入侵检测系统IDSCentOS66下基于snortbarnyard2base入侵检测系统搭Word格式文档下载.docx
《入侵检测系统IDSCentOS66下基于snortbarnyard2base入侵检测系统搭Word格式文档下载.docx》由会员分享,可在线阅读,更多相关《入侵检测系统IDSCentOS66下基于snortbarnyard2base入侵检测系统搭Word格式文档下载.docx(12页珍藏版)》请在冰豆网上搜索。
#yummakecache
3.更新系统
#yum-yupdate
(升级到了6.6)
4.安装epel源
#yuminstallepel-release
5.下载安装文件
把网盘里的安装文件下载到CentOS里备用(可以利用附件中的FTPServer.exe传输),这里放到/root
二、安装配置LMAP
1.安装LMAP组件
#yuminstallhttpdmysql-serverphpphp-mysqlphp-mbstringphp-mcryptmysql-devel
2.安装php插件
#yuminstallmcryptlibmcryptlibmcrypt-devel
3.安装pear插件
#yuminstallphp-pear
#pearupgradepear
#pearchannel-update
#pearinstallmail
#pearinstallImage_Graph-alphaImage_Canvas-alphaImage_ColorNumbers_Roman
#pearinstallmail_mime
4.安装phpmyadmin
(不要随意更换版本,可能会出现不支持数据库的情况)
#tarzxvfphpMyAdmin--C/var/www/html
#mv/var/www/html/phpMyAdmin-/var/www/html/phpmyadmin
5.安装adodb
#tarzxvf-C/var/www/html
#mv/var/www/html/adodb5/var/www/html/adodb
6.安装base
#tarzxvfbase--C/var/www/html
#mv/var/www/html/base-1.4.5/var/www/html/base
7.设置php.ini
#vi/etc/php.ini
error_reporting=E_ALL&
~E_NOTICE
8.配置phpmyadmin
#vi/var/www/html/phpmyadmin/libraries/
$cfg['
blowfish_secret'
]='
'
;
改成$cfg['
123456'
(注:
其中的’123456′为随意的字符)
9.设置html目录权限
#chown-Rapache:
apache/var/www/html
10.设置adodb权限
#chmod755/var/www/html/adodb
11.配置mysql
解压barnyard2(这里要用里面的文件创mysql表)
#tarzxvfbarnyard2-
启动mysql
#servicemysqldstart
设置root密码为123456
#mysqladmin-uroot-ppassword123456
以root登陆mysql
#mysql-uroot-p
创建名为snort的数据库
>
createdatabasesnort;
创建名为snort、密码为123456的数据库用户并赋予名为snort数据库权限
grantcreate,select,update,insert,deleteonsnort.*tosnort@localhostidentifiedby'
退出
exit
创建数据库表
#mysql-usnort-p-Dsnort<
/root/barnyard2-1.9/schemas/create_mysql
12.配置base
#servicemysqldstart启动mysql
#servicehttpdstart启动apache
#serviceiptablesstop关闭防火墙
用浏览器打开.234/base/setup/index.php(IP换成你自己的)
1.点击Continuue
2.选择显示语言,设置adodb路径
3.配置数据库
4.设置admin用户和密码(这里应该是设置admin的用户和密码,我这里跟mysql的root一样)
5.点击“CreateeBASEAG”
6.成功的话会有红色successfillycreated字样,如下图(Centos7没有,原因未知),点击“step5”
7.安装成功
三、安装配置snort+barnyard2
1.安装依赖包
#yuminstallgccflexbisonzliblibpcaptcpdumpgcc-c++pcre*zlib*libdnetlibdnet-devel
2.安装libdnet
(这里必须是这个版本)
#tarzxvflibdnet-
#cdlibdnet-1.12
#./configure&
&
make&
makeinstall
3.安装libpcap
(这里必须)
#wget/libpcap-
#tarzxvflibpcap-
#cdlibpcap-1.0.0
4.安装DAQ
#tarzxvfdaq-
#cddaq-2.0.4
5.安装snort
#tarzxvfsnort-
#cdsnort-
6.配置snort
创建需要的文件和目录
#mkdir/etc/snort
#mkdir/var/log/snort
#mkdir/usr/local/lib/snort_dynamicrules
#mkdir/etc/snort/rules
#touch/etc/snort/rules/white_list.rules/etc/snort/rules/black_list.rules
#cp/root/snort-threshold.confclassification.configreference.configunicode.mapsnort.conf/etc/snort/
编辑配置文件
#vi/etc/snort/snort.conf
定义路径变量
varRULE_PATH/etc/snort/rules
varSO_RULE_PATH/etc/snort/so_rules
varPREPROC_RULE_PATH/etc/snort/preproc_rules
varWHITE_LIST_PATH/etc/snort/rules
varBLACK_LIST_PATH/etc/snort/rules
设置log目录
configlogdir:
/var/log/snort
配置输出插件
outputunified2:
filenamesnort.log,limit128
7.配置规则
#tarzxvfsnortrules-snapshot--C/etc/snort/
#cp/etc/snort/etc/sid-msg.map/etc/snort/
8.测试snort
(如果最后出现success的字样说明配置好了)
#snort-T-ieth0-c/etc/snort/snort.conf
9.安装barnyard2
#cd/root/barnyard2-1.9
#./configure--with-mysql--with-mysql-libraries=/usr/lib64/mysql/
#make&
10.配置barnyard2
创建需要的文件和目录
#mkdir/var/log/barnyard2
#touch/var/log/snort/barnyard2.waldo
#cp/root/barnyard2-1.9/etc/barnyard2.conf/etc/snort
编辑配置文件
#vi/etc/snort/barnyard2.conf
configlogdir:
/var/log/barnyard2
confighostname:
localhost
configinterface:
eth0
configwaldo_file:
/var/log/snort/barnyard.waldo
outputdatabase:
log,mysql,user=snortpassword=123456dbname=snorthost=localhost
11.测试barnyard2
#barnyard2-c/etc/snort/barnyard2.conf-d/var/log/snort-fsnort.log-w/var/log/snort/barnyard2.waldo
四、测试IDS是否正常工作
1.编写测试规则
#vi/etc/snort/rules/local.rules
alerticmpanyany->
anyany(msg:
"
IcmPPacketdetected"
sid:
1000001;
)
(这是一条检查ping包的规则)
2.启动IDS
#servicehttpdstart
#serviceiptablesstop
#barnyard2-c/etc/snort/barnyard2.conf-d/var/log/snort-fsnort.log-w/var/log/snort/barnyard2.waldo-D
#snort-c/etc/snort/snort.conf-ieth0–D
3.测IDS
向IDS的IP发送ping包,base的页面会出现红色ICMP告警
升级会员 