您的位置:首页 > 其它

snort安装过程中遇到的问题及解决方案

2013-01-03 20:36 585 查看
Whileinstallingsnort2.9.*ispossibleyouwillreceiveanerrorinthecompilingofdaq0.6,thatsaysitcannotfindaspecificversionoflibpcaplibrary.Theerrorlookslikethis:

--------------------------------

checkingforlibpcapversion>="1.0.0"…noERROR!Libpcaplibraryversion>=1.0.0notfound.Getitfromhttp://www.tcpdump.org

-----------------------------


Inthiscaseyouneedtoinstalllibpcap-1.0.0orlater:


------------------------

wgethttp://www.tcpdump.org/release/libpcap-1.0.0.tar.gztarxvfzlibpcap-1.0.0.tar.gzcdlibpcap-1.0.0/./configuremakemakeinstall

------------------------


Ifyoustillhaveproblems,trytocheckthislink:

libpcapnotfound<----------->Icopiedthenewoneovertheoldoneanddaqcompiledandinstalledwithoutissue:root@xxxx:#cp/usr/local/lib/libpcap.a/usr/lib/
 
10.1建立snort配置文件和日志目录

 

  #mkdir/etc/snort

  #mkdir/var/log/snort

  #tar-zxvfsnort-2.4.4.tar.gz

  #cdsnort-2.4.4

  #./configure--with-mysql=/usr/local/mysql

  #make

#makeinstall

注意,我在编译snort时出现“ERROR! Libpcreheadernotfound,gogetitfrom”的错误。这是因为少安装了一个lib的库,如果谁出现了这样的问题,就到ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/下载最新的pcre库进行安装。

方法:#tar-zxvfpcre-6.7.tar.gz

      #./configure

      #make

      #makecheck

      #makeinstall

  10.2安装规则和配置文件

#cd/etc/snort/

   #tar?zxvf/ruanjian/snortrules-snapshot-2.4.tar.gz

  #cd/etc/snort/rules(在snort安装目录下)

  #cp*.conf/etc/snort/.          

  #cp*.config/etc/snort/.                

#cp*.map/etc/snort/.            

10.3修改snort.conf  (/etc/snort/snort.conf)

  varHOME_NET172.17.4.0/24(修改为你的内部网网络地址)

   varRULE_PATH./rules修改为varRULE_PATH/etc/snort/

 

  改变记录日志数据库:

log与alert数据库要分别建,否则snort启动当有事件发生时候要出错

  outputdatabase:log,mysql,user=rootpassword=your_passworddbname=snorthost=localhost

   outputdatabase:alert,mysql,user=rootpassword=your_passworddbname=snorthost=localhost

 

 

安装DB表:(在schemas目录)

/usr/local/mysql/bin/mysql-uroot-p<create_mysqlsnort//为snort建立数据表

11.安装配置Web接口

 

  安装JPGraph2.1.1

  #cpjpgraph-2.1.1.tar.gz/home

   #cd/home

  #tar-xzvfjpgraph-2.1.1.tar.gz

   #mvjpgraph-2.1.1jpgraph

  

  安装ADODB:

  #cpadodb480.gz/home

   #cd/home

   #tar-xzvfadodb480.gz

 

  安装配置Acid:

  #cpacid-0.9.6b23.tar.gz/home

   #cd/home

   #tar-xvzfacid-0.9.6b23.tar.gz

   #cd/home/acid/

 

  编辑acid_conf.php,修改相关配置如下:

$DBlib_path="/home/adodb";

$DBtype="mysql";

$alert_dbname="snort";

$alert_host="localhost";

$alert_port="";

$alert_user="root";

$alert_password="xiangqian";

$archive_dbname="snort";

$archive_host="localhost";

$archive_port="";

$archive_user="root";

$archive_password="xiangqian";

$ChartLib_path="/home/jpgraph/src";

 

运行snort把数据写入mysql

#snort-c/etc/snort/snort.conf

 

进入web界面:
http://yourhost/acid/acid_main.php
 点"SetupPage"链接->CreateAcidAG

 访问http://yourhost/acid将会看到ACID界面。

 
 
 
 
 
 
 
 

 

http://www.snort.org
http://www.snort.org/docs
http://www.snort.org/snort-downloads/rhel5(download Libpcapsnort)

centos5.5安装

安装时将apache和mysql服务安装上

yum-yinstallmysql-benchmysql-develphp-mysqlgccpcre-develphp-gdgdglib2-develgcc-c++libpcap-devel

cd/root

mkdir snort

cdsnort

wgethttp://www.snort.org/downloads/867(snort-2.9.0.5.tar.gz)

wgethttp://www.snort.org/downloads/860(daq-0.5.tar.gz)

tar-xzvfsnort-2.9.0.5.tar.gz

cdsnort-2.9.0.5

./configure--with-mysql--enable-dynamicplugin

(ifbulidingforCentOs64bitusethefollowinginstead->./configure--with-mysql-libraries=/usr/lib64/mysql/--enable-dynamicplugin)

###########################################################################################################################

ERROR! dnetheadernotfound,gogetitfromhttp://code.google.com/p/libdnet/orusethe--with-dnet-*options,ifyouhaveitinstalledinanunusualplace

wgethttp://libdnet.googlecode.com/files/libdnet-1.12.tgz 

tar-xzvflibdnet-1.12.tgz 

cdlibdnet-1.12.tgz 

./configure

make

makeinstall

ERROR! daq_staticlibrarynotfound,gogetitfrom http://www.snort.org/.
cd/root/snort/ 

tar-xzvfdaq-0.5.tar.gz 

cddaq-0.5.tar ./configure 

make 

makeinstall

如果出现报错ERROR!Libpcaplibraryversion>=1.0.0notfound.Getitfromhttp://www.tcpdump.org
yumerase libpcap-old

###################################################################################################################################

make

makeinstall

groupaddsnort

useradd-gsnortsnort-s/sbin/nologin

mkdir/etc/snort

mkdir/etc/snort/rules

mkdir/etc/snort/so_rules

mkdir/var/log/snort

chownsnort:snort/var/log/snort

cdetc(makesureyoudonotcdto/etc)

cp*/etc/snort

tar-xzvfsnortrules-snapshot-2902.tar.gz

cd./rules

cp* /etc/snort/rules

cp ../so_rules/precompiled/Centos-5-4/i386/2.9.0.2/* /etc/snort/so_rules

wgethttps://www.snort.org/downloads/893

vi/etc/snort/snort.conf

修改如下

RULE_PATH../rules    /etc/snort/rules

SO_RULE_PATH../so_rules       /etc/snort/so_rules

在output部分添加如下

outputunified2:filenamesnort.log,limit128

配置数据库

echo"setpasswordfor
root@localhost=password('123456');"|mysql-uroot-p

echo"createdatabasesnort;"|mysql-uroot-p

mysql-uroot-p-Dsnort<./schemas/create_mysql

echo"grantcreate,insertonroot.*to
snort@localhost;"|mysql-uroot-p

echo"setpasswordforsnort@localhost=password('123456');"|mysql-uroot-p

echo"grantcreate,insert,select,delete,updateonsnort.*to
snort@localhost"|mysql-uroot-p

installandconfigurebase(basicanalysisandsecurityengineandadodb)

usethefollowingcommmandtoinstallphp_pearandsomeadditionalsupportingfilestoallowfor

graphingwithinbasetofunctionproperly:

#yum-yinstallphp-pear_number_romanphp-pear_numbers_wordsphp-pear_image_colorphp-pear_canvas

php-pear_image_graph

wgethttp://pear.php.net/go-pear.phar

phpgo-pear.phar
http://pear.php.net/manual/en/installation.php

pearinstallNumbers_Roman

pearinstallNumbers_Words

pearinstallImage_Color

pearinstallImage_Canvas

pearinstallImage_Canvas

pearinstallImage_Graph

wgethttp://sourceforge.net/projects/adodb/files/adodb-php5-only/adodb-511-for-php5/adodb511.zip/download
wgethttp://sourceforge.net/projects/secureideas/files/BASE/base-1.4.5/base-1.4.5.tar.gz/download
installadodb

cd/var/www

tar-xzvf adodb511.tgz

mv  adodb5adodb

install  andconfigbase

cd/var/www/html/

tar-xzvfbase-1.4.5.tar.gz

cdbase-1.4.5

cpbase_conf.php.dist base_conf.ph

chownpigg.gamesbase_conf.php

edit"base_config.php"andinsertthefollowingparameters

$BASE_urlpath='/base';

$DBlib_path='/var/www/adodb';

$DBtype='mysql';

$alert_dbname='snort';

$alert_host='localhost';

$alert_port='';

$alert_user='snort';

$alert_password='passwordcreatedinmysqlsectionaboveforsnortuser';

/*archivedbconnnectionparameters*/

$archive_exists=0;#setthisto1ifyouhaveanarchivedb
/*accessyoursensoratthefollowingaddress:*/https://<ipaddressofsensor>/base

clickon"setuppage"thenclickon"createbaseag".

securingthebasedirectory:

mkdir/var/www/passwords

htpasswd-c/var/www/passwords/passwordsbase

password:123456

editthehttpd.conf

<Directory"/var/www/html/base">

           AuthTypeBasic

           AuthName"SnortIDS"

           AuthUserFile/var/www/passwords/passwords

           Requireuser base

</Directory>

Installing Barnyard2

barnyard2improvestheefficicencyofsnortbyreducingtheloadonthemaindetectionenginebyallowing

barnyard2tohandletheinsertingofeventsintothemysqldatabase.

wgethttps://download.github.com/firnsy-barnyard2-v2-1.9-12-g01f5581.tar.gz
tar-xzvffirnsy-barnyard2-v2-1.9-12-g01f5581.tar.gz

cdfirnsy-barnyard2-01f5581

./configure--with-mysql

(ifbuildingforcentos64bitusethefollowinginstead->./configure--with-mysql-libraries=/usr/lib64/mysql/)

make

makeinstall

cpetc/barnyard2.conf/etc/snort/      

mkdir/var/log/barnyard2

chmod666 /var/log/barnyard2

touch /var/log/snort/barnyard2.waldo

chownsnort:snort/var/log/snort/barnyard2.waldo

Edit/etc/snort/barnyard2.confandmodifythefollowinglines.

#confighostname:thor

#configinterface:eth0

#outputdatabase:log,mysql,user=rootpassword=testdbname=dbhost=localhost

Removethe#signfromthelinesaboveandchangetothebelow:

confighostname:localhost

configinterface:eth0(ifusingmultipleinterfacesthisshouldbeeth1)

outputdatabase:log,mysql,user=snortpassword='passwordcreatedinmysqlsectionaboveforsnortuser'dbname=snorthost=localhost
testingsnort:

youcanlauchsnortfromthecommmandlinetomakesurethatitloadsproperly.Enterthefollowingcommand:

/usr/local/bin/snort-usnort-gsnort-c/etc/snort/snort.conf-ieth0

(如果出现报错:/usr/local/bin/snort:errorwhileloadingsharedlibraries:libdnet.1:cannotopensharedobjectfile:Nosuchfileordirectory

ln-s  /usr/local/lib/libdnet.1 /usr/lib/libdnet.1)

/usr/local/bin/barnyard2-c/etc/snort/barnyard2.conf-d/var/log/snort-fsnort.log-w/var/log/snort/barnyard2.waldo-D

settingupsnort$barnyard2tostartautomatically:

edit/etc/rc.loacl

#ifconfigeth0up

/usr/local/bin/snort-usnort-gsnort-c/etc/snort/snort.conf-ieth0

/usr/local/bin/barnyard2-c/etc/snort/barnyard2.conf-d/var/log/snort-fsnort.log-w/var/log/snort/barnyard2.waldo-D

/etc/rc.localstart

 
                                            

                                        

                        
                        内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息 
                    

                    

                    

                        

                         标签: 
                                                

                        

                    


                

            


            

                
相关文章推荐

                

                

                    
                

            

        

        

            

            
            

                

                    
新的分享

                    

                        
                    

                

            


            

                

                    
章节导航