Snort入侵检测系统在FreeBSD6.3上安装笔记
时间:2008-03-14 05:04:46 类别:freebsd 安装 作者:charlin-cn
一、安装freebsd6.3操作系统。
如:FreeBSD-6.3_install.avi录像所示。
补充:
1、启动ssh服务:
修改/etc/defaults/rc.conf文件
把 sshd_enable="NO" # Enable sshd
修改成 sshd_enable="YES" # Enable sshd
2、增加一个普通帐号charlin
# adduser charlin
3、给普通用户授权
# ee /etc/group
把 wheel:*:0:root
修改成 wheel:*:0:root,charlin
3、然后重启FreeBSD操作系统。
# reboot
4、使用SSH Secure Shell Client把以下文件上传到服务的charlin目录里:
cvsup-without-gui-16.1h_3.tbz #系统升级代码同步工具
snortrules-snapshot-2.7.tar.gz #snort规则库
二、安装cvsup和更新系统。
使用ssh方式登录安装:
$ su
在服务器上直接登录安装:
# cd /home/charlin
# pkg_add -v cvsup-without-gui-16.1h_3.tbz
# cp /usr/share/examples/cvsup/ports-supfile /root/ports-supfile
# ee /root/ports-supfile
把*default host=CHANGE_THIS.FreeBSD.org 修改成 *default host=cvsup.FreeBSDchina.org
修改/etc/make.conf选择更近一点的服务器,提高软件的下载速度
# ee /etc/make.conf
增加以下内容:
MASTER_SITE_OVERRIDE?=\
http://ports.hshh.org/${DIST_SUBDIR}/\
ftp://ftp.freebsd.org.cn/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.cn.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.tw.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.jp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.freeBSDchina.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.twaren.net/BSD/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp3.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp7.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp12.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp8.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp9.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp11.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp5.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp4.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp10.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP}
# rehash
# cvsup -g -L 2 /root/ports-supfile
如:cvsup.avi录像所示。
三、安装snort入侵检测系统.
1、安装mysql5.0数据库。
# cd /usr/ports/databases/mysql50-server/
# make install
安装后的配置
# cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf
# rehash
# mysql_install_db
# chmod -R mysql /var/db/mysql
# mysqld_safe &
# mysqladmin -uroot password "89846"
# mysql -uroot -p89846
mysql> create database snort;
mysql> \q;
2、安装snort入侵检测系统。
# cd /usr/ports/security/snort
# make config
# make install
安装后的配置
# ee
把 # output database: log, mysql, user=root password=test dbname=db host=localhost
修改成 output database: log, mysql, user=root password=89846 dbname=snort host=localhost port=3306
把其他的规则库禁用只使用scan.rules进行测试
#include $RULE_PATH/local.rules
#include $RULE_PATH/bad-traffic.rules
#include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
#include $RULE_PATH/finger.rules
#include $RULE_PATH/ftp.rules
#include $RULE_PATH/telnet.rules
#include $RULE_PATH/rpc.rules
#include $RULE_PATH/rservices.rules
#include $RULE_PATH/dos.rules
#include $RULE_PATH/ddos.rules
#include $RULE_PATH/dns.rules
#include $RULE_PATH/tftp.rules
#include $RULE_PATH/web-cgi.rules
#include $RULE_PATH/web-coldfusion.rules
#include $RULE_PATH/web-iis.rules
#include $RULE_PATH/web-frontpage.rules
#include $RULE_PATH/web-misc.rules
#include $RULE_PATH/web-client.rules
#include $RULE_PATH/web-php.rules
#include $RULE_PATH/sql.rules
#include $RULE_PATH/x11.rules
#include $RULE_PATH/icmp.rules
#include $RULE_PATH/netbios.rules
#include $RULE_PATH/misc.rules
#include $RULE_PATH/attack-responses.rules
#include $RULE_PATH/oracle.rules
#include $RULE_PATH/mysql.rules
#include $RULE_PATH/snmp.rules
#include $RULE_PATH/smtp.rules
#include $RULE_PATH/imap.rules
#include $RULE_PATH/pop2.rules
#include $RULE_PATH/pop3.rules
#include $RULE_PATH/nntp.rules
#include $RULE_PATH/other-ids.rules
# include $RULE_PATH/web-attacks.rules
# include $RULE_PATH/backdoor.rules
# include $RULE_PATH/shellcode.rules
# include $RULE_PATH/policy.rules
# include $RULE_PATH/porn.rules
# include $RULE_PATH/info.rules
# include $RULE_PATH/icmp-info.rules
# include $RULE_PATH/virus.rules
# include $RULE_PATH/chat.rules
# include $RULE_PATH/multimedia.rules
# include $RULE_PATH/p2p.rules
# include $RULE_PATH/spyware-put.rules
# include $RULE_PATH/specific-threats.rules
#include $RULE_PATH/experimental.rules
补充:
把snortrules-snapshot-2.7.tar.gz解压的规则拷贝到/usr/local/etc/snort/rules
# cd /home/charlin
# tar zxvf snortrules-snapshot-2.7.tar.gz
# cp rules/* /usr/local/etc/snort/rules
3、安装oinkmaster的snort规则库更新程序。
# cd /usr/ports/security/oinkmaster
# make install
安装后的配置
# cd /usr/local/etc
# cp oinkmaster.conf.sample oinkmaster.conf
# ee oinkmaster.conf
把 # url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.4.tar.gz
修改成 url = http://www.snort.org/pub-bin/oinkmaster.cgi/859f6de51d2b6a20fa4826c30e0beed462de3aa0/snortrules-snapshot-2.7.tar.gz
更新规则库
# rehash
# oinkmaster -o /usr/local/etc/snort/rules/
如:snort.avi录像所示。
4、创建snort数据表和手动启动snort进行测试。
# mysql -uroot -p89846 snort </usr/local/share/examples/snort/create_mysql
# ifconfig
lnc0: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
inet 192.168.101.222 netmask 0xffffff00 broadcast 192.168.101.255
ether 00:0c:29:cb:f0:9f
lnc1: flags=108802<BROADCAST,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
ether 00:0c:29:cb:f0:a9
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
# ifconfig lnc1 up
# snort -dev -i lnc1 (测试嗅探功能是否正常)
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
Var 'lo0_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0
Verifying Preprocessor Configurations!
Initializing Network Interface lnc1
OpenPcap() device lnc1 network lookup:
lnc1: no IPv4 address assigned
Decoding Ethernet on interface lnc1
Preprocessor/Decoder Rule Count: 0
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.7.0.1 (Build 36) FreeBSD
'''' By Martin Roesch &The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.
Not Using PCAP_FRAMES
03/03-14:39:26.293002 0:C:29:CB:F0:9F -> 0:13:72:DB:12:5B type:0x800 len:0xD6
192.168.101.222:22 -> 192.168.101.206:4156 TCP TTL:64 TOS:0x10 ID:190 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x4BFBFD94 Ack: 0x880DFC80 Win: 0xFFFF TcpLen: 20
C3 18 3D 95 91 F7 79 72 46 BA 84 55 5B AC 5D B2 ..=...yrF..U[.].
A7 CC 77 B5 CD DF F1 AF 85 5C 52 F2 50 04 DF 49 ..w......\R.P..I
CA 7A A8 CF 30 69 75 44 E2 9E 55 F6 C3 09 02 A6 .z..0iuD..U.....
BE F3 64 AB 4E 03 B9 08 CA DE 3B B9 4F 27 07 BA ..d.N.....;.O'..
83 5D B7 C0 3F FE 6A F3 A8 3F F4 E0 74 AA 86 9B .]..?.j..?..t...
8B D1 35 D3 F6 B6 E9 4B C6 59 3F 77 D3 6F 56 FB ..5....K.Y?w.oV.
CF 72 29 7B 58 CD 8B DF 86 8D A6 6F 3E C2 13 0E .r){X......o>...
A9 4B 55 F2 B2 2E 1C 91 9F 3A 14 26 81 11 70 2E .KU......:.&..p.
A1 38 11 96 AC 1E 3E 29 99 20 93 DC 09 AA 8E 26 .8....>). .....&
9E 58 5B 33 41 02 52 CA C6 D0 99 4B 2E FC 7A C4 .X[3A.R....K..z.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.318335 0:C:29:CB:F0:9F -> 0:13:72:DB:12:5B type:0x800 len:0x86
192.168.101.222:22 -> 192.168.101.206:4156 TCP TTL:64 TOS:0x10 ID:191 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4BFBFE34 Ack: 0x880DFC80 Win: 0xFFFF TcpLen: 20
8B 93 7F B8 76 1D C0 FB 1C 05 97 D6 8A 16 2A 45 ....v.........*E
ED 53 FC DA BB CC 04 63 75 29 DD A5 F1 85 94 EA .S.....cu)......
9B E5 13 A1 3F 41 08 83 22 08 46 D7 B5 C6 EC 10 ....?A..".F.....
E1 BF 68 FA 8B 81 7F A1 E2 37 D4 4B 58 A4 E8 9A ..h......7.KX...
C8 AB 61 0C 9C 3D 69 A4 AE A8 0A 43 D1 4F 78 29 ..a..=i....C.Ox)
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.318337 0:13:72:DB:12:5B -> 0:C:29:CB:F0:9F type:0x800 len:0x3C
192.168.101.206:4156 -> 192.168.101.222:22 TCP TTL:128 TOS:0x0 ID:62982 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x880DFC80 Ack: 0x4BFBFE84 Win: 0xFD2F TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.319452 0:C:29:CB:F0:9F -> 0:13:72:DB:12:5B type:0x800 len:0x176
192.168.101.222:22 -> 192.168.101.206:4156 TCP TTL:64 TOS:0x10 ID:192 IpLen:20 DgmLen:360 DF
***AP*** Seq: 0x4BFBFE84 Ack: 0x880DFC80 Win: 0xFFFF TcpLen: 20
EF 8E 75 6C 84 DB 6B 3F F8 13 40 DA 30 BF 15 C9 ..ul..k?..@.0...
40 F6 4F 2A C1 CC A0 13 83 46 5B 57 A0 89 DC E3 @.O*.....F[W....
38 8D DE 9E EA 49 D2 22 CD 8B 43 2D 18 95 21 59 8....I."..C-..!Y
99 40 B5 D7 F7 7A 34 62 00 E0 F2 4F 25 7A 7E E6 .@...z4b...O%z~.
8D 61 FC 52 1D 41 3C 05 C9 9C 6A EC 42 67 21 A4 .a.R.A<...j.Bg!.
B6 07 18 F1 36 5D E4 D2 B0 CB E5 F1 B1 E5 51 DA ....6]........Q.
A6 84 8E A5 2E 91 0C C5 60 27 5C EA 80 82 72 2C ........`'\...r,
5C 28 2F D4 1A 0D 65 A7 42 9F AC 74 DE DC 8C 59 \(/...e.B..t...Y
96 0F 2D E4 13 41 C4 CB 4F 02 79 F1 90 19 54 2A ..-..A..O.y...T*
4B 72 D3 47 FF A4 52 4A 32 95 40 5A B3 3F 43 52 Kr.G..RJ2.@Z.?CR
49 4F 9E 67 FD D7 B8 4A E6 DB 5F E9 D2 CB 93 EF IO.g...J.._.....
34 F3 F4 A3 9D F4 FE 87 7E 32 BC A7 88 B4 07 10 4.......~2......
9C BE 6F 92 B3 96 E1 50 F1 CE 0B 2E 9D B6 DB CB ..o....P........
C5 E4 3C F9 09 BB 13 8E 3A 13 08 01 A5 46 17 4F ..<.....:....F.O
31 96 81 17 7E C3 2D F9 51 5B 37 0A 99 CD B0 73 1...~.-.Q[7....s
35 F3 BD 66 B1 5F 1B 64 DC 6F C9 3D 68 F5 94 33 5..f._.d.o.=h..3
C2 1B 2C 6B 5E 94 7A 48 D3 9A B8 2E 05 48 FD C1 ..,k^.zH.....H..
4B D0 6F D2 92 B4 81 FD 56 BB 44 3D 5E FA 12 98 K.o.....V.D=^...
9F 15 23 40 D8 84 E2 EF 11 9E 9B A8 97 37 9F 3A ..#@.........7.:
6D 77 DC 92 72 2B BB 40 8A 43 A3 8B 93 0E 21 D7 mw..r+.@.C....!.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.407634 0:13:72:DB:12:5B -> 0:C:29:CB:F0:9F type:0x800 len:0x3C
192.168.101.206:4156 -> 192.168.101.222:22 TCP TTL:128 TOS:0x0 ID:62983 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x880DFC80 Ack: 0x4BFBFFC4 Win: 0xFBEF TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.596508 0:F:EA:A6:40:A6 -> FF:FF:FF:FF:FF:FF type:0x800 len:0xF3
192.168.101.146:138 -> 192.168.101.255:138 UDP TTL:128 TOS:0x0 ID:5786 IpLen:20 DgmLen:229
Len: 201
11 0E 81 99 C0 A8 65 92 00 8A 00 BB 00 00 20 46 ......e....... F
41 45 44 43 4E 45 4B 46 48 43 4E 46 4B 46 48 46 AEDCNEKFHCNFKFHF
4B 43 41 43 41 43 41 43 41 43 41 43 41 43 41 00 KCACACACACACACA.
20 45 44 45 49 45 4A 45 4F 45 42 45 49 45 50 45 EDEIEJEOEBEIEPE
4D 45 45 45 4A 45 4F 45 48 43 41 43 41 43 41 42 MEEEJEOEHCACACAB
4E 00 FF 53 4D 42 25 00 00 00 00 00 00 00 00 00 N..SMB%.........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 11 00 00 21 00 00 00 00 00 00 00 00 00 E8 .....!..........
03 00 00 00 00 00 00 00 00 21 00 56 00 03 00 01 .........!.V....
00 00 00 02 00 32 00 5C 4D 41 49 4C 53 4C 4F 54 .....2.\MAILSLOT
5C 42 52 4F 57 53 45 00 01 00 80 FC 0A 00 50 43 \BROWSE.......PC
2D 4A 57 2D 5A 57 5A 00 00 00 00 00 00 00 05 00 -JW-ZWZ.........
03 10 00 00 0F 01 55 AA 00 ......U..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.625956 0:13:72:DB:12:5B -> 0:D0:B7:2C:E5:79 type:0x800 len:0x3E
192.168.101.206:4161 -> 221.130.46.144:80 TCP TTL:128 TOS:0x0 ID:62984 IpLen:20 DgmLen:48 DF
******S* Seq: 0x9ECAD051 Ack: 0x0 Win: 0xFFFF TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.675592 0:D0:B7:2C:E5:79 -> 0:13:72:DB:12:5B type:0x800 len:0x3E
221.130.46.144:80 -> 192.168.101.206:4161 TCP TTL:108 TOS:0x0 ID:12103 IpLen:20 DgmLen:48
***A**S* Seq: 0x734A2542 Ack: 0x9ECAD052 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1380 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.675593 0:13:72:DB:12:5B -> 0:D0:B7:2C:E5:79 type:0x800 len:0x3C
192.168.101.206:4161 -> 221.130.46.144:80 TCP TTL:128 TOS:0x0 ID:62985 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x9ECAD052 Ack: 0x734A2543 Win: 0xFFFF TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.676000 0:13:72:DB:12:5B -> 0:D0:B7:2C:E5:79 type:0x800 len:0x184
192.168.101.206:4161 -> 221.130.46.144:80 TCP TTL:128 TOS:0x0 ID:62986 IpLen:20 DgmLen:374 DF
***AP*** Seq: 0x9ECAD052 Ack: 0x734A2543 Win: 0xFFFF TcpLen: 20
50 4F 53 54 20 2F 68 74 2F 73 64 2E 61 73 70 78 POST /ht/sd.aspx
3F 74 3D 73 26 69 3D 37 37 35 20 48 54 54 50 2F ?t=s&i=775 HTTP/
31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 1.1..User-Agent:
20 49 49 43 32 2E 30 2F 50 43 20 32 2E 33 2E 30 IIC2.0/PC 2.3.0
32 33 30 0D 0A 50 72 61 67 6D 61 3A 20 78 7A 34 230..Pragma: xz4
42 42 63 56 37 34 35 34 61 32 62 38 2D 34 35 37 BBcV7454a2b8-457
35 2D 34 31 35 31 2D 62 37 34 39 2D 38 38 35 62 5-4151-b749-885b
31 37 62 62 34 37 38 34 0D 0A 43 6F 6E 74 65 6E 17bb4784..Conten
74 2D 54 79 70 65 3A 20 61 70 70 6C 69 63 61 74 t-Type: applicat
69 6F 6E 2F 6F 63 74 2D 73 74 72 65 61 6D 0D 0A ion/oct-stream..
48 6F 73 74 3A 20 32 32 31 2E 31 33 30 2E 34 36 Host: 221.130.46
2E 31 34 34 0D 0A 43 6F 6F 6B 69 65 3A 20 73 73 .144..Cookie: ss
69 63 3D 44 51 67 48 41 41 42 61 36 36 6D 35 66 ic=DQgHAABa66m5f
55 58 6A 76 4B 71 4B 42 45 36 69 32 30 61 4C 4A UXjvKqKBE6i20aLJ
63 41 55 76 52 47 33 74 50 50 64 75 77 76 75 38 cAUvRG3tPPduwvu8
37 67 78 38 2F 6C 31 31 78 6A 35 68 65 4E 52 6C 7gx8/l11xj5heNRl
6F 65 30 6F 6D 5A 61 75 4B 76 66 67 56 39 6D 58 oe0omZauKvfgV9mX
42 74 36 54 2B 52 66 4E 45 6C 74 77 56 74 41 4E Bt6T+RfNEltwVtAN
4A 65 31 39 63 70 70 73 44 4F 56 57 6F 2F 75 52 Je19cppsDOVWo/uR
4F 6B 49 49 51 3D 3D 0D 0A 43 6F 6E 74 65 6E 74 OkIIQ==..Content
2D 4C 65 6E 67 74 68 3A 20 34 0D 0A 0D 0A -Length: 4....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.792799 0:D0:B7:2C:E5:79 -> 0:13:72:DB:12:5B type:0x800 len:0x3C
221.130.46.144:80 -> 192.168.101.206:4161 TCP TTL:108 TOS:0x0 ID:12279 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x734A2543 Ack: 0x9ECAD1A0 Win: 0xFEB1 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/03-14:39:26.792801 0:13:72:DB:12:5B -> 0:D0:B7:2C:E5:79 type:0x800 len:0x3C
192.168.101.206:4161 -> 221.130.46.144:80 TCP TTL:128 TOS:0x0 ID:62987 IpLen:20 DgmLen:44 DF
***AP*** Seq: 0x9ECAD1A0 Ack: 0x734A2543 Win: 0xFFFF TcpLen: 20
53 49 50 50 SIPP
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
^C*** Caught Int-Signal
Run time prior to being shutdown was 1.179189 seconds
===============================================================================
Snort received 47 packets
Analyzed: 12(25.532%)
Dropped: 0(0.000%)
Outstanding: 35(74.468%)
===============================================================================
Breakdown by protocol:
TCP: 11 (91.667%)
UDP: 1 (8.333%)
ICMP: 0 (0.000%)
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
FRAG: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
InvChkSum: 0 (0.000%)
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
Snort exiting
# snort -i lnc1 -D (以守护进程的方式在后台运行)
# top (查看snort是否正常运行)
last pid: 829; load averages: 0.08, 0.05, 0.05 up 0+00:09:04 14:18:30
29 processes: 1 running, 28 sleeping
CPU states: % user, % nice, % system, % interrupt, % idle
Mem: 57M Active, 9564K Inact, 17M Wired, 13M Buf, 159M Free
Swap: 512M Total, 512M Free
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
826 root 1 20 0 4548K 2720K pause 0:00 1.75% csh
819 root 1 4 0 6304K 3316K sbwait 0:00 1.16% sshd
825 charlin 1 8 0 1804K 1396K wait 0:00 1.05% su
808 mysql 6 20 0 62904K 25768K kserel 0:01 0.00% mysqld
786 root 1 5 0 5040K 2956K ttyin 0:00 0.00% csh
761 root 1 8 0 1760K 1440K wait 0:00 0.00% login
816 root 1 -58 0 34680K 30716K bpf 0:00 0.00% snort
591 root 1 96 0 1404K 1072K select 0:00 0.00% syslogd
790 root 1 8 0 1744K 1372K wait 0:00 0.00% sh
713 root 1 96 0 3508K 2800K select 0:00 0.00% sendmail
824 charlin 1 8 0 1784K 1404K wait 0:00 0.00% sh
822 charlin 1 96 0 6280K 3324K select 0:00 0.00% sshd
829 root 1 96 0 2304K 1484K RUN 0:00 0.00% top
723 root 1 8 0 1396K 1100K nanslp 0:00 0.00% cron
765 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
763 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
762 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
767 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
768 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
764 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
766 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
717 smmsp 1 20 0 3408K 2800K pause 0:00 0.00% sendmail
707 root 1 96 0 3552K 2696K select 0:00 0.00% sshd
533 root 1 112 0 528K 380K select 0:00 0.00% devd
5、如果以上都正常就配置系统自动启动mysql服务。
# ee /etc/rc.conf
ifconfig_lnc1="up"
mysql_enable="YES"
# reboot
6、重启后以root用户登录运行snort
# snort -i lnc1 -D
# top (查看snort是否正常运行)
last pid: 829; load averages: 0.08, 0.05, 0.05 up 0+00:19:04 14:28:20
29 processes: 1 running, 28 sleeping
CPU states: % user, % nice, % system, % interrupt, % idle
Mem: 57M Active, 9564K Inact, 17M Wired, 13M Buf, 159M Free
Swap: 512M Total, 512M Free
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
819 root 1 4 0 6304K 3316K sbwait 0:00 1.16% sshd
808 mysql 6 20 0 62904K 25768K kserel 0:01 0.00% mysqld
786 root 1 5 0 5040K 2956K ttyin 0:00 0.00% csh
761 root 1 8 0 1760K 1440K wait 0:00 0.00% login
816 root 1 -58 0 34680K 30716K bpf 0:00 0.00% snort
591 root 1 96 0 1404K 1072K select 0:00 0.00% syslogd
790 root 1 8 0 1744K 1372K wait 0:00 0.00% sh
713 root 1 96 0 3508K 2800K select 0:00 0.00% sendmail
824 charlin 1 8 0 1784K 1404K wait 0:00 0.00% sh
822 charlin 1 96 0 6280K 3324K select 0:00 0.00% sshd
829 root 1 96 0 2304K 1484K RUN 0:00 0.00% top
723 root 1 8 0 1396K 1100K nanslp 0:00 0.00% cron
765 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
763 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
762 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
767 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
768 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
764 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
766 root 1 5 0 1352K 936K ttyin 0:00 0.00% getty
717 smmsp 1 20 0 3408K 2800K pause 0:00 0.00% sendmail
707 root 1 96 0 3552K 2696K select 0:00 0.00% sshd
533 root 1 112 0 528K 380K select 0:00 0.00% devd
如:snort_config.avi录像所示。
四、安装web管理工具
1、安装apache2.2
# cd /usr/ports/www/apache22
# make install
2、安装php5和php5-extensions
# cd /usr/ports/lang/php5
# make install
# cd /usr/ports/lang/php5-extensions
# make install
3、安装base管理工具
# cd /usr/ports/security/base
# make install
如:web.avi录像所示。
