Difference between revisions of "Snort"

From Ilianko
Line 18: Line 18:
 
*apt-get install apache2
 
*apt-get install apache2
 
*apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8  libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt php5-mysql phpmyadmin  ttf-dejavu-core)
 
*apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8  libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt php5-mysql phpmyadmin  ttf-dejavu-core)
 +
 +
== snort==
  
 
== Preapration ==
 
== Preapration ==

Revision as of 12:21, 18 July 2013

1. Кво е снорт?!

  • NIDS

2.

OS

Debian 7.1.0 wheezy on VirtualBox 4.2.16


MySQL, PHP5, Apache

  • apt-get install mysql-server
  • apt-get install mysql-client
  • apt-get install apache2
  • apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8 libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt php5-mysql phpmyadmin ttf-dejavu-core)

snort

Preapration

Прихващане на пакети с pcap

apt-get install libpcap0.8

build-essential php5 php5-mysql


Barnyard

Output spool reader for Snort! This program decouples output overhead from the Snort network intrusion detection system and allows Snort to run at full speed. It takes input and output plugins and can therefore be used to convert almost any spooled fil

wget http://sourceforge.net/projects/barnyard/files/latest/download
tar -xf download
cd barnyard
apt-get install libmysqlclient-dev
./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu/ --with-mysql-includes=/usr/include/
make
make install
cp /root/barnyard-0.2.0/etc/barnyard.conf /etc/snort/


output database: log, mysql, user=snort password=<mypassword> dbname=snort host=localhost