ubuntu 12.04 安装snort acidbase相关注意事项

 

一、安装Snort

 

1.安装libpcap

1	apt-get install libpcap-dev

 

 

2.安装snort

1 2	apt-get install snort apt-get install snort-mysql

 

 

 

3.创建数据库及用户

1 2 3 4 5

mysql> CREATE DATABASE snort; mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort@localhost; mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort; mysql> SET PASSWORD FOR snort@localhost=PASSWORD('snort-db'); //此处snort-db为密码 mysql> exit

 

4.创建数据库表结构

1 2	$ cd /usr/share/doc/snort-mysql $ zcat create_mysql.gz | mysql -u snort -D snort -psnort-db

 

 

 

5.设置 snort 把 log 文件输出到 MySQL 数据库中

 

1	$ sudo vi /etc/snort/snort.conf

1)将 "ipvar HOME_NET any"更换为"ipvar HOME_NET 192.168.0.0/16"

2)将"ipvar EXTERNAL_NET any"注释掉

3)将"ipvar EXTERNAL_NET !$HOME_NET"注释去掉

4)将日志输出设置到 MySQL 数据库中，如下所示：

1	output database: log, mysql, dbname=snort user=snort password=snort-db host=localhost

 

1	$ sudo vi /etc/snort/database.conf

1)注释掉第一行

2）添加

1	output database: log, mysql, dbname=snort user=snort password=snort-db host=localhost

 

6.配置snort  

1	snort -g snort -c /etc/snort/snort.conf

7.启动snort

1	service snort start

 

二、安装和配置 acid-base

1 2	apt-get install php5-adodb apt-get install acidbase

3.修改acidbase apache配置文件

1	vi /etc/apache2/conf.d/acidbase.conf

修改为

 

1 2 3 4 5 6 7 8 9 10 11 12

<DirectoryMatch /usr/share/acidbase/>   Options FollowSymLinks   #AllowOverride None   #order deny,allow   #deny from all   allow from 221.13.130.115   <IfModule mod_php5.c>     php_flag magic_quotes_gpc Off     php_flag track_vars On     php_value include_path .:/usr/share/php   </IfModule> </DirectoryMatch>

 

3.添加可执行php的目录

1	vi /etc/php5/apache2/php.ini

1	open_basedir = "/var/ftp/public/:/var/tmp/:/tmp/:/usr/share/acidbase:/etc/acidbase/:/usr/share/php/adodb/"

4.重启apache

1	service apache2 restart