An Ninh Mạng an ninh mang, hoc an ninh mang, network security, quan tri mang, bao mat, thu thuat, mang may tinh, he dieu hanh, tin hoc van phong, kien thuc quan tri mang, mang lan, mang wan Install Snort Inline on Centos
[[email protected] ~]# tar zxvf snort_inline-2.8.2.1-RC1.tar.gz [[email protected] ~]# mkdir /etc/snort_inline
[[email protected] ~]# mkdir /etc/snort_inline/rules [[email protected] ~]# cp snort_inline-2.8.2.1-RC1 /etc/* /etc/snort_inline/
[[email protected] ~]# vi /etc/snort_inline/snort_inline.conf
Find row:
# Path to your rules files (this can be a relative path)
#var RULE_PATH /etc/snort_inline/drop-rules
Replate with:
var RULE_PATH /etc/snort_inline/rules
[[email protected] etc]# cp classification.config /etc/snort_inline/rules/
[[email protected] etc]# cp reference.config /etc/snort_inline/rules/ [[email protected] etc]# mkdir /var/log/snort_inline [[email protected] ~]# yum -y install mysql-server libpcap-devel [[email protected] ~]# /etc/init.d/mysqld start
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password ‘new-password’
/usr/bin/mysqladmin -u root -h server3.centos.hva password ‘new-password’
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]
Starting MySQL: [ OK ]
Set password root for MySQL
[[email protected] ~]# mysqladmin -u root password centos
Examble : centos is password
[[email protected] ~]# mysql -u root -pEnter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.0.77 Source distribution
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
mysql> create database snort;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on snort.* to [email protected] identified by ’snort’;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Enter password: [[email protected] ~]# vi /etc/snort_inline/snort_inline.conf
Tìm dòng output alert_fast: snort_inline-fast thêm vào
output database: log, mysql, user=snortuser password=snort dbname=snort host=localhost
checking for pcap_datalink in -lpcap… no
ERROR! Libpcap library/headers not found, go get it from
http://www.tcpdump.org
or use the –with-libpcap-* options, if you have it installed
in unusual place
[[email protected] ~]# tar zxvf libpcap-1.1.1.tar.gz
[[email protected] ~]# cd libpcap-1.1.1
[[email protected] libpcap-1.1.1]# ./configure
[[email protected] libpcap-1.1.1]# make
[[email protected] libpcap-1.1.1]# make install
ERROR! Libpcre header not found, go get it from
http://www.pcre.org
[[email protected] snort_inline-2.8.2.1-RC1]# cd [[email protected] ~]# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.02.tar.gz[[email protected] ~]# tar zxvf pcre-8.02.tar.gz
[[email protected] ~]# cd pcre-8.02
[[email protected] pcre-8.02]# ./configure [[email protected] pcre-8.02]# make
[[email protected] pcre-8.02]# make install
**********************************************
ERROR: unable to find mysql headers (mysql.h)
checked in the following places
/usr/include
/usr/include/mysql
/usr/local/include
/usr/local/include/mysql
**********************************************
./configure: line 24184: dnet-config: command not found
./configure: line 24186: dnet-config: command not found
checking libipq.h usability… no
checking libipq.h presence… no
checking for libipq.h… no
configure: error: libipq.h not found …
# yum install iptables-devel
checking dnet.h presence… no
checking for dnet.h… no
ERROR! Libdnet header not found, go get it from
http://libdnet.sourceforge.net or use the –with-dnet-*
options, if you have it installed in an unusual place
[[email protected] ~]# tar zxvf libdnet-1.11.tar.gz
[[email protected] ~]# cd libdnet-1.11
[[email protected] libdnet-1.11]# ./configure
[[email protected] libdnet-1.11]# make
[[email protected] libdnet-1.11]# make install
[[email protected] snort_inline-2.8.2.1-RC1]# ./configure –with-mysql
[[email protected] snort_inline-2.8.2.1-RC1]# make
[[email protected] snort_inline-2.8.2.1-RC1]# make install [[email protected] ~]# snort_inline -Q -v -c /etc/snort_inline/snort_inline.conf -l /var/log/snort_inline
Reading from iptables
Running in IDS mode
Initializing Inline mode
InitInline: : Failed to send netlink message: Connection refused [[email protected] ~]# modprobe ip_queue
[[email protected] ~]# lsmod | grep ip_queue
ip_queue 14561 0 [[email protected] ~]# iptables -A INPUT -j QUEUE [[email protected] ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root 3163 2989 0 15:23 pts/0 00:00:00 grep snort_inline [[email protected] ~]# vi /etc/init.d/snort_inlined
#!/bin/bash
#
# snort_inline
start(){
# Start daemons.
echo “Starting ip_queue module:”
lsmod | grep ip_queue >/dev/null || /sbin/modprobe ip_queue;
#
echo “Starting iptables rules:”
# iptables traffic sent to the QUEUE:
# accept internal localhost connections
iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# send all the incoming, outgoing and forwarding traffic to the QUEUE
iptables -A INPUT -j QUEUE
iptables -A FORWARD -j QUEUE
iptables -A OUTPUT -j QUEUE
# Start Snort_inline
echo “Starting snort_inline: ”
/usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -Q -D -v \
-l /var/log/snort_inline
# -Q -> process the queued traffic
# -D -> run as a daemon
# -v -> verbose
# -l -> log path
# -c -> config path
}
stop() {
# Stop daemons.
# Stop Snort_Inline
# echo “Shutting down snort_inline: ”
killall snort_inline
# Remove all the iptables rules and
# set the default Netfilter policies to accept
echo “Removing iptables rules:”
iptables -F
# -F -> flush iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# -P -> default policy
}
restart(){
stop
start
}
case “$1″ in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo $”Usage: $0 {start|stop|restart|}”
exit 1
esac
[[email protected] ~]# /etc/init.d/snort_inlined restart
[[email protected] ~]# snort_inline -Q -v -c /etc/snort_inline/snort_inline.conf -l /var/log/snort_inline
Reading from iptables
Running in IDS mode
Initializing Inline mode
–== Initializing Snort ==–
Initializing Output Plugins!
See more:
If you want to see the password on laptop?
Lượt xem (2419)
Bài viết liên quan:
Install Mod Security on CentOS 6.x 
Cài đăt Mod Security trên CENTOS (p2) 
Cài đặt Webserver, PHP, Mysql, Mod Security trên CentOS 6.x (p1) 
Một số lệnh cơ bản trong CENTOS Install Mod Security on IIS7.5 (Windows 2008R2) 
Reset Password Root Centos 
Linux Firewall IPtables Configuration #02 – Tìm hiểu về Tables, Chains, Rules và xử lý packet trong IPtables 
Hệ thống chống xâm nhập
Để lại bình luận: