Difference between revisions of "Snort"
From Ilianko
(→snort) |
|||
| Line 17: | Line 17: | ||
*apt-get install apache2 | *apt-get install apache2 | ||
| + | |||
| + | (опция) | ||
*apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8 libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt php5-mysql phpmyadmin ttf-dejavu-core) | *apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8 libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt php5-mysql phpmyadmin ttf-dejavu-core) | ||
| + | |||
| + | създаване на потребител и база данни snort | ||
| + | *през CLI | ||
| + | #mysql –u root -p | ||
| + | mysql>CREATE USER 'snort'@'localhost' IDENTIFIED BY '***'; | ||
| + | mysql>GRANT USAGE ON * . * TO 'snort'@'localhost' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 mysql>MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; | ||
| + | |||
| + | CREATE DATABASE IF NOT EXISTS `snort` ; | ||
| + | GRANT ALL PRIVILEGES ON `snort` . * TO 'snort'@'localhost'; | ||
== snort== | == snort== | ||
Revision as of 13:11, 18 July 2013
1. Кво е снорт?!
- NIDS
2.
OS
Debian 7.1.0 wheezy on VirtualBox 4.2.16
MySQL, PHP5, Apache
- apt-get install mysql-server
- apt-get install mysql-client
- apt-get install apache2
(опция)
- apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8 libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt php5-mysql phpmyadmin ttf-dejavu-core)
създаване на потребител и база данни snort
- през CLI
#mysql –u root -p mysql>CREATE USER 'snort'@'localhost' IDENTIFIED BY '***'; mysql>GRANT USAGE ON * . * TO 'snort'@'localhost' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 mysql>MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE DATABASE IF NOT EXISTS `snort` ; GRANT ALL PRIVILEGES ON `snort` . * TO 'snort'@'localhost';
snort
- apt-get install snort
- apt-get install snort-mysql
(Database logging can be reconfigured later by running 'dpkg-reconfigure -plow snort-mysql')
Preapration
Прихващане на пакети с pcap
apt-get install libpcap0.8
build-essential php5 php5-mysql
Barnyard
Output spool reader for Snort! This program decouples output overhead from the Snort network intrusion detection system and allows Snort to run at full speed. It takes input and output plugins and can therefore be used to convert almost any spooled fil
wget http://sourceforge.net/projects/barnyard/files/latest/download tar -xf download cd barnyard
apt-get install libmysqlclient-dev ./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu/ --with-mysql-includes=/usr/include/ make make install
cp /root/barnyard-0.2.0/etc/barnyard.conf /etc/snort/
output database: log, mysql, user=snort password=<mypassword> dbname=snort host=localhost
