小编给大家分享一下Linux下如何安装入侵检测系统Snort,相信大部分人都还不怎么了解,因此分享这篇文章给大家参考一下,希望大家阅读完这篇文章后大有收获,下面让我们一起去了解一下吧!
Snort是一款知名的开源的入侵检测系统。其 Web界面(Snorby)可以用于更好地分析警告。Snort使用iptables/pf防火墙来作为入侵检测系统
预装daq所需程序
snort使用数据采集器(daq)监听防火墙数据包队列,所以按照daq。需预装的程序有:flex、bison、libcap。
sudo apt-get install flexsudo apt-get install bisonsudo aptitude install libpcap-dev安装daq
wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gztar xvfz daq-2.0.6.tar.gz cd daq-2.0.6./configure && make && sudo make install安装snort所需程序
aptitude install libpcre3-devaptitude install libdumbnet-devaptitude install zlib1g-dev安装snort
wget https://www.snort.org/downloads/snort/snort-2.9.12.tar.gz tar xvfz snort-2.9.12.tar.gz cd snort-2.9.12./configure --enable-sourcefire && make && sudo make install运行 snort 会要求你安装响应包,安装即可
//运行snort -V//提示安装下面包apt-get install snortapt-get install snort-mysqlapt-get install snort-pgsql//此时snort已经可以运行,看到一只小猪,,_ –> Snort! – o” )~ Version 2.9.2 IPv6 GRE (Build 78) ”” By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2011 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.3.4
//-----------------//安装一些依赖包,为后面的图形化做准备安装apache
apt-get install apache2
安装mysql
apt-get install mysql-server
安装php
apt-get install php5
为snort创建一个数据库,和一个用户
$ mysql –u root –pmysql> CREATE DATABASE snort;mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort@localhost;mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort;mysql> SET PASSWORD FOR snort@localhost=PASSWORD('yourpassword');mysql> exit修改snor配置文件
snort的配置文件在/etc/snort/snort.conf
打开该文件将 HOME_NET 有关项注释掉,然后将 HOME_NET 设置为本机 IP 所在网络,将 EXTERNAL_NET 相关项注释掉,设置其为非本机网络,如下所示:
其中需要修改的内容如下所示: 45行 ipvar HOME_NET any > ipvar HOME_NET 192.168.x.x 你的的IP网段,写成CIDR格式,可以添加多个网段 举例:ipvar HOME_NET [192.168.0.0/16,172.16.0.0/16]
ipvar EXTERNAL_NET any > ipvar EXTERNAL_NET!$HOME_NET
试运行
snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf若出现如下错误!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: The database output plugins are considered deprecated as!! of Snort 2.9.2 and will be removed in Snort 2.9.3.!! The recommended approach to logging is to use unified2 with!! barnyard2 or similar.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!database: must enter database name in configuration file解法:搞了好长时间,发现snort.conf配置文件549行左右有一条include database.conf注释掉运行snort,snort会监测eth0端口
snort结果如下
以上是“Linux下如何安装入侵检测系统Snort”这篇文章的所有内容,感谢各位的阅读!相信大家都有了一定的了解,希望分享的内容对大家有所帮助,如果还想学习更多知识,欢迎关注编程网行业资讯频道!
