Windows平台下基于snort的入侵检测系统安装详解
- 格式:pdf
- 大小:495.93 KB
- 文档页数:12
Windows平台下基于snort的入侵检测系统安装详解
序言:最近公司网络总是不间断出现点问题,也搭建了一些流量监控服务器进行监控和分析;也一直在关注网络安全方面的知识。看到snort IDS是一个开源的软件,突然想学习下。就有了搭建Windows下Snort IDS的想法。一下内容参考网络上的资料。
1.软件准备
Apache,php,mysql,winpcap,snort,acid,adodb,jpgraph等
2.软件安装
window平台:windows xp sp3
(1)apache的安装
一路下一步,具体配置如下图:
安装完成后验证web服务是否运行正常
(2)mysql安装
(3)php安装
解压php压缩包到C盘下并命名为php
复制c:\php\phpini-dist到c:\windows下并重命名为php.ini
复制c:\php\php5ts.dll,c:\php\libmysql.dll 到 c:\windows\system32下复制c:\php\ext\php_gd2.dll到c:\windows\system32下
修改 c:\apache\conf\httpd配置文件
添加LoadModule php5_module c:/php/php5apache2_2.dll
AddType application/x-httpd-php .php
重启apache服务
在c:\apache\htdocs\下新建test.php
phpinfo();
?>
http://x.x.x.x/test.php验证php能否工作
修改c:\windows下php.ini文件extension_dir = "c:\php\ext"
去掉“;” extension=php_gd2.dll 去掉“;” extension=php_mysql.dll 重启apache服务
验证php对mysql和gd库的支持
(4) winpcap 安装 按向导进行安装 (5)snort 安装 按向导进行安装
(6)复制C:\Snort\schemas下的create_mysql到C:\mysql\bin下创建snort需要的数据库
通过source create_mysql 创建snort,snort_archive数据库
(7) 解压acid、adodb、jpgraph相关压缩包并复制到C:\apache\htdocs下如图
修改acid_conf.php文件
$DBlib_path = "c:\apache\htdocs\adodb";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "3306";
$alert_user = "root";
$alert_password = "password";
/* Archive DB connection parameters */
$archive_dbname = "snort_archive";
$archive_host = "localhost";
$archive_port = "3306";
$archive_user = "root";
$archive_password = "password";
$ChartLib_path = "c:\apache\htdocs\jpgraph\src";
(8)解压缩snortrules包,并拷贝到snort安装目录
修改c:\snort\etc\snort.conf文件如下
var HOME_NET [192.168.12.0/23,192.168.14.0/23] /监控网段
var RULE_PATH c:\snort\rules /指定规则库
/指定动态处理器路径
dynamicpreprocessor file c:\snort\lib\snort_dynamicpreprocessor\sf_dcerpc.dll dynamicpreprocessor file c:\snort\lib\snort_dynamicpreprocessor\sf_dns.dll dynamicpreprocessor file c:\snort\lib\snort_dynamicpreprocessor\sf_ftptelnet.dll dynamicpreprocessor file c:\snort\lib\snort_dynamicpreprocessor\sf_smtp.dll dynamicpreprocessor file c:\snort\lib\snort_dynamicpreprocessor\sf_ssh.dll dynamicpreprocessor file c:\snort\lib\snort_dynamicpreprocessor\sf_ssl.dll dynamicpreprocessor file c:\Snort\lib\snort_dynamicpreprocessor\sf_dce2.dll dynamicengine c:\snort\lib\snort_dynamicengine\sf_engine.dll
/注销掉动态监测功能
# dynamicdetection file /usr/local/lib/snort_dynamicrules/bad-traffic.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/chat.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/dos.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/exploit.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/imap.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/misc.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/multimedia.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/netbios.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/nntp.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/p2p.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/smtp.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/sql.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/web-client.so
# dynamicdetection file /usr/local/lib/snort_dynamicrules/web-misc.so
/指定输出数据库类型及用户名、密码、数据库名等信息