps2、重启apache# /usr/local/apache/bin/apachectl restart3、测试写个index.php文件放入主页所在目录内容如下:<?phpinfo();?>在浏览器中输入http://服务器IP/如果有php的信息,则说明apache+php+mysql配置成功了,注意 gd和mysql的支持信息 


六、安装snort1、安装pcre软件包pcre-8.02.tar.gz下载地址http://sourceforge.net/projects/pcre/files/# tar –zxvf pcre-8.02.tar.gz# cd pcre-8.02# ./configure# make# make install2、安装snort软件包snort-2.4.5.tar.gz下载地址http://down1.chinaunix.net/distfiles/snort-2.4.5.tar.gz# tar -zxvf snort-2.4.5.tar.gz# cd snort-2.4.5# ./configure --with-mysql# make# make install# mkdir /etc/snort //建立snort目录# cd etc# cp * /etc/snort //拷贝配置文件3、安装snort rules软件包snortrules-pr-2.4.tar.gz下载地址http://down1.chinaunix.net/distfiles/snortrules-pr-2.4.tar.gz# tar -zxvf snortrules-pr-2.4.tar.gz# cd rules# mkdir /etc/snort/rules //建立snort规则目录# mkdir /var/log/snort //建立snort日志目录# cp * /etc/snort/rules //拷贝规则4、编辑/etc/snort/snort.conf文件更改var HOME_NET 192.168.6.0/24 //你的实际工作网段更改”var RULE_PATH ../rules” 为 “var RULE_PATH /etc/snort/rules”把下面一行前面的#去掉,并改为output database: log,mysql, user=root password=mysql密码 dbname=snort host=localhost把以下11行前面的#号都删除# include ?$RULE_PATH/web-attacks.rules# include ?$RULE_PATH/backdoor.rules# include ?$RULE_PATH/shellcode.rules# include ?$RULE_PATH/policy.rules# include ?$RULE_PATH/porn.rules# include ?$RULE_PATH/info.rules# include ?$RULE_PATH/icmp-info.rulesinclude ?$RULE_PATH/virus.rules# include ?$RULE_PATH/chat.rules# include ?$RULE_PATH/multimedia.rules# include ?$RULE_PATH/p2p.rules保存退出 


七、建立snort数据库及检查数据库和数据结构1、建立snort数据库mysql&gt; create database snort;mysql&gt; grant INSERT,SELECT on snort.* to root@localhost;mysql&gt; exit# mysql –u root -p < /usr/local/snort-2.4.5/schemas /create_mysql snort //为snort建立数据表2、检查数据库和数据结构# mysql -u root -pEnter password:  //mysql> exit;看到上面的表就成功了 


八、安装配置和测试acid1、软件包acid-0.9.6b23.tar.gz下载地址http://acidlab.sourceforge.net/软件包adodb511.tgz下载地址http://sourceforge.net/projects/adodb/files/软件包jpgraph-1.16.tar.gz下载地址http://sourceforge.net/projects/jpgraph/files/2、安装acid及相关支持文件把acid-0.9.6b23.tar.gz,adodb511.tgz,jpgraph-1.16.tar.gz放入网站根目录下,我这里是/usr/local/apache/htdocs# cd /usr/local/apache/htdocs# tar -zxvf jpgraph-1.16.tar.gz# tar -zxvf adodb511.tgz# mv jpgraph-1.16 jpgraph# mv adodb5 adodb# tar -zxvf acid-0.9.6b23.tar.gz3、编辑/usr/local/apache/htdocs/acid/acid_conf.php把“?$DBlib_path = ";” 改成“?$DBlib_path = "/usr/local/apache/htdocs/adodb”?$alert_dbname = "snort";?$alert_host = "localhost";?$alert_port = "";?$alert_user = "root";?$alert_password = "test"; //改成你的数据库密码?$archive_dbname = "snort";?$archive_host = "localhost";?$archive_port = "";?$archive_user = "root";?$archive_password = "test” //改成你的数据库密码把“?$ChartLib_path = ";” 改成“?$ChartLib_path = "/usr/local/apache/htdocs/jpgraph/src";”保存退出4、配置测试重启apache# /usr/local/apache/bin/apachectl restart运行snort把数据写入mysql# snort -c /etc/snort/snort.conf在浏览器中输入http://你的主机地址/acid/acid_main.php,点"Setup Page"链接 -&gt;Create Acid AG然后再访问http://你的主机地址/acid/ ACID界面出现用一些扫描工具对主机进行扫描,将产生警告记录,访问acid,可查看记录 RHEL5.4下Apache+php+MySQL+Snort+acid配置完成,帖几张图片秀一下 clip_image002clip_image004clip_image006clip_image008clip_image010

本文出自 “Michael的博客” 博客,请务必保留此出处http://winos.blog.51cto.com/937089/317389