Upload
lyax1365
View
216
Download
0
Embed Size (px)
Citation preview
8/3/2019 014-snortinstallguide292
1/12
ABCDEFFAABD
A!BD
"DB#AA$F%F&DF
'E$(F%$))D*D+(DE,,---$))D*D++)
AD.'D
B+F/0E)D)E1-DB(D)ED.D2A+3A/BCD
ABCDEDFCCCC
2"+DBD
F4EDA($D)+0DAA.4EDA($D)EBAD
CDE-ABABA#EAE-ABABDECDE
-ABABADAA+0"-ABABABD-ABABA-ABDADCD'.(D-ABABA2A$ABD(ED5D-3'AB'.((ABC(D(
6(7$D)8A+(-CDE
'9DA3F"DB"32/AB4D#A2D((
http://www.symmetrixtech.com/http://www.symmetrixtech.com/8/3/2019 014-snortinstallguide292
2/12
B+
DEED.B+)DE!BDDD-A)EDAA(BD(D$))D*D+(D:CDEEAB(-+D.D:ED!DABBDD+$D)*"DADDAEA+3A(D)D+A(D.D-DD+DA.-(
F/0E)D)E
BDB+ADB"'.D,";D.ADDDD-D:D((-AED$)EDBDE$)DDDBD-DABDB+ADB)A+DAA+A$BDD..(ABA-3A-DD$ED.)AB)AAB!D-DAA+3BDD+DB$
D.-(BA(A)ADDE($
8/3/2019 014-snortinstallguide292
3/12
ABCDEDFCCCC
D.(DA!D%DD-3+AB.A+(DA..+$-A)-A!D"ABBD-)A3D.A)DB..+.D"'D+)E)DB.)AD*DA+DDD-3+AB.A+($AB)A!D-3A-A!DADA?AD"ABBDABA++DA$EDE-D)DB$AB)A!D-3A
:)EADA)BD-+DBD-3D!)DADA+EA-+$DDAD.DDDD-3:A..+BDA$$DDBDDED-+D@)DB@EADBAB+D+DD*DAD-3+AB8)DB$+ADDAA..+(((D-+D-3+AD-)ED-+DABD()DD+)D)+)D+)ED*ABD0D
8/3/2019 014-snortinstallguide292
4/12
)ED)A+D-+D$BD+ED.B+)D'E,,---(.)D.)A
2"+DBD
F4EDA($D)
+0D*
D.BD.DB-AB*8D:D((DF;A)DB.(D)EED+AD'A+A-EE$D+$EBAD.D4..!D$DA>+AD%EF
8/3/2019 014-snortinstallguide292
5/12
DAAB.$DD+'D%D)!DD'ABD)A+D-AA?D*!D.7-DDDB(-DDA++$+DADBDAD2$BD.A$+A(A>D!D$(AD0DDE!D(DBD-DB+))AB
4+D$:!D((DB%DD@.+.(+))ABBDD)DDD)EA$"ABBD.D)A+D.$DB='"7+AD=.)A-3A(DA++$DEDAD-+)A3DDD.DE+DADAD;+E$ABEAD%D+
8/3/2019 014-snortinstallguide292
6/12
-ABABDECDE
DD*DEB-ABAB+.(DCDE:A!AADAE,,---$))D*D++) BDDB-ABD+.-(D+D!DF-ABDE?FA(ABD+$$)A+D4EDA+))ABE)EDBD+$-+$B-ABDBCDEABDD.-(+))AB
sudo tar zxvf snortreport-1.3.3.tar.gz -C /var/www/
5--DDDB)B.$DCDE+.(A.DD.D+$6$G(.AB+A.DE(AEAD'A(DD.D$DB(+.EE-+))AB
sudo vi /var/www/snortreport-1.3.3/srconf.php
'A(DD.-(D.)
$pass = "YOURPASS";
!AD;DDEA-B$+DD6$GDEDEDADADA74C"84C
8/3/2019 014-snortinstallguide292
7/12
-ABABA
8D-D+BADEA+3A(D.)DFDED%ABD:(AADDDADAB(DAD!D.D(DE-D:D((+)EDABAD+D+BD4EDE,,---(,?B-AB-$-DABB-ABDD-DAD!D.-(%:!DAB+ADBDDE,,---(,B-AB,FH'E$ABD+$$)A+D
D.-(DE-A,,+A,$+A+A(DABD+$.$3($)B.$(DEAD-
4EDA+))ABE)EABDD.-(+))AB.)DBD+$-DD$B-ABDBD+D+BD
sudo tar zxvf snort-2.9.2.tar.gzcd snort-2.9.2sudo ./configure --prefix=/usr/local/snort --enable-sourcefiresudo makesudo make installsudo mkdir /var/log/snortsudo mkdir /var/snort
sudo groupadd snortsudo useradd -g snort snortsudo chown snort:snort /var/log/snort
7:A!DDDD6$GEA-BA$+DDADDD*-DEBD+DADDBAAAD
echo "create database snort;" | mysql -u root -pmysql -u root -p -D snort < ./schemas/create_mysql
5D*-DDDB+DADAABBA6$GD.DA:A(BBDADBAD)ACD)D)DDEA-BA$DDD-DD(D0DABDEA-B
ABBDBD0DABDDDD+AD)D
echo "grant create, insert, select, delete, update on snort.* to snort@localhost \identified by 'YOURPASSWORD'" | mysql -u root -p
-ABDADCD
DD*DEB-ABDADDD7:DDB(D+D.DDA-DBD(DD.DDADDAD+ADBDDE,,---(,?D
DDAD-D+EA(D>D.&C+DABD.D(DDBDD$B..DD+DADD(DDBDD.DADBA$BDAD.+D
-AB.D$)A+DD?AE?A(
http://www.snort.org/snort-downloadshttp://www.snort.org/snort-downloadshttp://www.snort.org/downloads/1347https://www.snort.org/snort-ruleshttps://www.snort.org/snort-ruleshttp://www.snort.org/snort-downloadshttp://www.snort.org/downloads/1347https://www.snort.org/snort-rules8/3/2019 014-snortinstallguide292
8/12
4EDA+))ABE)EDBD+$-DD$B-ABDBDDD.DABDD.-(+))AB
sudo tar zxvf snortrules-snapshot-2920.tar.gz -C /usr/local/snortsudo mkdir /usr/local/snort/lib/snort_dynamicrulessudo cp /usr/local/snort/so_rules/precompiled/Ubuntu-10-4/i386/2.9.2.0/* \
/usr/local/snort/lib/snort_dynamicrulessudo touch /usr/local/snort/rules/white_list.rules
sudo touch /usr/local/snort/rules/black_list.rulessudo ldconfig
'.(D
5--DDDBDBD+.+.(A.D
sudo vi /usr/local/snort/etc/snort.conf
'A(DDDD.)var WHITE_LIST_PATH /etc/snort/rulesvar BLACK_LIST_PATH /etc/snort/rules
var WHITE_LIST_PATH /usr/local/snort/rulesvar BLACK_LIST_PATH /usr/local/snort/rules
'A(DDDD.)dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.sodynamicdetection directory /usr/local/lib/snort_dynamicrules
dynamicpreprocessor directory /usr/local/snort/lib/snort_dynamicpreprocessor/dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so
dynamicdetection directory /usr/local/snort/lib/snort_dynamicrules
2D-D;ED.DB(.2A$AB-+$+AB-ABDDE,,---D+*!D+),B-AB,A$AB,A$AB?FA(
http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gzhttp://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz8/3/2019 014-snortinstallguide292
9/12
EA+3ABA2A$AB-D.-(+))AB
sudo tar zxvf barnyard2-1.9.tar.gzcd barnyard2-1.9sudo ./configure --with-mysqlsudo makesudo make installsudo cp etc/barnyard2.conf /usr/local/snort/etc
sudo mkdir /var/log/barnyard2sudo chmod 666 /var/log/barnyard2sudo touch /var/log/snort/barnyard2.waldosudo chown snort.snort /var/log/snort/barnyard2.waldo
6B.$D2A$AB+.(A.D-D.-(+))AB
sudo vi /usr/local/snort/etc/barnyard2.conf
'A(DD.-(D.)
config reference_file: /etc/snort/reference.configconfig classification_file: /etc/snort/classification.config
config gen_file: /etc/snort/gen-msg.mapconfig sid_file: /etc/snort/sid-msg.map
#config hostname: thor#config interface: eth0
#output database: log, mysql, user=root password=test dbname=db host=localhost
;D$6$GEA-BDAB.74C"84CDADD-
8/3/2019 014-snortinstallguide292
10/12
DD!AD
auto eth0iface eth0 inet staticaddress 192.168.1.1netmask 255.255.255.0network 192.168.1.0broadcast 192.168.1.255
gateway 192.168.1.1
5-ABBD.-(DADDB.D.DADD+B+AB-A"ABBD
auto eth1iface eth1 inet manualifconfig eth1 up
A!DABD*D.DDDDDD+))AB
sudo /etc/init.d/networking restart
5-$+A+D+DD-3+ADAADB9(DF/+D+DBDA)DDA$)(-3AABDF+D+DBDD()DA$-A)7+A!D.$$(D@.+.(+))AB7EB3)D(3D;AD!ADBDD
8/3/2019 014-snortinstallguide292
11/12
DEADD.-(+DD.D;D.DD@exit 0D
8/3/2019 014-snortinstallguide292
12/12
'))D%.DDBA+3AB+AD-D+)DABD+A(DBAA+DI$))D*D++)
&D-DAE,,---$))D*D++) .DADD-CDEABB-ABDD-D!D
8DA($D+))DB((E.D?D)A(A!AADAE,,---(AB.-(-D.D-(BDABEBADCDEDDE,,-D+),$))D*D+ ;B:-$%.DDBAA-D!D.A..+F>ADDAD
mailto:[email protected]:[email protected]://www.symmetrixtech.com/http://www.symmetrixtech.com/http://www.snort.org/http://www.snort.org/http://twitter.com/symmetrixtechhttp://twitter.com/symmetrixtechmailto:[email protected]://www.symmetrixtech.com/http://www.snort.org/http://twitter.com/symmetrixtech