A. Ci t cc gi ph tr1.Ci t wget# yum install wget -y2. Thay th
flie yum.repos.d# mv /etc/yum.repos.d/CentOS-Base.repo
/etc/yum.repos.d/CentOS-Base.repo.backup#wget -O
/etc/yum.repos.d/CentOS-Base.repo
http://mirrors.aliyun.com/repo/Centos-6.repo#yum clean all#yum
makecache3. Update file h thng#yum -y update4.ci t epel#yum install
epel-release -yB. Ci t PHP & BASEChun b cc gi ci t
sau:-phpMyAdmin-4.4.6.1-english.tar.gzhttp://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.6.1/phpMyAdmin-4.4.6.1-english.tar.gz/download-adodb519.tar.gzhttp://sourceforge.net/projects/adodb/files/adodb-php5-only/adodb-519-for-php5/adodb519.tar.gz/download-base-1.4.5.tar.gzhttp://sourceforge.net/projects/secureideas/files/BASE/base-1.4.5/base-1.4.5.tar.gz/download-barnyard2-1.9.tar.gzhttp://ftp.psu.ac.th/pub/snort/barnyard2-1.9.tar.gz
1.Ci t LMAP#yum install httpd mysql-server php php-mysql
php-mbstring php-mcrypt mysql-devel -y2.Ci t php#yum install mcrypt
libmcrypt libmcrypt-devel -y 3.Ci t pear#yum install php-pear
-y#pear upgrade pear#pear channel-update pear.php.net#pear install
mail#pear install Image_Graph-alpha Image_Canvas-alpha Image_Color
Numbers_Roman#pear install mail_mime4.Gii nn phpmyadmin#tar zxvf
phpMyAdmin-4.4.6.1-english.tar.gz -C /var/www/html#mv
/var/www/html/phpMyAdmin-4.4.6.1-english /var/www/html/phpmyadmin
5. Gii nn adodb#tar zxvf adodb519.tar.gz -C /var/www/html#mv
/var/www/html/adodb5 /var/www/html/adodb 6. Gii nn base#tar zxvf
base-1.4.5.tar.gz -C /var/www/html#mv /var/www/html/base-1.4.5
/var/www/html/base 7.Sa file php.ini#vi /etc/php.inierror_reporting
= E_ALL & ~E_NOTICE 8.Sa file phpmyadmin#vi
/var/www/html/phpmyadmin/libraries/config.default.php$cfg['blowfish_secret']
= ''; thay bng $cfg['blowfish_secret'] = '123456';9.Phn quyn th mc
/var/www/html#chown -R apache:apache /var/www/html 10.Ci t
adodb5#chmod 755 /var/www/html/adodb11.Ci t mysql Gii nn
barnyard2#tar zxvf barnyard2-1.9.tar.gz#service mysqld start#
mysqladmin -u root password 123456#mysql -uroot -p >create
database snort; >grant create,select,update,insert,delete on
snort.* to snort@localhost identified by '123456'; >exit#mysql
-usnort -p -Dsnort <
/root/Desktop/barnyard2-1.9/schemas/create_mysql12.Ci t
base#service mysqld start #service httpd start #service iptables
stop Truy cp theo ng dn: http://----IP----
/base/setup/index.php
C. Ci t snort+barnyard2Chun b cc gi ci t sau
libdnet-1.12.tgzhttp://ftp.psu.ac.th/pub/snort/libdnet-1.12.tgz
libpcap-1.7.2.tar.gzhttp://www.tcpdump.org/release/libpcap-1.7.2.tar.gz
daq-2.0.4.tar.gzhttp://sourceforge.net/projects/snort/files/snort/daq-2.0.4.tar.gz/download
snort-2.9.7.2.tar.gzhttp://sourceforge.net/projects/snort/files/snort/snort-2.9.7.2.tar.gz/download
snortrules-snapshot-2972.tar.gzhttps://www.snort.org/downloads/registered/snortrules-snapshot-2972.tar.gz
1.Cc ci cc bin dch #yum install gcc flex bison zlib libpcap
tcpdump gcc-c++ pcre* zlib* libdnet libdnet-devel 2.Ci t
libdnet#tar zxvf libdnet-1.12.tgz# cd libdnet-1.12# ./configure
&& make && make install 3.Ci t libpcap# tar zxvf
libpcap-1.7.2.tar.gz# cd libpcap-1.7.2 # ./configure &&
make && make install 4.Ci t DAQ# tar zxvf daq-2.0.4.tar.gz#
cd daq-2.0.4# ./configure && make && make
install
Set mode interface cho eth0:#ifconfig eth0 promisc5.Gii nn
snort#tar zxvf snort-2.9.7.2.tar.gz#cd snort-2.9.7.2# ./configure
--enable-sourcefire && make && make install 6. Ci t
snortTo cc th mc cn thit#mkdir /etc/snort#mkdir
/var/log/snort#mkdir /usr/local/lib/snort_dynamicrules#mkdir
/etc/snort/rules#touch /etc/snort/rules/white_list.rules
/etc/snort/rules/black_list.rules#cp
/tmp/snort-2.9.7.2/etc/gen-msg.map threshold.conf
classification.config reference.config unicode.map snort.conf
/etc/snort Sa file cu hnh snort#vi /etc/snort/snort.confipvar
HOME_NET any > ipvar HOME_NET 192.168.x.xipvar EXTERNAL_NET any
> ipvar EXTERNAL_NET !$HOME_NETvar RULE_PATH /etc/snort/rulesvar
SO_RULE_PATH /etc/snort/so_rulesvar PREPROC_RULE_PATH
/etc/snort/preproc_rulesvar WHITE_LIST_PATH /etc/snort/rulesvar
BLACK_LIST_PATH /etc/snort/rules config logdir/var/log/snortoutput
unified2filename snort.loglimit 128 7.Gii nn #tar zxvf
snortrules-snapshot-2972.tar.gz -C /etc/snort/#cp
/etc/snort/etc/sid-msg.map /etc/snort/ 8.Test snort# snort -T -i
eth0 -c /etc/snort/snort.conf
27/59.Ci t barnyard2#cd /tmp/barnyard2-1.9# ./configure
--with-mysql --with-mysql-libraries=/usr/lib64/mysql/ (64 bit)#
./configure --with-mysql (32bit)# make && make install 10.
To file v lin kt barnyard2# mkdir /var/log/barnyard2# touch
/var/log/snort/barnyard2.waldo# cp
/root/Desktop/barnyard2-1.9/etc/barnyard2.conf /etc/snortSa file
barnyard2.conf # vi /etc/snort/barnyard2.conf config logdir:
/var/log/barnyard2 config hostname: localhost config interface:eth0
config waldo_file: /var/log/snort/barnyard2.waldo output database:
log, mysql, user=snort password=123456 dbname=snort host=localhost
11.Test barnyard2# barnyard2 -c /etc/snort/barnyard2.conf -d
/var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo Test
rule snort1.add rule vo local.rule#vi
/etc/snort/rules/local.rulesalert icmp any any -> $HOME_NET any
(msg:"Co Nguoi Ping"; sid:1000003;rev:1;)alert icmp any any ->
$HOME_NET 81 (msg:"Scanning Port 81"; sid:1000001;rev:1;)alert tcp
any any -> $HOME_NET 22 (msg:"Scanning Port 22";
sid:1000002;rev:1;)alert icmp any any -> any any (msg: "IcmP
Packet detected";sid:1000001;)2.Khi ng li cc dch v v test snort v
barnyard2#service mysqld start#service httpd start#service iptables
stop#barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f
snort.log -w /var/log/snort/barnyard2.waldo -D# cd /usr/local/lib#
snort v# snort -c /etc/snort/snort.conf -l
/var/log/snort/#/usr/local/bin/snort -c /etc/snort/snort.conf -i
eth0 -g root -D# barnyard2 -c /etc/snort/barnyard2.conf -d
/var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo
3.Xem giao din
Ti Liu :http://ftp.psu.ac.th/pub/snort/https://snort.org/