1.增加目录验证功能
在httpd.conf尾部加:
1<directory acid="" apache="" htdocs="" local="" usr="">
2
3Options Indexes FollowSymLinks
4
5allowoverride authconfig
6
7order allow,deny
8
9allow from all
10
11</directory>
touch /usr/bin/apache/users_passwd.txt
cd /usr/bin/apache/
bin/htpasswd -bc users_passwd.txt squall 123456
bin/htpasswd -b users_passwd.txt sqlunix 123456
在acid目录里vi .htaccess
AuthName "please input your username and password:"
AuthType basic
AuthUserFile /usr/local/apache/users_passwd.txtrequire
valid-user
2.增加snort页面启动管理功能
SnortCenter是一个基于Web的snort探针和规则管理系统,用于远程修改snort探针的配置,起动、停止探针,编辑、分发snort特征码规则。
下载地址:
http://users.pandora.be/larc/download/
cp snortcenter-v1.0-RC1.tar.gz /usr/local/apache/htdocs
tar zxvf snortcenter-v1.0-RC1.tar.gz
mv www sc
vi sc/
改以下内容:
$DBlib_path = "/usr/local/apache/htdocs/adodb/";
$curl_path = "/usr/bin";
$DBtype = "mysql";
$DB_dbname = "snortcenter"; # $DB_dbname : MySQL database name of
SnortCenter DB
$DB_host = "localhost"; # $DB_host : host on which the DB is
stored
$DB_user = "root"; # $DB_user : login to the database w
ith this user
$DB_password = "123456"; # $DB_password : password of the
DB user
$DB_port = ""; # $DB_port : port on which to access
the DB (blank is default)
(数据库密码改成你自己的)
修改好后,保存退出。
然后创建snortcenter的数据库
mysql -uroot -p123456
create database snortcenter;
quit;
在浏览器上键入http://192.168.0.11/sc,它会自动创建数据表,然后再次登入会让你输入用户名和密码,初始是admin,change.
然后我们安装snortcenter-agent-v1.0-RC1.tar.gz
cp snortcenter-agent-v1.0-RC1.tar.gz /opt
cd /opt
tar zxvf snortcenter-agent-v1.0-RC1.tar.gz
cd sensor
./setup.sh,回答几个问题即完成安装,默认端口2525。
cp /etc/snort.conf /etc/snort.eth0.conf
具体如图:
如要卸载到/etc/snort/目录下,有一个uninstall文件,./uninstall即可卸载。
附图: