网络安全 频道

在RedHat9上构建入侵检测系统

进入mysql数据库,看看snort数据库中的表:

/usr/local/mysql/bin/mysql -p

gt;Enter password:

mysql>show databases;

+------------+

| Database

+------------+

| mysql

| snort

| test

+------------+

3 rows in set (0.00 sec)

mysql>use snort;

mysql>show tables; 将会有这些:

+------------------+

| Tables_in_snort |

+------------------+

| data

| detail

| encoding

| event

| flags

| icmphdr

| iphdr

| opt

| protocols

| reference

| reference_system

schema

| sensor

| services

| sig_class

| sig_reference

| signature

| tcphdr

| udphdr

+------------------+

19 rows in set (0.00 sec)

mysql>exit五.安装配置Web接口

  安装JPGraph1.11

cp jpgraph-1.11.tar.gz /www/htdocs

cd /www/htdocs

tar -xzvf jpgraph-1.xx.tar.gz

rm -rf jpgrap-1.xx.tar.gz

cd jpgraph-1.11

rm -rf README

rm -rf QPL.txt


  安装ADODB:

cp adodb330.tgz /www/htdocs/

cd /www/htdocs

tar -xzvf adodb330.tgz

rm -rf adodb330.tgz


  安装配置Acid:

cp acid-0.0.6b23.tar.gz /www/htdocs

cd /www/htdocs

tar -xvzf acid-0.9.6b23.tar.gz

rm -rf acid-0.9.6b23.tar.gz

cd /www/htodcs/acid/编辑acid_conf.php,修改相关配置如下:

#8194;$DBlib_path = "/www/htdocs/adodb";

/* The type of underlying alert database

*

* MySQL : "mysql"

* PostgresSQL : "postgres"

* MS SQL Server : "mssql"

*/

#8194;$DBtype = "mysql";

/* Alert DB connection parameters

* -  $alert_dbname : MySQL database name of Snort alert DB

* -  $alert_host : host on which the DB is stored

* -  $alert_port : port on which to access the DB

* -  $alert_user : login to the database with this user

* -  $alert_password : password of the DB user

*

* This information can be gleaned from the Snort database

* output plugin configuration.

*/

#8194;$alert_dbname = "snort";

#8194;$alert_host = "localhost";

#8194;$alert_port = "";

#8194;$alert_user = "root";

#8194;$alert_password = "Your_Password";

/* Archive DB connection parameters */

#8194;$archive_dbname = "snort";

#8194;$archive_host = "localhost";

#8194;$archive_port = "";

#8194;$archive_user = "root";

#8194;$archive_password = "Your_Password ";

And a little further down

#8194;$ChartLib_path = "/www/htdocs/jpgraph-1.11/src";

/* File format of charts (''png'', ''jpeg'', ''gif'') */

#8194;$chart_file_format = "png";


  进入web界面: http://yourhost/acid/acid_main.php ,点"Setup Page"链接 ->Create Acid AG ,访问http://yourhost/acid将会看到ACID界面。

六.测试系统

  重启系统或者直接启动相关后台程序:

/etc/init.d/mysql restart

/etc/init.d/snort start

/etc/init.d/httpd start


  利用nmap,nessus,CIS或者X-scan对系统进行扫描,产生告警纪录。

  http://yourhost/acid 察看纪录。

  至此,一个功能强大的IDS配置完毕。各位可以利用web界面 远程登陆,监控主机所处局域网,同时安装phpMyAdmin对mysql 数据库进行操控。
http://www.hack58.net/Article/60/61/2006/11592.htm

0
相关文章