snort安装过程中遇到的问题及解决方案
2013-01-03 20:36
585 查看
Whileinstallingsnort2.9.*ispossibleyouwillreceiveanerrorinthecompilingofdaq0.6,thatsaysitcannotfindaspecificversionoflibpcaplibrary.Theerrorlookslikethis:
--------------------------------
Ifyoustillhaveproblems,trytocheckthislink:
libpcapnotfound<----------->Icopiedthenewoneovertheoldoneanddaqcompiledandinstalledwithoutissue:root@xxxx:#cp/usr/local/lib/libpcap.a/usr/lib/
10.1建立snort配置文件和日志目录
#mkdir/etc/snort
#mkdir/var/log/snort
#tar-zxvfsnort-2.4.4.tar.gz
#cdsnort-2.4.4
#./configure--with-mysql=/usr/local/mysql
#make
#makeinstall
注意,我在编译snort时出现“ERROR! Libpcreheadernotfound,gogetitfrom”的错误。这是因为少安装了一个lib的库,如果谁出现了这样的问题,就到ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/下载最新的pcre库进行安装。
方法:#tar-zxvfpcre-6.7.tar.gz
#./configure
#make
#makecheck
#makeinstall
10.2安装规则和配置文件
#cd/etc/snort/
#tar?zxvf/ruanjian/snortrules-snapshot-2.4.tar.gz
#cd/etc/snort/rules(在snort安装目录下)
#cp*.conf/etc/snort/.
#cp*.config/etc/snort/.
#cp*.map/etc/snort/.
10.3修改snort.conf (/etc/snort/snort.conf)
varHOME_NET172.17.4.0/24(修改为你的内部网网络地址)
varRULE_PATH./rules修改为varRULE_PATH/etc/snort/
改变记录日志数据库:
log与alert数据库要分别建,否则snort启动当有事件发生时候要出错
outputdatabase:log,mysql,user=rootpassword=your_passworddbname=snorthost=localhost
outputdatabase:alert,mysql,user=rootpassword=your_passworddbname=snorthost=localhost
安装DB表:(在schemas目录)
/usr/local/mysql/bin/mysql-uroot-p<create_mysqlsnort//为snort建立数据表
11.安装配置Web接口
安装JPGraph2.1.1
#cpjpgraph-2.1.1.tar.gz/home
#cd/home
#tar-xzvfjpgraph-2.1.1.tar.gz
#mvjpgraph-2.1.1jpgraph
安装ADODB:
#cpadodb480.gz/home
#cd/home
#tar-xzvfadodb480.gz
安装配置Acid:
#cpacid-0.9.6b23.tar.gz/home
#cd/home
#tar-xvzfacid-0.9.6b23.tar.gz
#cd/home/acid/
编辑acid_conf.php,修改相关配置如下:
$DBlib_path="/home/adodb";
$DBtype="mysql";
$alert_dbname="snort";
$alert_host="localhost";
$alert_port="";
$alert_user="root";
$alert_password="xiangqian";
$archive_dbname="snort";
$archive_host="localhost";
$archive_port="";
$archive_user="root";
$archive_password="xiangqian";
$ChartLib_path="/home/jpgraph/src";
运行snort把数据写入mysql
#snort-c/etc/snort/snort.conf
进入web界面:
http://yourhost/acid/acid_main.php
点"SetupPage"链接->CreateAcidAG
访问http://yourhost/acid将会看到ACID界面。
http://www.snort.org
http://www.snort.org/docs
http://www.snort.org/snort-downloads/rhel5(download Libpcapsnort)
centos5.5安装
安装时将apache和mysql服务安装上
yum-yinstallmysql-benchmysql-develphp-mysqlgccpcre-develphp-gdgdglib2-develgcc-c++libpcap-devel
cd/root
mkdir snort
cdsnort
wgethttp://www.snort.org/downloads/867(snort-2.9.0.5.tar.gz)
wgethttp://www.snort.org/downloads/860(daq-0.5.tar.gz)
tar-xzvfsnort-2.9.0.5.tar.gz
cdsnort-2.9.0.5
./configure--with-mysql--enable-dynamicplugin
(ifbulidingforCentOs64bitusethefollowinginstead->./configure--with-mysql-libraries=/usr/lib64/mysql/--enable-dynamicplugin)
###########################################################################################################################
ERROR! dnetheadernotfound,gogetitfromhttp://code.google.com/p/libdnet/orusethe--with-dnet-*options,ifyouhaveitinstalledinanunusualplace
wgethttp://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar-xzvflibdnet-1.12.tgz
cdlibdnet-1.12.tgz
./configure
make
makeinstall
ERROR! daq_staticlibrarynotfound,gogetitfromhttp://www.snort.org/.
cd/root/snort/
tar-xzvfdaq-0.5.tar.gz
cddaq-0.5.tar ./configure
make
makeinstall
如果出现报错ERROR!Libpcaplibraryversion>=1.0.0notfound.Getitfromhttp://www.tcpdump.org
yumerase libpcap-old
###################################################################################################################################
make
makeinstall
groupaddsnort
useradd-gsnortsnort-s/sbin/nologin
mkdir/etc/snort
mkdir/etc/snort/rules
mkdir/etc/snort/so_rules
mkdir/var/log/snort
chownsnort:snort/var/log/snort
cdetc(makesureyoudonotcdto/etc)
cp*/etc/snort
tar-xzvfsnortrules-snapshot-2902.tar.gz
cd./rules
cp* /etc/snort/rules
cp ../so_rules/precompiled/Centos-5-4/i386/2.9.0.2/* /etc/snort/so_rules
wgethttps://www.snort.org/downloads/893
vi/etc/snort/snort.conf
修改如下
RULE_PATH../rules /etc/snort/rules
SO_RULE_PATH../so_rules /etc/snort/so_rules
在output部分添加如下
outputunified2:filenamesnort.log,limit128
配置数据库
echo"setpasswordfor
root@localhost=password('123456');"|mysql-uroot-p
echo"createdatabasesnort;"|mysql-uroot-p
mysql-uroot-p-Dsnort<./schemas/create_mysql
echo"grantcreate,insertonroot.*to
snort@localhost;"|mysql-uroot-p
echo"setpasswordforsnort@localhost=password('123456');"|mysql-uroot-p
echo"grantcreate,insert,select,delete,updateonsnort.*to
snort@localhost"|mysql-uroot-p
installandconfigurebase(basicanalysisandsecurityengineandadodb)
usethefollowingcommmandtoinstallphp_pearandsomeadditionalsupportingfilestoallowfor
graphingwithinbasetofunctionproperly:
#yum-yinstallphp-pear_number_romanphp-pear_numbers_wordsphp-pear_image_colorphp-pear_canvas
php-pear_image_graph
wgethttp://pear.php.net/go-pear.phar
phpgo-pear.phar
http://pear.php.net/manual/en/installation.php
pearinstallNumbers_Roman
pearinstallNumbers_Words
pearinstallImage_Color
pearinstallImage_Canvas
pearinstallImage_Canvas
pearinstallImage_Graph
wgethttp://sourceforge.net/projects/adodb/files/adodb-php5-only/adodb-511-for-php5/adodb511.zip/download
wgethttp://sourceforge.net/projects/secureideas/files/BASE/base-1.4.5/base-1.4.5.tar.gz/download
installadodb
cd/var/www
tar-xzvf adodb511.tgz
mv adodb5adodb
install andconfigbase
cd/var/www/html/
tar-xzvfbase-1.4.5.tar.gz
cdbase-1.4.5
cpbase_conf.php.dist base_conf.ph
chownpigg.gamesbase_conf.php
edit"base_config.php"andinsertthefollowingparameters
$BASE_urlpath='/base';
$DBlib_path='/var/www/adodb';
$DBtype='mysql';
$alert_dbname='snort';
$alert_host='localhost';
$alert_port='';
$alert_user='snort';
$alert_password='passwordcreatedinmysqlsectionaboveforsnortuser';
/*archivedbconnnectionparameters*/
$archive_exists=0;#setthisto1ifyouhaveanarchivedb
/*accessyoursensoratthefollowingaddress:*/https://<ipaddressofsensor>/base
clickon"setuppage"thenclickon"createbaseag".
securingthebasedirectory:
mkdir/var/www/passwords
htpasswd-c/var/www/passwords/passwordsbase
password:123456
editthehttpd.conf
<Directory"/var/www/html/base">
AuthTypeBasic
AuthName"SnortIDS"
AuthUserFile/var/www/passwords/passwords
Requireuser base
</Directory>
Installing Barnyard2
barnyard2improvestheefficicencyofsnortbyreducingtheloadonthemaindetectionenginebyallowing
barnyard2tohandletheinsertingofeventsintothemysqldatabase.
wgethttps://download.github.com/firnsy-barnyard2-v2-1.9-12-g01f5581.tar.gz
tar-xzvffirnsy-barnyard2-v2-1.9-12-g01f5581.tar.gz
cdfirnsy-barnyard2-01f5581
./configure--with-mysql
(ifbuildingforcentos64bitusethefollowinginstead->./configure--with-mysql-libraries=/usr/lib64/mysql/)
make
makeinstall
cpetc/barnyard2.conf/etc/snort/
mkdir/var/log/barnyard2
chmod666 /var/log/barnyard2
touch /var/log/snort/barnyard2.waldo
chownsnort:snort/var/log/snort/barnyard2.waldo
Edit/etc/snort/barnyard2.confandmodifythefollowinglines.
#confighostname:thor
#configinterface:eth0
#outputdatabase:log,mysql,user=rootpassword=testdbname=dbhost=localhost
Removethe#signfromthelinesaboveandchangetothebelow:
confighostname:localhost
configinterface:eth0(ifusingmultipleinterfacesthisshouldbeeth1)
outputdatabase:log,mysql,user=snortpassword='passwordcreatedinmysqlsectionaboveforsnortuser'dbname=snorthost=localhost
testingsnort:
youcanlauchsnortfromthecommmandlinetomakesurethatitloadsproperly.Enterthefollowingcommand:
/usr/local/bin/snort-usnort-gsnort-c/etc/snort/snort.conf-ieth0
(如果出现报错:/usr/local/bin/snort:errorwhileloadingsharedlibraries:libdnet.1:cannotopensharedobjectfile:Nosuchfileordirectory
ln-s /usr/local/lib/libdnet.1 /usr/lib/libdnet.1)
/usr/local/bin/barnyard2-c/etc/snort/barnyard2.conf-d/var/log/snort-fsnort.log-w/var/log/snort/barnyard2.waldo-D
settingupsnort$barnyard2tostartautomatically:
edit/etc/rc.loacl
#ifconfigeth0up
/usr/local/bin/snort-usnort-gsnort-c/etc/snort/snort.conf-ieth0
/usr/local/bin/barnyard2-c/etc/snort/barnyard2.conf-d/var/log/snort-fsnort.log-w/var/log/snort/barnyard2.waldo-D
/etc/rc.localstart
--------------------------------
checkingforlibpcapversion>="1.0.0"…noERROR!Libpcaplibraryversion>=1.0.0notfound.Getitfromhttp://www.tcpdump.org
-----------------------------
Inthiscaseyouneedtoinstalllibpcap-1.0.0orlater:
------------------------
wgethttp://www.tcpdump.org/release/libpcap-1.0.0.tar.gztarxvfzlibpcap-1.0.0.tar.gzcdlibpcap-1.0.0/./configuremakemakeinstall
------------------------
Ifyoustillhaveproblems,trytocheckthislink:
libpcapnotfound<----------->Icopiedthenewoneovertheoldoneanddaqcompiledandinstalledwithoutissue:root@xxxx:#cp/usr/local/lib/libpcap.a/usr/lib/
10.1建立snort配置文件和日志目录
#mkdir/etc/snort
#mkdir/var/log/snort
#tar-zxvfsnort-2.4.4.tar.gz
#cdsnort-2.4.4
#./configure--with-mysql=/usr/local/mysql
#make
#makeinstall
注意,我在编译snort时出现“ERROR! Libpcreheadernotfound,gogetitfrom”的错误。这是因为少安装了一个lib的库,如果谁出现了这样的问题,就到ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/下载最新的pcre库进行安装。
方法:#tar-zxvfpcre-6.7.tar.gz
#./configure
#make
#makecheck
#makeinstall
10.2安装规则和配置文件
#cd/etc/snort/
#tar?zxvf/ruanjian/snortrules-snapshot-2.4.tar.gz
#cd/etc/snort/rules(在snort安装目录下)
#cp*.conf/etc/snort/.
#cp*.config/etc/snort/.
#cp*.map/etc/snort/.
10.3修改snort.conf (/etc/snort/snort.conf)
varHOME_NET172.17.4.0/24(修改为你的内部网网络地址)
varRULE_PATH./rules修改为varRULE_PATH/etc/snort/
改变记录日志数据库:
log与alert数据库要分别建,否则snort启动当有事件发生时候要出错
outputdatabase:log,mysql,user=rootpassword=your_passworddbname=snorthost=localhost
outputdatabase:alert,mysql,user=rootpassword=your_passworddbname=snorthost=localhost
安装DB表:(在schemas目录)
/usr/local/mysql/bin/mysql-uroot-p<create_mysqlsnort//为snort建立数据表
11.安装配置Web接口
安装JPGraph2.1.1
#cpjpgraph-2.1.1.tar.gz/home
#cd/home
#tar-xzvfjpgraph-2.1.1.tar.gz
#mvjpgraph-2.1.1jpgraph
安装ADODB:
#cpadodb480.gz/home
#cd/home
#tar-xzvfadodb480.gz
安装配置Acid:
#cpacid-0.9.6b23.tar.gz/home
#cd/home
#tar-xvzfacid-0.9.6b23.tar.gz
#cd/home/acid/
编辑acid_conf.php,修改相关配置如下:
$DBlib_path="/home/adodb";
$DBtype="mysql";
$alert_dbname="snort";
$alert_host="localhost";
$alert_port="";
$alert_user="root";
$alert_password="xiangqian";
$archive_dbname="snort";
$archive_host="localhost";
$archive_port="";
$archive_user="root";
$archive_password="xiangqian";
$ChartLib_path="/home/jpgraph/src";
运行snort把数据写入mysql
#snort-c/etc/snort/snort.conf
进入web界面:
点"SetupPage"链接->CreateAcidAG
访问
centos5.5安装
安装时将apache和mysql服务安装上
yum-yinstallmysql-benchmysql-develphp-mysqlgccpcre-develphp-gdgdglib2-develgcc-c++libpcap-devel
cd/root
mkdir snort
cdsnort
wget
wget
tar-xzvfsnort-2.9.0.5.tar.gz
cdsnort-2.9.0.5
./configure--with-mysql--enable-dynamicplugin
(ifbulidingforCentOs64bitusethefollowinginstead->./configure--with-mysql-libraries=/usr/lib64/mysql/--enable-dynamicplugin)
###########################################################################################################################
ERROR! dnetheadernotfound,gogetitfrom
wget
tar-xzvflibdnet-1.12.tgz
cdlibdnet-1.12.tgz
./configure
make
makeinstall
ERROR! daq_staticlibrarynotfound,gogetitfrom
cd/root/snort/
tar-xzvfdaq-0.5.tar.gz
cddaq-0.5.tar ./configure
make
makeinstall
如果出现报错ERROR!Libpcaplibraryversion>=1.0.0notfound.Getitfrom
yumerase libpcap-old
###################################################################################################################################
make
makeinstall
groupaddsnort
useradd-gsnortsnort-s/sbin/nologin
mkdir/etc/snort
mkdir/etc/snort/rules
mkdir/etc/snort/so_rules
mkdir/var/log/snort
chownsnort:snort/var/log/snort
cdetc(makesureyoudonotcdto/etc)
cp*/etc/snort
tar-xzvfsnortrules-snapshot-2902.tar.gz
cd./rules
cp* /etc/snort/rules
cp ../so_rules/precompiled/Centos-5-4/i386/2.9.0.2/* /etc/snort/so_rules
wget
vi/etc/snort/snort.conf
修改如下
RULE_PATH../rules /etc/snort/rules
SO_RULE_PATH../so_rules /etc/snort/so_rules
在output部分添加如下
outputunified2:filenamesnort.log,limit128
配置数据库
echo"setpasswordfor
root@localhost=password('123456');"|mysql-uroot-p
echo"createdatabasesnort;"|mysql-uroot-p
mysql-uroot-p-Dsnort<./schemas/create_mysql
echo"grantcreate,insertonroot.*to
snort@localhost;"|mysql-uroot-p
echo"setpasswordfor
echo"grantcreate,insert,select,delete,updateonsnort.*to
snort@localhost"|mysql-uroot-p
installandconfigurebase(basicanalysisandsecurityengineandadodb)
usethefollowingcommmandtoinstallphp_pearandsomeadditionalsupportingfilestoallowfor
graphingwithinbasetofunctionproperly:
#yum-yinstallphp-pear_number_romanphp-pear_numbers_wordsphp-pear_image_colorphp-pear_canvas
php-pear_image_graph
wget
phpgo-pear.phar
pearinstallNumbers_Roman
pearinstallNumbers_Words
pearinstallImage_Color
pearinstallImage_Canvas
pearinstallImage_Canvas
pearinstallImage_Graph
wget
wget
installadodb
cd/var/www
tar-xzvf adodb511.tgz
mv adodb5adodb
install andconfigbase
cd/var/www/html/
tar-xzvfbase-1.4.5.tar.gz
cdbase-1.4.5
cpbase_conf.php.dist base_conf.ph
chownpigg.gamesbase_conf.php
edit"base_config.php"andinsertthefollowingparameters
$BASE_urlpath='/base';
$DBlib_path='/var/www/adodb';
$DBtype='mysql';
$alert_dbname='snort';
$alert_host='localhost';
$alert_port='';
$alert_user='snort';
$alert_password='passwordcreatedinmysqlsectionaboveforsnortuser';
/*archivedbconnnectionparameters*/
$archive_exists=0;#setthisto1ifyouhaveanarchivedb
/*accessyoursensoratthefollowingaddress:*/
clickon"setuppage"thenclickon"createbaseag".
securingthebasedirectory:
mkdir/var/www/passwords
htpasswd-c/var/www/passwords/passwordsbase
password:123456
editthehttpd.conf
<Directory"/var/www/html/base">
AuthTypeBasic
AuthName"SnortIDS"
AuthUserFile/var/www/passwords/passwords
Requireuser base
</Directory>
Installing Barnyard2
barnyard2improvestheefficicencyofsnortbyreducingtheloadonthemaindetectionenginebyallowing
barnyard2tohandletheinsertingofeventsintothemysqldatabase.
wget
tar-xzvffirnsy-barnyard2-v2-1.9-12-g01f5581.tar.gz
cdfirnsy-barnyard2-01f5581
./configure--with-mysql
(ifbuildingforcentos64bitusethefollowinginstead->./configure--with-mysql-libraries=/usr/lib64/mysql/)
make
makeinstall
cpetc/barnyard2.conf/etc/snort/
mkdir/var/log/barnyard2
chmod666 /var/log/barnyard2
touch /var/log/snort/barnyard2.waldo
chownsnort:snort/var/log/snort/barnyard2.waldo
Edit/etc/snort/barnyard2.confandmodifythefollowinglines.
#confighostname:thor
#configinterface:eth0
#outputdatabase:log,mysql,user=rootpassword=testdbname=dbhost=localhost
Removethe#signfromthelinesaboveandchangetothebelow:
confighostname:localhost
configinterface:eth0(ifusingmultipleinterfacesthisshouldbeeth1)
outputdatabase:log,mysql,user=snortpassword='passwordcreatedinmysqlsectionaboveforsnortuser'dbname=snorthost=localhost
testingsnort:
youcanlauchsnortfromthecommmandlinetomakesurethatitloadsproperly.Enterthefollowingcommand:
/usr/local/bin/snort-usnort-gsnort-c/etc/snort/snort.conf-ieth0
(如果出现报错:/usr/local/bin/snort:errorwhileloadingsharedlibraries:libdnet.1:cannotopensharedobjectfile:Nosuchfileordirectory
ln-s /usr/local/lib/libdnet.1 /usr/lib/libdnet.1)
/usr/local/bin/barnyard2-c/etc/snort/barnyard2.conf-d/var/log/snort-fsnort.log-w/var/log/snort/barnyard2.waldo-D
settingupsnort$barnyard2tostartautomatically:
edit/etc/rc.loacl
#ifconfigeth0up
/usr/local/bin/snort-usnort-gsnort-c/etc/snort/snort.conf-ieth0
/usr/local/bin/barnyard2-c/etc/snort/barnyard2.conf-d/var/log/snort-fsnort.log-w/var/log/snort/barnyard2.waldo-D
/etc/rc.localstart
相关文章推荐
- 安装zabbix3.2过程中遇到的一些问题&解决方案
- Ubuntu16.04 记录一次安装greenplum的过程,以及遇到的问题与部分解决方案
- Redis介绍——Linux环境Redis安装全过程和遇到的问题及解决方案
- solr安装过程中遇到的问题和解决方案
- Oracle安装过程中遇到的一些问题及解决方案
- elasticsearch安装,以及安装过程遇到的问题以及解决方案
- Redis介绍——Linux环境Redis安装全过程和遇到的问题及解决方案
- Android开发过程遇到的安装好的APP打开程序崩溃,或者安装后应用列表里没有的问题及解决方案
- Redis介绍——Linux环境Redis安装全过程和遇到的问题及解决方案
- 转:SQL Server 2008 安装过程中遇到“性能计数器注册表配置单元一致性”检查失败 问题的解决方案
- qconf安装过程遇到的问题及解决方案
- Rosetta stone安装过程中遇到的问题和解决方案
- hadoop安装搭建过程中遇到的问题与解决方案
- SQL Server 2008 安装过程中遇到“性能计数器注册表配置单元一致性”检查失败 问题的解决方案
- DVWA在Kali中的安装步骤及过程中遇到的问题解决方案-01
- 安装python caffe过程中遇到的一些问题以及对应的解决方案
- DVWA在Kali中的安装步骤及过程中遇到的问题解决方案-01
- hive安装过程中遇到的一些问题以及解决方案
- 关于Python安装和pip更新过程中遇到的问题及解决方案
- mysql安装过程遇到的问题以及解决方案