Download - Install snort base ok.docx

Transcript

A. Ci t cc gi ph tr1.Ci t wget# yum install wget -y2. Thay th flie yum.repos.d# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo#yum clean all#yum makecache3. Update file h thng#yum -y update4.ci t epel#yum install epel-release -yB. Ci t PHP & BASEChun b cc gi ci t sau:-phpMyAdmin-4.4.6.1-english.tar.gzhttp://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.6.1/phpMyAdmin-4.4.6.1-english.tar.gz/download-adodb519.tar.gzhttp://sourceforge.net/projects/adodb/files/adodb-php5-only/adodb-519-for-php5/adodb519.tar.gz/download-base-1.4.5.tar.gzhttp://sourceforge.net/projects/secureideas/files/BASE/base-1.4.5/base-1.4.5.tar.gz/download-barnyard2-1.9.tar.gzhttp://ftp.psu.ac.th/pub/snort/barnyard2-1.9.tar.gz

1.Ci t LMAP#yum install httpd mysql-server php php-mysql php-mbstring php-mcrypt mysql-devel -y2.Ci t php#yum install mcrypt libmcrypt libmcrypt-devel -y 3.Ci t pear#yum install php-pear -y#pear upgrade pear#pear channel-update pear.php.net#pear install mail#pear install Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman#pear install mail_mime4.Gii nn phpmyadmin#tar zxvf phpMyAdmin-4.4.6.1-english.tar.gz -C /var/www/html#mv /var/www/html/phpMyAdmin-4.4.6.1-english /var/www/html/phpmyadmin 5. Gii nn adodb#tar zxvf adodb519.tar.gz -C /var/www/html#mv /var/www/html/adodb5 /var/www/html/adodb 6. Gii nn base#tar zxvf base-1.4.5.tar.gz -C /var/www/html#mv /var/www/html/base-1.4.5 /var/www/html/base 7.Sa file php.ini#vi /etc/php.inierror_reporting = E_ALL & ~E_NOTICE 8.Sa file phpmyadmin#vi /var/www/html/phpmyadmin/libraries/config.default.php$cfg['blowfish_secret'] = ''; thay bng $cfg['blowfish_secret'] = '123456';9.Phn quyn th mc /var/www/html#chown -R apache:apache /var/www/html 10.Ci t adodb5#chmod 755 /var/www/html/adodb11.Ci t mysql Gii nn barnyard2#tar zxvf barnyard2-1.9.tar.gz#service mysqld start# mysqladmin -u root password 123456#mysql -uroot -p >create database snort; >grant create,select,update,insert,delete on snort.* to snort@localhost identified by '123456'; >exit#mysql -usnort -p -Dsnort < /root/Desktop/barnyard2-1.9/schemas/create_mysql12.Ci t base#service mysqld start #service httpd start #service iptables stop Truy cp theo ng dn: http://----IP---- /base/setup/index.php

C. Ci t snort+barnyard2Chun b cc gi ci t sau libdnet-1.12.tgzhttp://ftp.psu.ac.th/pub/snort/libdnet-1.12.tgz libpcap-1.7.2.tar.gzhttp://www.tcpdump.org/release/libpcap-1.7.2.tar.gz daq-2.0.4.tar.gzhttp://sourceforge.net/projects/snort/files/snort/daq-2.0.4.tar.gz/download snort-2.9.7.2.tar.gzhttp://sourceforge.net/projects/snort/files/snort/snort-2.9.7.2.tar.gz/download snortrules-snapshot-2972.tar.gzhttps://www.snort.org/downloads/registered/snortrules-snapshot-2972.tar.gz

1.Cc ci cc bin dch #yum install gcc flex bison zlib libpcap tcpdump gcc-c++ pcre* zlib* libdnet libdnet-devel 2.Ci t libdnet#tar zxvf libdnet-1.12.tgz# cd libdnet-1.12# ./configure && make && make install 3.Ci t libpcap# tar zxvf libpcap-1.7.2.tar.gz# cd libpcap-1.7.2 # ./configure && make && make install 4.Ci t DAQ# tar zxvf daq-2.0.4.tar.gz# cd daq-2.0.4# ./configure && make && make install

Set mode interface cho eth0:#ifconfig eth0 promisc5.Gii nn snort#tar zxvf snort-2.9.7.2.tar.gz#cd snort-2.9.7.2# ./configure --enable-sourcefire && make && make install 6. Ci t snortTo cc th mc cn thit#mkdir /etc/snort#mkdir /var/log/snort#mkdir /usr/local/lib/snort_dynamicrules#mkdir /etc/snort/rules#touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules#cp /tmp/snort-2.9.7.2/etc/gen-msg.map threshold.conf classification.config reference.config unicode.map snort.conf /etc/snort Sa file cu hnh snort#vi /etc/snort/snort.confipvar HOME_NET any > ipvar HOME_NET 192.168.x.xipvar EXTERNAL_NET any > ipvar EXTERNAL_NET !$HOME_NETvar RULE_PATH /etc/snort/rulesvar SO_RULE_PATH /etc/snort/so_rulesvar PREPROC_RULE_PATH /etc/snort/preproc_rulesvar WHITE_LIST_PATH /etc/snort/rulesvar BLACK_LIST_PATH /etc/snort/rules config logdir/var/log/snortoutput unified2filename snort.loglimit 128 7.Gii nn #tar zxvf snortrules-snapshot-2972.tar.gz -C /etc/snort/#cp /etc/snort/etc/sid-msg.map /etc/snort/ 8.Test snort# snort -T -i eth0 -c /etc/snort/snort.conf

27/59.Ci t barnyard2#cd /tmp/barnyard2-1.9# ./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql/ (64 bit)# ./configure --with-mysql (32bit)# make && make install 10. To file v lin kt barnyard2# mkdir /var/log/barnyard2# touch /var/log/snort/barnyard2.waldo# cp /root/Desktop/barnyard2-1.9/etc/barnyard2.conf /etc/snortSa file barnyard2.conf # vi /etc/snort/barnyard2.conf config logdir: /var/log/barnyard2 config hostname: localhost config interface:eth0 config waldo_file: /var/log/snort/barnyard2.waldo output database: log, mysql, user=snort password=123456 dbname=snort host=localhost 11.Test barnyard2# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo Test rule snort1.add rule vo local.rule#vi /etc/snort/rules/local.rulesalert icmp any any -> $HOME_NET any (msg:"Co Nguoi Ping"; sid:1000003;rev:1;)alert icmp any any -> $HOME_NET 81 (msg:"Scanning Port 81"; sid:1000001;rev:1;)alert tcp any any -> $HOME_NET 22 (msg:"Scanning Port 22"; sid:1000002;rev:1;)alert icmp any any -> any any (msg: "IcmP Packet detected";sid:1000001;)2.Khi ng li cc dch v v test snort v barnyard2#service mysqld start#service httpd start#service iptables stop#barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D# cd /usr/local/lib# snort v# snort -c /etc/snort/snort.conf -l /var/log/snort/#/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g root -D# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo

3.Xem giao din

Ti Liu :http://ftp.psu.ac.th/pub/snort/https://snort.org/