- 追加された行はこの色です。
- 削除された行はこの色です。
[[Snort]]
iYcEDA <a href="http://etkjltlpqumi.com/">etkjltlpqumi</a>, [url=http://qenqejfdxdvl.com/]qenqejfdxdvl[/url], [link=http://mbkhddzoudnn.com/]mbkhddzoudnn[/link], http://pfinorqatmfb.com/
*Snort+ACIDを動かしてみる [#j744593f]
**MySQL 4.0.18[#k9b1f8c3]
-%%MySQL-server-4.0.18-0.i386.rpm%%
-%%Mysql-devel-4.0.18-0.i386.rpm%%
-%%Mysql-client-4.0.18-0.i386.rpm%%
%%とりあえず、インストール%%
ソースからインストール
-mysql-4.0.18.tar.gz
./configure --prefix=/usr/local/mysql --with-charset=ujis --with-charsets=all
make;make install
./scripts/mysql_install_db
chown -R root /usr/local/mysql
chgrp -R mysql /usr/local/mysql/var
chgrp -R mysql /usr/local/mysql
cp ./support-files/my-medium.cnf /etc/my.cnf
vi /etc/ld.so.conf
/sbin/ldconfig -v
-起動設定
cp ./support-files/mysql.server /etc/init.d/mysql
ln -s /etc/init.d/mysql /etc/rc3.d/S85mysql
ln -s /etc/init.d/mysql /etc/rc3.d/K85mysql
chmod 755 /etc/init.d/mysql
**[[PHP]] 4.3.4[#q39ea178]
./configure \
--enable-mbstring \
--enable-mbstr-etc-trans \
--enable-mbregex \
--enable-zend-multibyte \
--with-pgsql \
--with-apxs=/usr/sbin/apxs \
--with-gd=/usr \
--with-ttf=/usr \
--enable-gd-native-ttf \
--with-free-type-dir=/usr \
--with-jpeg-dir=/usr/lib \
--with-png-dir=/usr/lib \
--with-zlib-dir=/usr/lib \
--prefix=/usr/local/php \
--enable-sockets \
--with-mysql=/usr/local/mysql \
--with-gd
make
make install
php呼び出されることを確認
cat /usr/local/httpd/conf/http.conf | grep php
# LoadModule php4_module modules/libphp4.so
# AddType application/x-httpd-php .php
**Snort 2.1.1[#bab4b257]
rpm -qa|grep pcap
で存在を確認、既に入っているのでパス。同様にpcreもチェック
rpm -qa|grep pcre
入っていないので
apt-get install pcre*
./configure --prefix=/usr/local/snort --with-mysql=/usr/local/mysql # となっていたが
./configure --prefix=/usr/local/snort --with-mysql=/usr/include/mysql # にしてみた
make
make install
設定及びルールをコピー
cp -Rp ./snort-2.1.1/etc /usr/local/snort/conf
cp -Rp ./snort-2.1.1/rules /usr/local/snort/rules
# vi /usr/local/snort/conf/snort.conf
output database: log,mysql,user=root password=snort dbname=snort_db
システム起動時に自動起動するよう設定
cp ./snort-2.1.1/contrib/S99snort /etc/init.d/snort
chmod 755 /etc/init.d/snort
ln -s /etc/init.d/snort /etc/rc3.d/S99snort
ln -s /etc/init.d/snort /etc/rc3.d/K99snort
**データ保持用にMySQLを設定 [#t1e05844]
/usr/local/mysql/bin/mysqladmin - u root -u root password ROOT_PASS
/usr/local/mysql/bin/mysql -u root -p
create database snort_db
connect snort_db
# ACID用テーブル
source ./snort-2.1.1/contrib/create_mysql
# ACID用エクストラテーブル
system gzip -d ./snort-2.1.1/contrib/snortdb-extra.gz
source ./snort-2.1.1/contrib/snortdb-extra
#
grant INSERT,SELECT on snort_db.* to snort@localhost;
grant UPDATE on snort_db.sensor to snort@localhost;
#
grant CREATE,INSERT,SELECT,UPDATE,DELETE on snort_db.* to acid@localhost;
#
set password for 'snort'@'localhost' = password('snort_pass');
set password for 'acid'@'localhost' = password('acid_pass');
**JpGraph 1.14 [#sf08e651]
tar zxvf ./jpgraph-1.14.tar.gz
mv ./jpgraph-1.14 /usr/local/php/include/jpgraph
**adodb 4.2.1 [#be7e6382]
tar zxvf ./adodb421.tgz
mv ./adodb /usr/local/php/include/adodb
**acidの設定 0.9.6b23[#s8aa000c]
# /usr/local/httpd/acid/acid_conf.php
$DBlib_path="/usr/local/php/include/adodb";
$DBtype="mysql";
$alert_dbname="snort_db";
$alert_host="localhost";
$alert_port="";
$alert_user="acid";
$alert_password="acid_pass"; # mysqlのacidユーザ
$ChartLib_path="/usr/local/httpd/jpgraph/src";
$chart_file_format="png";
**acidにアクセス [#e3b5610c]
http://localhost/acid/acid_main.php にアクセス
# ユーザの追加
#htpasswd -c /var/www/htpass/acid_user USER_NAME
# httpd.confで認証
Alias /ACID/ /var/www/acid/
<Directory /var/www/acid/ >
DirectoryIndex acid_main.php
AuthType Basic
AuthName "ACID"
AuthUserFile /var/www/htpass/acid_user
Require valid-user
AllowOverride None
</Directory>
*参照 [#y9a56923]
-Software Design 2004.3 - p.64
-[[しかPの単なるメモ帳:http://www.yk.rim.or.jp/~shikap/]]([[Snort+ACID:http://www.yk.rim.or.jp/~shikap/security/snort/use_snort.html]])