在RedHat9上构建小型的入侵检测系统3
作者:jz123 来源:www.jz123.cn 发布时间:2006-2-1 6:08:50 发布人:jz123
四.在mysql中建立数据库
进入snort安装目录:/usr/local/mysql/bin/mysql -p <./contrib/create_mysql snort
gt;Enter password:
安装DB表:(在contrib目录)
zcat snortdb-extra.gz | /usr/local/mysql/bin/mysql -p snort
进入mysql数据库,看看snort数据库中的表:
安装JPGraph1.11
安装ADODB:
安装配置Acid:
编辑acid_conf.php,修改相关配置如下:
http://yourhost/acid/acid_main.php
点"Setup Page"链接 -> Create Acid AG
访问http://yourhost/acid将会看到ACID界面。
六.测试系统
重启系统或者直接启动相关后台程序:
/etc/init.d/mysql restart
/etc/init.d/snort start
/etc/init.d/httpd start
利用nmap,nessus,CIS或者X-scan对系统进行扫描,
产生告警纪录。
http://yourhost/acid 察看纪录。
至此,一个功能强大的IDS配置完毕。各位可以利用web界面
远程登陆,监控主机所处局域网,同时安装phpMyAdmin对mysql
数据库进行操控。
/usr/local/mysql/bin/mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('your_password');
mysql> create database snort;
mysql> grant INSERT,SELECT on root.* to snort@localhost;
mysql> quit;
进入snort安装目录:/usr/local/mysql/bin/mysql -p <./contrib/create_mysql snort
gt;Enter password:
安装DB表:(在contrib目录)
zcat snortdb-extra.gz | /usr/local/mysql/bin/mysql -p snort
进入mysql数据库,看看snort数据库中的表:
/usr/local/mysql/bin/mysql -p
gt;Enter password:
mysql> show databases;
+------------+
| Database
+------------+
| mysql
| snort
| test
+------------+
3 rows in set (0.00 sec)
mysql> use snort;
mysql> show tables; 将会有这些:
+------------------+
| Tables_in_snort |
+------------------+
| data
| detail
| encoding
| event
| flags
| icmphdr
| iphdr
| opt
| protocols
| reference
| reference_system
schema
| sensor
| services
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
+------------------+
19 rows in set (0.00 sec)
mysql> exit
五.安装配置Web接口 安装JPGraph1.11
cp jpgraph-1.11.tar.gz /www/htdocs
cd /www/htdocs
tar -xzvf jpgraph-1.xx.tar.gz
rm -rf jpgrap-1.xx.tar.gz
cd jpgraph-1.11
rm -rf README
rm -rf QPL.txt
安装ADODB:
cp adodb330.tgz /www/htdocs/
cd /www/htdocs
tar -xzvf adodb330.tgz
rm -rf adodb330.tgz
安装配置Acid:
cp acid-0.0.6b23.tar.gz /www/htdocs
cd /www/htdocs
tar -xvzf acid-0.9.6b23.tar.gz
rm -rf acid-0.9.6b23.tar.gz
cd /www/htodcs/acid/
编辑acid_conf.php,修改相关配置如下:
#8194;$DBlib_path = "/www/htdocs/adodb";
/* The type of underlying alert database
*
* MySQL : "mysql"
* PostgresSQL : "postgres"
* MS SQL Server : "mssql"
*/
#8194;$DBtype = "mysql";
/* Alert DB connection parameters
* - ?$alert_dbname : MySQL database name of Snort alert DB
* - ?$alert_host : host on which the DB is stored
* - ?$alert_port : port on which to access the DB
* - ?$alert_user : login to the database with this user
* - ?$alert_password : password of the DB user
*
* This information can be gleaned from the Snort database
* output plugin configuration.
*/
#8194;$alert_dbname = "snort";
#8194;$alert_host = "localhost";
#8194;$alert_port = "";
#8194;$alert_user = "root";
#8194;$alert_password = "Your_Password";
/* Archive DB connection parameters */
#8194;$archive_dbname = "snort";
#8194;$archive_host = "localhost";
#8194;$archive_port = "";
#8194;$archive_user = "root";
#8194;$archive_password = "Your_Password ";
And a little further down
#8194;$ChartLib_path = "/www/htdocs/jpgraph-1.11/src";
/* File format of charts ('png', 'jpeg', 'gif') */
#8194;$chart_file_format = "png";
进入web界面: http://yourhost/acid/acid_main.php
点"Setup Page"链接 -> Create Acid AG
访问http://yourhost/acid将会看到ACID界面。
六.测试系统
重启系统或者直接启动相关后台程序:
/etc/init.d/mysql restart
/etc/init.d/snort start
/etc/init.d/httpd start
利用nmap,nessus,CIS或者X-scan对系统进行扫描,
产生告警纪录。
http://yourhost/acid 察看纪录。
至此,一个功能强大的IDS配置完毕。各位可以利用web界面
远程登陆,监控主机所处局域网,同时安装phpMyAdmin对mysql
数据库进行操控。