集成环境
Nginx0.8
PHP5.3
snort2.9
Mysql
ADODB
ACID
 
安装前的准备

PHP,nginx或apache,phpmyadmin,mysql,ACID,ADODB,[Barnyard2]

libpcap,libnet,libdnet,daq,snort,[BASE]  ,

 {mcrypt  libmcrypt  libcrypt}phpmyadmin支持)

PHP 支持库
[jpgraph] 、gd、freetype、zlib、libxml2、libpng

*libpcap包需要1.0以上版本
*如编译安装则libpcap、libnet、libdnet须安装devel版

拷贝php配置文件

Php5.2

cp php.ini-dist /usr/local/lib/php.ini

php5.3

cp php.ini-production /usr/local/php/php.ini

 
安装路线
Nginx-----PHP+支持库-----Mysql------phpMyAdmin------snort+支持库-----Adodb-----ACID----jpgrapg
 
 
1.nginx的修改
groupadd www
useradd   -g www www
 
---------------
user:www
group:www
 
server
     {
         listen          8090;
         server_name        phpMyAdmin.vspace.tk;
         root           /ext/web/phpMyAdmin;
         index           index.php;
 
 
         location ~ \.php$
         {
             fastcgi_pass       127.0.0.1:9000;
             fastcgi_index       index.php;
             fastcgi_param       SCRIPT_FILENAME /ext/web/phpMyAdmin$fastcgi_script_name;
             include          fastcgi_params;
         }
     }
 
   server
     {
         listen          9090;
         server_name        snort.vspace.tk;
         root           /ext/web/snort;
         index           index.php;
 
 
         location ~ \.php$
         {
             fastcgi_pass       127.0.0.1:9000;
             fastcgi_index       index.php;
             fastcgi_param       SCRIPT_FILENAME /ext/web/snort$fastcgi_script_name;
             include          fastcgi_params;
         }
 
     }
 
----------------
chown -R /ext/web
 
2.PHP configure
./configure --prefix=/usr/local/php 
 --with-gb 
--with-jpeg
--with-zlib 
--with-png 
--with-freetype  
--with-mysql=/usr/local/mysql 
--enbale-fpm 
--with-mcrypt
 
*PHP5.3.3以后原生支持fpm,不需要另外打补丁包
 
3. php.ini安全性修改
cp php.ini-disk /usr/local/lib/php.ini
 
open_basedir=/ext/web  #
magic_quotes_goc = Off
file_upload = Off
 
4.关闭Selinux
vim /etc/selinux/config
SELINUX = disableed
 
5.PHP test
<?php
phpinfo()
?>
 
6.mysql
groupadd mysql
useradd -g mysql mysql
chown -R mysql /usr/local/mysql/var
chgrp -R mysql /usr/local/mysql
 
mysql -u root
mysql>delete from mysql.user where User = '';
mysql>flush Privileges;
 
mysqladmin -u root -p password [新密码]
mysql -u root
mysql>set password foe 'root'@'localhost' =password('新密码');
7.mysql配置
mysql>create database snortdb;
mysql>create database snort_archivedb;
mysql>set password for 'snort'@'localhost'=password('');
mysql>grant create,insert,select,delete,update on snortdb. * to snort@localhost;
mysql>grant create,inset,select,delete,update on snort_archivedb. * to snort@localhost;
 
*也可以使用phpmyadmin来进行以上操作
 
8.修改snort.conf
最后添加
output database:log,mysql,user=root password = 1111 dbname=snort host=localhost
 
9.adodb和ACID配置
cp adodb ACID /ext/web/snort
 
adodb.inc.php
$ADODB_DIR = dirname('/ext/web/snort/adodb5');
 
acid
chmod 755 /ext/web/snort/acid
chmod 644 /ext/web/snort/acid/*
 
acid_conf.php
$alert_dbname   = "snortdb";
$alert_host    = "localhost";
$alert_port    = "";
$alert_user    = "snort";
$alert_password = "snort";
 
/* Archive DB connection parameters */
$archive_dbname   = "snort_archivedb";
$archive_host    = "localhost";
$archive_port    = "";
$archive_user    = "snort";
$archive_password = "snort";
 
?  mysql>set password for "acid"@"localhost"=OLD_PASSWORD("111111");
 
测试:http://localhost:9090/acid/acid_db_setup.php