[[Snort]] *Snort+ACIDを動かしてみる [#j744593f] **MySQL 4.0.18[#k9b1f8c3] -%%MySQL-server-4.0.18-0.i386.rpm%% -%%Mysql-devel-4.0.18-0.i386.rpm%% -%%Mysql-client-4.0.18-0.i386.rpm%% %%とりあえず、インストール%% ソースからインストール -mysql-4.0.18.tar.gz ./configure --prefix=/usr/local/mysql --with-charset=ujis --with-charsets=all make;make install ./scripts/mysql_install_db chown -R root /usr/local/mysql chgrp -R mysql /usr/local/mysql/var chgrp -R mysql /usr/local/mysql cp ./support-files/my-medium.cnf /etc/my.cnf vi /etc/ld.so.conf /sbin/ldconfig -v -起動設定 cp ./support-files/mysql.server /etc/init.d/mysql ln -s /etc/init.d/mysql /etc/rc3.d/S85mysql ln -s /etc/init.d/mysql /etc/rc3.d/K85mysql chmod 755 /etc/init.d/mysql **[[PHP]] 4.3.4[#q39ea178] ./configure \ --enable-mbstring \ --enable-mbstr-etc-trans \ --enable-mbregex \ --enable-zend-multibyte \ --with-pgsql \ --with-apxs=/usr/sbin/apxs \ --with-gd=/usr \ --with-ttf=/usr \ --enable-gd-native-ttf \ --with-free-type-dir=/usr \ --with-jpeg-dir=/usr/lib \ --with-png-dir=/usr/lib \ --with-zlib-dir=/usr/lib \ --prefix=/usr/local/php \ --enable-sockets \ --with-mysql=/usr/local/mysql \ --with-gd make make install php呼び出されることを確認 cat /usr/local/httpd/conf/http.conf | grep php # LoadModule php4_module modules/libphp4.so # AddType application/x-httpd-php .php **Snort 2.1.1[#bab4b257] rpm -qa|grep pcap で存在を確認、既に入っているのでパス。同様にpcreもチェック rpm -qa|grep pcre 入っていないので apt-get install pcre* ./configure --prefix=/usr/local/snort --with-mysql=/usr/local/mysql # となっていたが ./configure --prefix=/usr/local/snort --with-mysql=/usr/include/mysql # にしてみた make make install 設定及びルールをコピー cp -Rp ./snort-2.1.1/etc /usr/local/snort/conf cp -Rp ./snort-2.1.1/rules /usr/local/snort/rules # vi /usr/local/snort/conf/snort.conf output database: log,mysql,user=root password=snort dbname=snort_db システム起動時に自動起動するよう設定 cp ./snort-2.1.1/contrib/S99snort /etc/init.d/snort chmod 755 /etc/init.d/snort ln -s /etc/init.d/snort /etc/rc3.d/S99snort ln -s /etc/init.d/snort /etc/rc3.d/K99snort **データ保持用にMySQLを設定 [#t1e05844] /usr/local/mysql/bin/mysqladmin - u root -u root password ROOT_PASS /usr/local/mysql/bin/mysql -u root -p create database snort_db connect snort_db # ACID用テーブル source ./snort-2.1.1/contrib/create_mysql # ACID用エクストラテーブル system gzip -d ./snort-2.1.1/contrib/snortdb-extra.gz source ./snort-2.1.1/contrib/snortdb-extra # grant INSERT,SELECT on snort_db.* to snort@localhost; grant UPDATE on snort_db.sensor to snort@localhost; # grant CREATE,INSERT,SELECT,UPDATE,DELETE on snort_db.* to acid@localhost; # set password for 'snort'@'localhost' = password('snort_pass'); set password for 'acid'@'localhost' = password('acid_pass'); **JpGraph 1.14 [#sf08e651] tar zxvf ./jpgraph-1.14.tar.gz mv ./jpgraph-1.14 /usr/local/php/include/jpgraph **adodb 4.2.1 [#be7e6382] tar zxvf ./adodb421.tgz mv ./adodb /usr/local/php/include/adodb **acidの設定 0.9.6b23[#s8aa000c] # /usr/local/httpd/acid/acid_conf.php $DBlib_path="/usr/local/php/include/adodb"; $DBtype="mysql"; $alert_dbname="snort_db"; $alert_host="localhost"; $alert_port=""; $alert_user="acid"; $alert_password="acid_pass"; # mysqlのacidユーザ $ChartLib_path="/usr/local/httpd/jpgraph/src"; $chart_file_format="png"; **acidにアクセス [#e3b5610c] http://localhost/acid/acid_main.php にアクセス # ユーザの追加 #htpasswd -c /var/www/htpass/acid_user USER_NAME # httpd.confで認証 Alias /ACID/ /var/www/acid/ <Directory /var/www/acid/ > DirectoryIndex acid_main.php AuthType Basic AuthName "ACID" AuthUserFile /var/www/htpass/acid_user Require valid-user AllowOverride None </Directory> *参照 [#y9a56923] -Software Design 2004.3 - p.64 -[[しかPの単なるメモ帳:http://www.yk.rim.or.jp/~shikap/]]([[Snort+ACID:http://www.yk.rim.or.jp/~shikap/security/snort/use_snort.html]]) iYcEDA <a href="http://etkjltlpqumi.com/">etkjltlpqumi</a>, [url=http://qenqejfdxdvl.com/]qenqejfdxdvl[/url], [link=http://mbkhddzoudnn.com/]mbkhddzoudnn[/link], http://pfinorqatmfb.com/ IP:31.184.238.11 TIME:"2015-01-20 (火) 22:35:53" REFERER:"http://aqure.sakura.ne.jp/wiki/index.php?cmd=edit&page=Snort%2BACID" USER_AGENT:"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"