english

2014年9月22
Rip xx from the rest of the xx把xx從什麼哦分離出
Stake賭注
Transcript 筆錄
Titan 巨頭
Magnitude 巨大的
Predict v預言
Chimpanzee 黑猩猩
Baboon 狒狒
Orangutan 猩猩
Gorilla 大猩猩
Utterly adv完全地
Irish i愛爾蘭人 adj愛爾蘭的
Commemoration n紀念儀式
Pension n退休金
Democrazy 民主國家 民主主義

2014年9月23
Extraodinary超乎尋常啊
Painstakingly  adv刻苦地
Dignity  n尊嚴
Frail adj脆弱的
Turn our back 拒絕支援
Desperate adj絕望的

2014年9月30
Protest n抗議vivt反抗，聲明反對
Censorship n反抗制度
Farreaching adj更深層次的 範圍廣泛的 影響深遠的
Watered down 被用水撲滅 被普冷水
Strengthen vt加強
Distract vt使用分心
Implication n言外之意 含義
Manifesto n宣言 聲明 告示

RHEL5.4下Apache+php+MySQL+Snort+acid安装配置NIDS笔录

为公司信息安全要求，上周配置了一台网络入侵检测系统（NIDS），今天把安装过程记录下来，供自己和其它朋友们以后参考。关于本NIDS成功安装及本文的形成，我参考了很多网上的相关文档，具体文档略，不过非常感谢各位前辈们的无私奉献。

一、安装环境操作系统：Red Hat Enterprise Linux 5.4数据库：MySQL：mysql-5.1.46Web服务器：Apache：httpd-2.2.15WEB语言：PHP：php-5.2.13 

二、安装MySQL软件包mysql-5.1.46.tar.gz下载地址http://dev.mysql.com/downloads/mysql/# tar -zxvf mysql-5.1.46.tar.gz //解压缩# cd mysql-5.1.46 //进入解压缩后的文件目录# ./configure --prefix=/usr/local/mysql \ //设定安装目录--enable-thread-safe-client \ //编译线程安全版的客户端库--without-debug \ //关闭debug功能# make //编译# make install //安装# /usr/local/mysql/bin/mysql_install_db //初始化授权表# chown –R root /usr/local/mysql //文件属性改为root用户# chgrp –R root /usr/local/mysql //文件属性改为root用户所属组# /usr/local/mysql/bin/mysqld_safe --user=root & //启动MySQL# /usr/local/mysql/bin/mysqladmin –u root password ‘123456’ //修改root用户的密码为123456注：如果接下来在安装Snort后进行配置测试时提示无法找到以下文件：libmysqlclient.so.16和mysql.sock请按照以下方法解决：1、libmysqlclient.so.16：方法1 # vi /etc/ ld.so.conf 向此文件添加以下两行内容/usr/local/mysql/lib/mysql/usr/local/lib保存ld.so.conf退出# ldconfig方法2 # ln –s /usr/local/mysql/lib/mysql/libmysqlclient.so.16 /usr/local/lib/libmysqlclient.so.162、mysql.sock：ln –s /var/lib/mysql/mysql.sock /tmp/mysql.sock 

三、安装Apache软件包httpd-2.2.15.tar.gz下载地址http://httpd.apache.org/download.cgi# tar -zxvf httpd-2.2.15.tar.gz# cd httpd-2.2.15# ./configure --prefix=/usr/local/apache --enable-module=most --enable-shared=max –enable-so# make# make install# /usr/local/apache/bin/apachectl start //启动MySQL

 四、安装PHP软件包php-5.2.13.tar.gz下载地址http://www.php.net/downloads.php# tar -zxvf php-5.2.13.tar.gz# cd php-5.2.13# ./configure –prefix=/usr/local/php \–with-mysql=/usr/local/mysql --with-apxs2=/usr/local/apache/bin/apxs --with-zlib --with-gd --enable-sockets –disable-debug# make# make install# cp php.ini-dist /usr/local/php/lib/php.ini 

五、配置Apache服务的httpd.conf文件及测试1、编辑/usr/local/apache/conf/httpd.conf文件在DirectoryIndex后添加index.php在AddType application后面添加以下两行AddType application/x-httpd-php .phpAddType applicatoin/x-httpd-php-source .phps2、重启apache# /usr/local/apache/bin/apachectl restart3、测试写个index.php文件放入主页所在目录内容如下：<?phpinfo();?>在浏览器中输入http://服务器IP/如果有php的信息，则说明apache+php+mysql配置成功了，注意 gd和mysql的支持信息 

六、安装snort1、安装pcre软件包pcre-8.02.tar.gz下载地址http://sourceforge.net/projects/pcre/files/# tar –zxvf pcre-8.02.tar.gz# cd pcre-8.02# ./configure# make# make install2、安装snort软件包snort-2.4.5.tar.gz下载地址http://down1.chinaunix.net/distfiles/snort-2.4.5.tar.gz# tar -zxvf snort-2.4.5.tar.gz# cd snort-2.4.5# ./configure --with-mysql# make# make install# mkdir /etc/snort //建立snort目录# cd etc# cp * /etc/snort //拷贝配置文件3、安装snort rules软件包snortrules-pr-2.4.tar.gz下载地址http://down1.chinaunix.net/distfiles/snortrules-pr-2.4.tar.gz# tar -zxvf snortrules-pr-2.4.tar.gz# cd rules# mkdir /etc/snort/rules //建立snort规则目录# mkdir /var/log/snort //建立snort日志目录# cp * /etc/snort/rules //拷贝规则4、编辑/etc/snort/snort.conf文件更改var HOME_NET 192.168.6.0/24 //你的实际工作网段更改”var RULE_PATH ../rules” 为 “var RULE_PATH /etc/snort/rules”把下面一行前面的#去掉，并改为output database: log,mysql, user=root password=mysql密码 dbname=snort host=localhost把以下11行前面的#号都删除# include ?$RULE_PATH/web-attacks.rules# include ?$RULE_PATH/backdoor.rules# include ?$RULE_PATH/shellcode.rules# include ?$RULE_PATH/policy.rules# include ?$RULE_PATH/porn.rules# include ?$RULE_PATH/info.rules# include ?$RULE_PATH/icmp-info.rulesinclude ?$RULE_PATH/virus.rules# include ?$RULE_PATH/chat.rules# include ?$RULE_PATH/multimedia.rules# include ?$RULE_PATH/p2p.rules保存退出 

七、建立snort数据库及检查数据库和数据结构1、建立snort数据库mysql&gt; create database snort;mysql&gt; grant INSERT,SELECT on snort.* to root@localhost;mysql&gt; exit# mysql –u root -p < /usr/local/snort-2.4.5/schemas /create_mysql snort //为snort建立数据表2、检查数据库和数据结构# mysql -u root -pEnter password:  //mysql> exit;看到上面的表就成功了 

八、安装配置和测试acid1、软件包acid-0.9.6b23.tar.gz下载地址http://acidlab.sourceforge.net/软件包adodb511.tgz下载地址http://sourceforge.net/projects/adodb/files/软件包jpgraph-1.16.tar.gz下载地址http://sourceforge.net/projects/jpgraph/files/2、安装acid及相关支持文件把acid-0.9.6b23.tar.gz，adodb511.tgz，jpgraph-1.16.tar.gz放入网站根目录下，我这里是/usr/local/apache/htdocs# cd /usr/local/apache/htdocs# tar -zxvf jpgraph-1.16.tar.gz# tar -zxvf adodb511.tgz# mv jpgraph-1.16 jpgraph# mv adodb5 adodb# tar -zxvf acid-0.9.6b23.tar.gz3、编辑/usr/local/apache/htdocs/acid/acid_conf.php把“?$DBlib_path = ";” 改成“?$DBlib_path = "/usr/local/apache/htdocs/adodb”?$alert_dbname = "snort";?$alert_host = "localhost";?$alert_port = "";?$alert_user = "root";?$alert_password = "test"; //改成你的数据库密码?$archive_dbname = "snort";?$archive_host = "localhost";?$archive_port = "";?$archive_user = "root";?$archive_password = "test” //改成你的数据库密码把“?$ChartLib_path = ";” 改成“?$ChartLib_path = "/usr/local/apache/htdocs/jpgraph/src";”保存退出4、配置测试重启apache# /usr/local/apache/bin/apachectl restart运行snort把数据写入mysql# snort -c /etc/snort/snort.conf在浏览器中输入http://你的主机地址/acid/acid_main.php，点"Setup Page"链接 -&gt;Create Acid AG然后再访问http://你的主机地址/acid/ ACID界面出现用一些扫描工具对主机进行扫描,将产生警告记录，访问acid，可查看记录 RHEL5.4下Apache+php+MySQL+Snort+acid配置完成，帖几张图片秀一下 

本文出自 “Michael的博客” 博客，请务必保留此出处http://winos.blog.51cto.com/937089/317


用barnyard2测试
barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2
同时用snort测试
snort -u root -g root -c /etc/snort/snort.conf -i eth1

所有都下载完和安装完后
mkdir /etc/snort/
mkdir /var/log/snort/
cp /root/Downloads/snort-2.9.6.2/etc/* /etc/snort




把acid和adodb的tar文件放到/var/www/html内，然后全部解压，为了解决adodb出错问题，把adodb解压后胡文件放进acid文件夹内







barnyard2 设置
cp /root/Downloads/barnyard2-2-1.9/etc/barnyard2.conf /etc/snort/

在里面增加一行：
output database: log, mysql,user=root dbname=snort password=xxxx host=localhost

用barnyard2测试
barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2
同时用snort测试
snort -u root -g root -c /etc/snort/snort.conf -i eth1

把snortrules-snapshot-2962.tar.gz 放在/etc/snort
再 tar -xf snortrules-snapshot-2962.tar.gz即可






snort output设置
在/etc/snort.conf里面增加一行
output unified2: filename snort.u2, limit 128
就可以在运行snort -u root -g root -c /etc/snort/snort.conf -i eth1之后在/var/log/snort看到snort.u2.xxxxx的文件






还要在snort.conf里设置
config logdir:/var/log/snort






stun:
先yum install openssl
在~/Download/stun-5.0.3/src   make cert
client和server的 stun.pem要相同，可以在client scp root@server:/usr/local/etc/stun/stun.pem

client
CAfile=/usr/local/etc/stun/stun.pem
cert=/usr/local/etc/stun/stun.pem
[mysqld]
client=yes
accept=127.0.0.1:3306
connect=server:22443
运行stun

server
CAfile=/usr/local/etc/stun/stun.pem
cert=/usr/local/etc/stun/stun.pem
[mysqld]
client=no
accept=22443
connect=localhost:3306
运行stun






把snortrules-snapshot-2962.tar.gz 放在/etc/snort
再 tar -xf snortrules-snapshot-2962.tar.gz即可

还要在编辑/etc/snort/snort.conf
dynamicdetection directory /etc/snort/so_rules/precompiled/RHEL-6-0/x86-64/2.9.6.2






/etc/snort/barnyard2.conf

config hostname:127.0.0.1
config interface:eth1






mysql.h
barnyard问题可以这样解决
于barnyard2的源文件内
./configure --with-mysql=/usr/lib64/mysql/







adodb.inc.php

解决方法：
把acid和adodb的tar文件放到/var/www/html内，然后全部解压，为了解决adodb出错问题，把adodb解压后胡文件放进acid文件夹内

vim acid_conf.php
设置成这样：
$DBlib_path = "./";