 |
|
 |
| 您现在的位置: 先创网 >> 网络应用 >> 网络安全 >> 文章正文 |
|
|
| 在linux系统下构建入侵检测系统 |
| 金山软件 |
| 2008-4-21 10:18:15文/佚名 |
|
|
|
|
|
5.安装 Snort2.0
5.1建立snort配置文件和日志目录
mkdir /etc/snort
mkdir /var/log/snort
tar -zxvf snort-2.x.x.tar.gz
cd snort-2.x.x
/configure –with-mysql=/usr/local/mysql
make
make install
5.2安装规则和配置文件
cd rules (在snort安装目录下)
cp * /etc/snort
cd ./etc
cp snort.conf /etc/snort
cp *.config /etc/snort
5.3修改snort.conf(/etc/snort/snort.conf)
var HOME_NET 10.2.2.0/24 (修改为你的内部网网络地址,我的是
192.168.0.0/24)
var RULE_PATH ./rules 修改为 var RULE_PATH /etc/snort/
改变记录日志数据库:
output database: log, mysql, user=root password=your_password
dbname=snort host=localhost
5.4设置snort为自启动:
在snort安装目录下
cd /contrib
cp S99snort /etc/init.d/snort
vi /etc/init.d/snort
修改snort如下:
CONFIG=/etc/snort/snort.conf
#SNORT_GID=nogroup (注释掉)
#8194;$SNORT_PATH/snort -c ?$CONFIG -i ?$IFACE ?$OPTIONS
(去掉原文件中的 -g ?$SNORT_GID )
chmod 755 /etc/init.d/snort
cd /etc/rc3.d
ln -s /etc/init.d/snort S99snort
ln -s /etc/init.d/snort K99snort
cd /etc/rc5.d
ln -s /etc/init.d/snort S99snort
ln -s /etc/init.d/snort K99snort
上一页 [1] [2] [3] [4] [5] [6] 下一页 |
|
|
|
|
|
|
 |
|
 |
|
|
|
相关文章 
