安裝一些支持庫

tar -zxvf zlib-1.2.3.tar.gz

cd zlib-1.2.3

./configure

make

make install

cd ..

tar -zxvf libpcap-0.9.5.tar.gz

cd libpcap-0.9.5

./configure

make

make install

cd ..

安裝MYSQL

# groupadd mysql

# useradd -g mysql -d /usr/local/mysql/data -M mysql

# tar -zxvf mysql-5.0.27.tar.gz

# cd mysql-5.0.27

./configure --prefix=/usr/local/mysql \指定安裝目錄

> --sysconfdir=/etc \配置文件的路徑

> --localstatedir=/usr/local/mysql/data \數據庫存放的路徑

> --enable-assembler \使用一些字符函數的匯編版本

> --with-mysqld-ldflags=-all-static \以純靜態方式編譯服務端

> --with-charset=gb2312 \添加gb2312字符支持

> --with-extra-charsets=all添加所有字符支持

# make

# make install

# /usr/local/mysql/bin/mysql_install_db

# chown -R mysql:mysql /usr/local/mysql/data

# cp /usr/local/mysql/share/mysql/mysql.server /etc/rc.d/init.d/mysqld

# chkconfig --add mysqld

# cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf

[root@fedora snort]# /usr/local/mysql/bin/mysqladmin -u root password 'gzidc'

Linux下執行程序時發生錯誤: cannot restore segment prot after reloc: Permission denied

原來這是SELinux搞的鬼，解決辦法有兩個:

1.使用chcon命令示例: chcon -t texrel_shlib_t /usr/local/rsi/idl_6.1/bin/bin.linux.x86/*.so

2.禁止掉SELinux更改/etc/sysconfig/selinux文件的內容為SELINUX=disabled

這個問題參考了以下鏈接http://www.rsinc.com/services/techtip.asp?ttid=3092

安裝Apache

tar -zvxf httpd-2.2.3.tar.gz

cd httpd-2.2.3

./configure --prefix=/usr/local/apache --enable-so

make

make install

安裝PHP

tar zxvf php-5.2.tar.gz

cd php-5.2

./configure

--prefix=/usr/local/php5 --with-apxs2=/usr/local/apache/bin/apxs

--with-config-file-path=/usr/local/php5/etc --enable-sockets

--with-mysql=/usr/local/mysql --with-zlib --with-gd

make

make install

cp ./php.ini-dist /usr/local/php5/etc/php.ini

修改httpd.conf

#vi /usr/local/apache/conf/httpd.conf

加載php模塊，去掉注釋“＃”，如沒有此行，請加上。

LoadModule php5_modulemodules/libphp5.so

加上此兩行

AddType application/x-httpd-php .php .phtml

AddType application/x-httpd-php-source .phps

# /usr/local/apache/bin/apachctl start

安裝Snort

[root@fedora src]# mkdir /usr/local/snort

[root@fedora src]# mkdir /var/log/snort

[root@fedora src]# tar -zxvf snort-2.6.1.tar.gz

[root@fedora src]# cd snort-2.6.1

./configure --prefix=/usr/local/snort --with-mysql=/usr/local/mysql/

make

make install

cd /usr/local/snort

[root@fedora snort]# tar -zxvf snortrules-snapshot-CURRENT.tar.gz

[root@fedora snort]# cp /usr/local/src/snort-2.6.1/etc/snort.conf /usr/local/snort/

[root@fedora snort]# cp /usr/local/src/snort-2.6.1/etc/*.config /usr/local/snort/

修改snort.conf

var HOME_NET 10.1.1.0/24

var RULE_PATH ./rules修改為var RULE_PATH /usr/local/snort/rules

改變記錄日志數據庫：

output database: log, mysql, user=root password=your_password dbname=snort host=localhost

cd /usr/local/src/snort-2.6.1/schemas

[root@fedora schemas]# /usr/local/mysql/bin/mysqladmin -u root -p create snort

[root@fedora schemas]# /usr/local/mysql/bin/mysqladmin -u root -p create snort_archive

[root@fedora schemas]# /usr/local/mysql/bin/mysql -u root -p snort < create_mysql

[root@fedora schemas]# /usr/local/mysql/bin/mysql -u root -p snort_archive < create_mysql

安裝ADODB

[root@fedora schemas]# cd /usr/local/

# tar zxvf adodb493a.gz

安裝BASE

#cd /usr/local/src/snortinstall

#cp base-1.1.2.tar.gz /usr/local/apache2/htdocs/

#cd /usr/local/apache2/htdocs

#tar –xvzf base-1.1.2.tar.gz

#rm –rf base-1.1.2.tar.gz

#mv base-1.1.2 base

接下來這些步驟不必做，如果您做了，安裝base時，一樣必須將base_conf.php移開。不過將設定值記好，等一下用瀏覽器安裝

base時用得著。

cp base_conf.php.dist base_conf.php

edit the “base_conf.php” file and insert the following perimeters

$BASE_urlpath = "/base";

$DBlib_path = "/usr/local/adodb ";

$DBtype = "mysql";

$alert_dbname = "snort";

$alert_host = "localhost";

$alert_port = "";

$alert_user = "root";

$alert_password = "password_of_root_mysql";

/* Archive DB connection parameters */

$archive_exists = 0; # Set this to 1 if you have an archive DBcd /var/www/html/base/

# /usr/local/php5/bin/pear install Image_Color-1.0.2.tgz

# /usr/local/php5/bin/pear install Image_Canvas-0.3.0.tgz

# /usr/local/php5/bin/pear install Numbers_Roman-1.0.1.tgz

# /usr/local/php5/bin/pear install Numbers_Words-0.15.0.tgz

# /usr/local/php5/bin/pear install Image_Graph-0.7.2.tgz

運行snort

# /usr/local/snort/bin/snort -dev -c /usr/local/snort/snort.conf

查看mysql運行的進程

mysql> show processlist;

總結

以上是生活随笔為你收集整理的snort create_mysql_入侵检测系统Snort+Base安装的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。