snort+acid打造LINUX下的入侵检测系统(IDS)(下)

1.增加目录验证功能
在httpd.conf尾部加:

 1<directory acid="" apache="" htdocs="" local="" usr="">   
 2  
 3Options Indexes FollowSymLinks   
 4  
 5allowoverride authconfig   
 6  
 7order allow,deny   
 8  
 9allow from all   
10  
11</directory>

touch /usr/bin/apache/users_passwd.txt

cd /usr/bin/apache/

bin/htpasswd -bc users_passwd.txt squall 123456

bin/htpasswd -b users_passwd.txt sqlunix 123456

在acid目录里vi .htaccess
AuthName "please input your username and password:"

AuthType basic

AuthUserFile /usr/local/apache/users_passwd.txtrequire

valid-user

2.增加snort页面启动管理功能
SnortCenter是一个基于Web的snort探针和规则管理系统,用于远程修改snort探针的配置,起动、停止探针,编辑、分发snort特征码规则。

下载地址:
http://users.pandora.be/larc/download/

cp snortcenter-v1.0-RC1.tar.gz /usr/local/apache/htdocs

tar zxvf snortcenter-v1.0-RC1.tar.gz

mv www sc

vi sc/

改以下内容:

$DBlib_path = "/usr/local/apache/htdocs/adodb/";

$curl_path = "/usr/bin";

$DBtype = "mysql";

$DB_dbname = "snortcenter"; # $DB_dbname : MySQL database name of
SnortCenter DB
$DB_host = "localhost"; # $DB_host : host on which the DB is
stored
$DB_user = "root"; # $DB_user : login to the database w
ith this user
$DB_password = "123456"; # $DB_password : password of the
DB user
$DB_port = ""; # $DB_port : port on which to access
the DB (blank is default)
(数据库密码改成你自己的)

修改好后,保存退出。

然后创建snortcenter的数据库

mysql -uroot -p123456

create database snortcenter;

quit;

在浏览器上键入http://192.168.0.11/sc,它会自动创建数据表,然后再次登入会让你输入用户名和密码,初始是admin,change.

然后我们安装snortcenter-agent-v1.0-RC1.tar.gz

cp snortcenter-agent-v1.0-RC1.tar.gz /opt

cd /opt

tar zxvf snortcenter-agent-v1.0-RC1.tar.gz

cd sensor

./setup.sh,回答几个问题即完成安装,默认端口2525。

cp /etc/snort.conf /etc/snort.eth0.conf

具体如图:

如要卸载到/etc/snort/目录下,有一个uninstall文件,./uninstall即可卸载。

附图:

Published At
Categories with 网络技术
Tagged with
comments powered by Disqus