Difference between revisions of "Snort"
(→snort) |
|||
| Line 1: | Line 1: | ||
| − | + | == NIDS Snort == | |
| − | |||
| − | + | ==Инсталация == | |
| − | ==OS== | + | ===OS=== |
Debian 7.1.0 wheezy | Debian 7.1.0 wheezy | ||
on VirtualBox 4.2.16 | on VirtualBox 4.2.16 | ||
| − | |||
| − | |||
===MySQL, PHP5, Apache === | ===MySQL, PHP5, Apache === | ||
| + | За по-лесен достъп и структуриране на получените данни | ||
*apt-get install mysql-server | *apt-get install mysql-server | ||
*apt-get install mysql-client | *apt-get install mysql-client | ||
| + | *apt-get install apache2 | ||
| − | *apt-get install | + | *apt-get install php5 linapache2-mod-php5 php5-mysql |
| − | + | За по лесно управление на базата данни - не задължително | |
| − | *apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8 libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt | + | *apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8 libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt phpmyadmin ttf-dejavu-core) |
създаване на потребител и база данни snort | създаване на потребител и база данни snort | ||
| Line 29: | Line 28: | ||
mysql>GRANT ALL PRIVILEGES ON `snort` . * TO 'snort'@'localhost'; | mysql>GRANT ALL PRIVILEGES ON `snort` . * TO 'snort'@'localhost'; | ||
| − | == snort== | + | === snort === |
| + | Debian има компилиран пакет. Ако е нужна по-нова версия, трябва да се изтегли изходния код от http://www.snort.org/snort-downloads | ||
*apt-get install snort | *apt-get install snort | ||
Revision as of 05:44, 19 July 2013
Contents
NIDS Snort
Инсталация
OS
Debian 7.1.0 wheezy on VirtualBox 4.2.16
MySQL, PHP5, Apache
За по-лесен достъп и структуриране на получените данни
- apt-get install mysql-server
- apt-get install mysql-client
- apt-get install apache2
- apt-get install php5 linapache2-mod-php5 php5-mysql
За по лесно управление на базата данни - не задължително
- apt-get install phpmyadmin (dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg8 libltdl7 libmcrypt4 libpng12-0 php5-gd php5-mcrypt phpmyadmin ttf-dejavu-core)
създаване на потребител и база данни snort
- през CLI
#mysql –u root -p mysql>CREATE USER 'snort'@'localhost' IDENTIFIED BY '***'; mysql>GRANT USAGE ON * . * TO 'snort'@'localhost' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0; mysql>CREATE DATABASE IF NOT EXISTS `snort` ; mysql>GRANT ALL PRIVILEGES ON `snort` . * TO 'snort'@'localhost';
snort
Debian има компилиран пакет. Ако е нужна по-нова версия, трябва да се изтегли изходния код от http://www.snort.org/snort-downloads
- apt-get install snort
- apt-get install snort-mysql
(Database logging can be reconfigured later by running 'dpkg-reconfigure -plow snort-mysql')
Създаване на таблиците в базата данни:
cd /usr/share/doc/snort-mysql/ zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
Preapration
Прихващане на пакети с pcap
apt-get install libpcap0.8
build-essential php5 php5-mysql
Barnyard
Output spool reader for Snort! This program decouples output overhead from the Snort network intrusion detection system and allows Snort to run at full speed. It takes input and output plugins and can therefore be used to convert almost any spooled fil
wget http://sourceforge.net/projects/barnyard/files/latest/download tar -xf download cd barnyard
apt-get install libmysqlclient-dev ./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu/ --with-mysql-includes=/usr/include/ make make install
cp /root/barnyard-0.2.0/etc/barnyard.conf /etc/snort/
output database: log, mysql, user=snort password=<mypassword> dbname=snort host=localhost
