SULinux install
APM Tools install
byacc rpm install
pcre http://www.pcre.org
./configure && make && make install
snort http://www.snort.org instll
./configure --with-mysql=/usr/local/mysql && make && make install
snort source dir 에서
mysql -u 'ID' -p DBname < ./contrip/create-mysql.sql (혹은 schemas)
## ACID 일 경우 ##
#snort-2.3.0RC2 이전에서 snortdb-extra.gz 추출
#gzip -d snortdb-extra.gz
#mysql -u 'iD' -p DBname < ./snortdb-extra
groupdd snort
useradd -g snort snort
mkdir -p /etc/snort/rules
mkdir /var/log/snort
cd rules
cp * /etc/snort/rules
cd ../etc
cp * /etc/snort
vi snort.conf
var HOME_NET 10.0.0.0/24 <-- internal network
var RULE_PATH /etc/snort/rules <-- rule file path
output datbase : log,mysql,user='ID'pasword='PASSWD'dbname='DBname'host='localhost'
mysql
CREATE DATABASE DBname;
GRANT ALL ON DBname.* TO 'ID'@localhost IDENTIFIED BY 'PASSWD';
FLUSH PRIVILEGES;
quit
#######
SET PASSWORD FOR root@localhost=PASSWORD("passwd");
CREATE DATABASE DBname;
GRANT INSERT,SELECT on root.* TO DBname@localhost;
SET PASSWORD FOR DBname@localhost=PASSWORD('passwd_from_snort.conf');
GRANT CREATE,INSERT,SELECT,DELETE,UPDATE on ID.* TO DBname@localhost;
GRANT CREATE,INSERT,SELECT,DELETE,UPDATE on ID.* TO DBname;
exit
########
yum install php-gd
ADODB install
tar zxf adodb462.tar
mv ./adodb/ /var/www/html/adodb
BASE install
tar zxf base-xxx.tar.gz
mv base-xxx/ /var/www/html/base
cd /var/www/html/base
cp base_conf.php.dist base_conf.php
vi base_conf.php
$BASE_urlpath="/base";
$DBlib_path="/vr/www/html/adodb/";
$DBtype="mysql";
$alert_dbname="snort DBname";
$alert_host="localhost";
$alert_port="";
$alert_user="snort User";
$alert_password="snort User Passwd";
/* Archive DB connection parameters */
$archive_exists=0; # Ser this to 1 if you have an archie DB
vi /etc/rc.local
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g snort -D
Securing the BASE directory
mkdir /var/www/html/passwords
/usr/bin/htpasswd -c /var/www/html/passwords base
vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/base/">
AuthType Basic
AuthName "snortIDS"
AuthUserFile /var/www/html/passwords
Require user base
</Directory>
'linux > Install' 카테고리의 다른 글
| BASE CentOS 문서 (0) | 2007.08.28 |
|---|---|
| GKrellm RPm packaging (0) | 2007.03.16 |
| KoreLinux 2004 Workstation에 Oracle 10g Database를 설치하는 방법 (0) | 2007.03.16 |
| snmp + rrdexec (0) | 2007.03.16 |
| snort + ACID install (+APM) (0) | 2007.03.16 |
