1.
2.
gedit /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
3.
/etc/init.d/networking restart
4.
apt-get update
5.
apt-get upgrade
6.
apt-get clean
7.
apt-get install nmap
8.
apt-get install nbtscan
9.
apt-get install apache2
10.
apt-get install php5
11.
apt-get install php-mysql
12.
apt-get install php-gd
13.
apt-get install libpcap0.8-dev
14.
apt-get install libpcre3-dev
15.
apt-get install g++
16.
apt-get install bison
17.
apt-get install flex
18.
apt-get install libpcap-ruby
19.
apt-get install mysql-server (要設密碼)
20.
apt-get install libmysqlclient16-dev
21.
tar zxvf snortreport-1.3.1.tar.gz –C /var/www
22.
gedit /var/www/snortreport-1.3.1/srconf.php
$pass= ‘密碼要改’
define("NMAP_PATH", "/usr/local/bin/nmap v");
define("NBTSCAN_PATH", "/usr/local/bin/nbtscan");
23.
tar zxvf daq-0.5.tar.gz
./configure && make && make install
ldconfig
24.
tar zxvf libdnet-1.12.tar.gz
./configure && make && make install
ln –s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1
25.
tar zxvf snort-2.9.0.4.tar.gz
cd snort-2.9.0.4
./configure --prefix=/usr/local/snort --enable-ipv6 --enable-gre --enable-mpls
--enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling –enable-zlib --enable-active-response –enable-normalizer --enable-reload --enable-react --enable-flexresp3
make && make install
mkdir /var/log/snort
groupadd snort
useradd –g snort snort
chown snort:snort /var/log/snort
26.
mysql –u root –p
SET PASSWORD FOR root@localhost=PASSWORD(‘密碼’);
create database snort;
grant ALL PRIVILEGE on snort.* to snort@localhost with GRANT option;
SET PASSWORD FOR snort@localhost=PASSWORD(‘密碼’);
exit
cd /原始source的路徑/snort-2.9.0.4/schemas
mysql –p < create_mysql snort
27.
tar zxvf snortrules-snapshot-2904.tar.gz –C /usr/local/snort
28.
mkdir /usr/local/snort/lib/snort_dynamicrules
29.
cp /usr/local/snort/so_rules/precompiled/Ubuntu-10-4/i386/2.9.0.4/* /usr/local/snort/lib/snort_dynamicrules
30.
tar zxvf barynard2-1.8.tar.gz
cd barnyard2-1.8
./configure –with mysql
make && make install
cp ./etc/barynard2.conf /usr/local/snort/etc
mkdir /var/log/barynard2
chmod 666 /var/log/barynard2
touch /var/log/snort/barynard2,waldo
chown snort.snort /var/log/snort/barynard2.waldo
31.
gedit /usr/local/snort/etc/barynard2.conf
config reference_file: /usr/local/snort/etc/reference.config
config classification_file: /usr/local/snort/etc/classification.config
config gen_file: /usr/local/snort/etc/genmsg.map
config sid_file: /usr/local/snort/etc/sidmsg.map
config hostname: localhost
config interface: eth0
output database: log, mysql, user=snort password=密碼 dbname=snort host=localhost
32.
gedit /usr/local/snort/etc/snort.conf
dynamicpreprocessor directory usr/local/snort/lib/snort_dynamicpreprocessor/
dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so
dynamicdetection directory /usr/local/snort/lib/snort_dynamicrules
output unified2: filename snort.u2, limit 128
33.
gedit /etc/rc.local
/usr/local/snort/bin/snort –D –u snort –g -snort \
–c /usr/local/snort/etc/snort.conf –I eth0
/usr/local/bin/barnyard2 –c /usr/local/snort/etc/barnyard2.conf
-G /usr/local/snort/etc/genmsg.map \
-S /usr/local/snort/etc/sidmsg.map \
-d /var/log/snort \
-f snort.u2 \
-w /var/log/snort/barnyard2.waldo \
-D
34.
reboot
沒有留言:
張貼留言