Linux系统安装IDS(snort工具)

Posted 2021-01-28 gejuncheng

第一步：预装daq所需程序

snort使用数据采集器(daq)监听防火墙数据包队列，所以按照daq。需预装的程序有：flex、bison、libcap。

sudo apt-get install flex
sudo apt-get install bison
sudo aptitude install libpcap-dev

第二步：安装daq

wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz

tar xvfz daq-2.0.6.tar.gz
                      
cd daq-2.0.6
./configure && make && sudo make install

第三步：安装snort所需程序

aptitude install libpcre3-dev
aptitude install libdumbnet-dev
aptitude install zlib1g-dev

第四步：安装snort

wget https://www.snort.org/downloads/snort/snort-2.9.11.tar.gz  

tar xvfz snort-2.9.11.tar.gz
                      
cd snort-2.9.11
./configure --enable-sourcefire && make && sudo make install

第五步：运行 snort 会要求你安装响应包，安装即可

//运行snort -V

//提示安装下面包

apt-get install snort
apt-get install snort-mysql
apt-get install snort-pgsql
//此时snort已经可以运行，看到一只小猪

,,_ -*> Snort! <*-
o" )~ Version 2.9.2 IPv6 GRE (Build 78)
‘‘‘‘ By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
Copyright (C) 1998-2011 Sourcefire, Inc., et al.
Using libpcap version 1.1.1
Using PCRE version: 8.12 2011-01-15
Using ZLIB version: 1.2.3.4

//-----------------

//安装一些依赖包，为后面的图形化做准备

安装apache

apt-get install apache2

安装mysql

apt-get install mysql-server

安装php

apt-get install php5

 第六步：为snort创建一个数据库，和一个用户

$ mysql –u root –p

mysql> CREATE DATABASE snort;
mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to [email protected];
mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort;
mysql> SET PASSWORD FOR [email protected]=PASSWORD(‘yourpassword‘);
mysql> exit