CentOS 6.2下安装基于Suricata + Barnyard 2 + Base的入侵检测系-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

CentOS 6.2下安装基于Suricata + Barnyard 2 + Base的入侵检测系

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:30 PM

barcentosbased onInstall

来源：http://hi.baidu.com/pia_ca/blog/item/2767d3f386376edd7931aa28.html 一、前言算了，这部分就省了吧。下面直奔主题。二、准备工作 CentOS 6.2 我是最小化安装，同时使用 163 的源进行 update ，所以还需要安装如下的依赖包： [piaca@piaca ~]$ sud

来源：http://hi.baidu.com/pia_ca/blog/item/2767d3f386376edd7931aa28.html

一、前言

算了，这部分就省了吧。下面直奔主题。

二、准备工作

CentOS 6.2我是最小化安装，同时使用163的源进行update，所以还需要安装如下的依赖包：

[piaca@piaca ~]$ sudo yum install gcc make pcre pcre-devel libpcap libpcap-devel

同时需要关闭iptables、ip6tables：

[piaca@piaca ~]$ sudo service iptables stop

[piaca@piaca ~]$ sudo service ip6tables stop

[piaca@piaca ~]$ sudo chkconfig --level 2345 iptables off

[piaca@piaca ~]$ sudo chkconfig --level 2345 ip6tables off

需要下载的软件：

Suricata

http://www.openinfosecfoundation.org/index.php/downloads

Barnyard 2

http://www.securixlive.com/barnyard2/

Base

http://base.secureideas.net/

yaml

http://pyyaml.org/

adodb

http://sourceforge.net/projects/adodb/

rules

http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

Image_Canvas

http://download.pear.php.net/package/Image_Canvas-0.3.3.tgz

Image_Graph

http://download.pear.php.net/package/Image_Graph-0.8.0.tgz

三、配置APM环境

Base需要APM（Apache、PHP、Mysql）环境，通过yum来进行安装。

[piaca@piaca ids]$ sudo yum install httpd php mysql mysql-server mysql-devel php-mysql php-gd php-pear

启动httpd、mysql服务

[piaca@piaca ids]$ sudo /etc/init.d/httpd start

[piaca@piaca ids]$ sudo /etc/init.d/mysqld start

默认的web根目录是/var/www/html，在此目录新建phpinfo测试文件，来确认配置是否正确。

PS：mysql安装后root账号默认口令为空，通过下面命令可以修改root账号口令

[piaca@piaca ~]$ mysqladmin -uroot -p password [新密码]

四、安装Barnyard 2

安装过程如下：

[piaca@piaca ids]$ tar zxvf barnyard2-1.9.tar.gz

[piaca@piaca ids]$ cd barnyard2-1.9

[piaca@piaca barnyard2-1.9]$ ./configure --with-mysql

[piaca@piaca barnyard2-1.9]$ make

[piaca@piaca barnyard2-1.9]$ sudo make install

五、安装Suricata

安装过程如下：

Suricata需要依赖yaml，首先安装yaml

[piaca@piaca ids]$ tar zxvf yaml-0.1.4.tar.gz

[piaca@piaca ids]$ cd yaml-0.1.4

[piaca@piaca yaml-0.1.4]$ ./configure

[piaca@piaca yaml-0.1.4]$ make

[piaca@piaca yaml-0.1.4]$ sudo make install

[piaca@piaca ids]$ tar zxvf suricata-1.1.1.tar.gz

[piaca@piaca ids]$ cd suricata-1.1.1

[piaca@piaca suricata-1.1.1]$ ./configure

[piaca@piaca suricata-1.1.1]$ make

[piaca@piaca suricata-1.1.1]$ sudo make install

六、配置Suricata、Barnyard 2

配置Barnyard 2

把Barnyard 2安装源文件中的etc/barnyard2.conf文件拷贝到Suricata的配置目录下

[piaca@piaca ids]$ cd barnyard2-1.9

[piaca@piaca barnyard2-1.9]$ sudo cp etc/barnyard2.conf /etc/suricata/

创建barnyard2日志目录/var/log/barnyard2

[piaca@piaca ~]$ sudo mkdir /var/log/barnyard2

配置数据库

需要创建数据库和相应的账号

[piaca@piaca ~]$ mysql -uroot –p

mysql> create database ids;

mysql> grant create,select,update,insert,delete on ids.* to ids@localhost identified by 'ids123';

Barnyard 2安装源文件中的schemas/create_mysql是创建表的sql文件，通过如下方式建表：

[piaca@piaca ~]$ mysql -uids -p -Dids

配置Suricata

[piaca@piaca ~]$ sudo mkdir /var/log/suricata

[piaca@piaca ~]$ sudo mkdir /etc/suricata

把规则文件拷贝到Suricata配置目录下

[piaca@piaca ids]$ tar zxvf emerging.rules.tar.gz

[piaca@piaca ids]$ sudo cp -R rules/ /etc/suricata/

把Suricata安装源文件中的suricata.yaml/classification.config/reference.config文件拷贝到Suricata的配置目录下

[piaca@piaca ids]$ cd suricata-1.1.1

[piaca@piaca suricata-1.1.1]$ sudo cp suricata.yaml classification.config reference.config /etc/suricata/

编辑barnyard2.conf文件

[piaca@piaca ~]$ cd /etc/suricata/

[piaca@piaca suricata]$ sudo vim barnyard2.conf

找到下面的内容

config reference_file: /etc/snort/reference.config

config classification_file: /etc/snort/classification.config

config gen_file: /etc/snort/gen-msg.map

config sid_file: /etc/snort/sid-msg.map

更改红色的内容如下：

config reference_file: /etc/suricata/reference.config

config classification_file: /etc/suricata/classification.config

config gen_file: /etc/suricata/rules/gen-msg.map

config sid_file: /etc/suricata/rules/sid-msg.map

同时在文件的末尾添加如下行，红色的mysql数据库、账号信息根据实际情况填写

output database: log, mysql, user=ids password=ids123 dbname=ids host=localhost

编辑suricata.yaml文件

[piaca@piaca suricata]$ sudo vim suricata.yaml

找到HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"这一行，根据实际的网络情况来修改，在这里我修改为HOME_NET: "[192.168.0.0/16]"

找到下面的内容：

host-os-policy:

# Make the default policy windows.

windows: [0.0.0.0/0]

bsd: []

bsd_right: []

old_linux: []

linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]

old_solaris: []

solaris: ["::1"]

hpux10: []

hpux11: []

irix: []

macos: []

vista: []

windows2k3: []

根据实际网络情况修改。

启动Suricata、Barnyard 2

[piaca@piaca ~]$ sudo /usr/local/bin/barnyard2 -c /etc/suricata/barnyard2.conf -d /var/log/suricata -f unified2.alert -w /var/log/suricata/suricata.waldo -D

[piaca@piaca ~]$ sudo /usr/local/bin/suricata -c /etc/suricata/suricata.yaml -i eth1 -D

启动suricata的-i参数是镜像流量的网卡。

测试suricata工作是否正常，可以通过如下命令：

[piaca@piaca suricata]$ curl www.testmyids.com

执行后，/var/log/suricata目录下的fast.log/suricata.waldo/unified2.alert*文件大小发生变化，同时查看fast.log文件有如下类似的内容则表示suricata工作正常：

01/12/2012-02:16:27.964981 [**] [1:2013028:3] ET POLICY curl User-Agent Outbound [**] [Classification: Attempted Informa

tion Leak] [Priority: 2] {TCP} 192.168.230.100:56260 -> 217.160.51.31:80

01/12/2012-02:16:28.309707 [**] [1:2100498:7] GPL ATTACK_RESPONSE id check returned root [**] [Classification: Potential

ly Bad Traffic] [Priority: 2] {TCP} 217.160.51.31:80 -> 192.168.230.100:56260

七、配置Base

Base需要用到adodb以及Image_Canvas、Image_Graph绘图组件，配置过程如下：

解压adodb514.zip

[piaca@piaca ids]$ unzip adodb514.zip

把adodb5拷贝到/usr/local/lib/目录下，这个目录随意指定，记下来后面要用到

[piaca@piaca ids]$ sudo cp -R adodb5 /usr/local/lib/

安装Image_Canvas、Image_Graph

[piaca@piaca ids]$ sudo pear install Image_Canvas-0.3.3.tgz

[piaca@piaca ids]$ sudo pear install Image_Graph-0.8.0.tgz

解压base-1.4.5.tar.gz

[piaca@piaca ids]$ tar zxvf base-1.4.5.tar.gz

拷贝base-1.4.5到/var/www/html目录下

[piaca@piaca ids]$ sudo cp -R base-1.4.5 /var/www/html/base

更改/var/www/html/base的属主为apache

[piaca@piaca ids]$ cd /var/www/html/

[piaca@piaca html]$ sudo chown -R apache:apache base

然后通过浏览器访问http://192.168.230.100/base

根据页面中红色的部分提示来进行操作。

修改php.ini

[piaca@piaca html]$ sudo vim /etc/php.ini

找到error_reporting = E_ALL & ~E_DEPRECATED内容，修改为如下：error_reporting = E_ALL & ~E_DEPRECATED & ~E_NOTICE

重新载入apache配置

[piaca@piaca html]$ sudo /etc/init.d/httpd reload

然后点击“Continue”到下一步

选择语言，和前面我们的adodb5的路径，然后点击“Continue”

填写mysql相关信息，点击“Continue”继续

填写认证的相关信息，如果需要验证身份，请勾上“Use Authentication System”,点击“Continue”

点击“Create BASE AG”

点击“step 5”，跳到首页。

八、最后

以上是整个安装过程，IDS的价值在于规则设置的是否合适，根据实际情况设置合适的规则才能够体现IDS的强大。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

MySQL BLOB : are there any limits?May 08, 2025 am 12:22 AM

MySQLBLOBshavelimits:TINYBLOB(255bytes),BLOB(65,535bytes),MEDIUMBLOB(16,777,215bytes),andLONGBLOB(4,294,967,295bytes).TouseBLOBseffectively:1)ConsiderperformanceimpactsandstorelargeBLOBsexternally;2)Managebackupsandreplicationcarefully;3)Usepathsinst

MySQL : What are the best tools to automate users creation?May 08, 2025 am 12:22 AM

The best tools and technologies for automating the creation of users in MySQL include: 1. MySQLWorkbench, suitable for small to medium-sized environments, easy to use but high resource consumption; 2. Ansible, suitable for multi-server environments, simple but steep learning curve; 3. Custom Python scripts, flexible but need to ensure script security; 4. Puppet and Chef, suitable for large-scale environments, complex but scalable. Scale, learning curve and integration needs should be considered when choosing.

MySQL: Can I search inside a blob?May 08, 2025 am 12:20 AM

Yes,youcansearchinsideaBLOBinMySQLusingspecifictechniques.1)ConverttheBLOBtoaUTF-8stringwithCONVERTfunctionandsearchusingLIKE.2)ForcompressedBLOBs,useUNCOMPRESSbeforeconversion.3)Considerperformanceimpactsanddataencoding.4)Forcomplexdata,externalproc

MySQL String Data Types: A Comprehensive GuideMay 08, 2025 am 12:14 AM

MySQLoffersvariousstringdatatypes:1)CHARforfixed-lengthstrings,idealforconsistentlengthdatalikecountrycodes;2)VARCHARforvariable-lengthstrings,suitableforfieldslikenames;3)TEXTtypesforlargertext,goodforblogpostsbutcanimpactperformance;4)BINARYandVARB

Mastering MySQL BLOBs: A Step-by-Step TutorialMay 08, 2025 am 12:01 AM

TomasterMySQLBLOBs,followthesesteps:1)ChoosetheappropriateBLOBtype(TINYBLOB,BLOB,MEDIUMBLOB,LONGBLOB)basedondatasize.2)InsertdatausingLOAD_FILEforefficiency.3)Storefilereferencesinsteadoffilestoimproveperformance.4)UseDUMPFILEtoretrieveandsaveBLOBsco

BLOB Data Type in MySQL: A Detailed Overview for DevelopersMay 07, 2025 pm 05:41 PM

BlobdatatypesinmysqlareusedforvoringLargebinarydatalikeImagesoraudio.1) Useblobtypes (tinyblobtolongblob) Basedondatasizeneeds. 2) Storeblobsin Perplate Petooptimize Performance.3) ConsidersxterNal Storage Forel Blob Romana DatabasesizerIndimprovebackupupe

How to Add Users to MySQL from the Command LineMay 07, 2025 pm 05:01 PM

ToadduserstoMySQLfromthecommandline,loginasroot,thenuseCREATEUSER'username'@'host'IDENTIFIEDBY'password';tocreateanewuser.GrantpermissionswithGRANTALLPRIVILEGESONdatabase.*TO'username'@'host';anduseFLUSHPRIVILEGES;toapplychanges.Alwaysusestrongpasswo

What Are the Different String Data Types in MySQL? A Detailed OverviewMay 07, 2025 pm 03:33 PM

MySQLofferseightstringdatatypes:CHAR,VARCHAR,BINARY,VARBINARY,BLOB,TEXT,ENUM,andSET.1)CHARisfixed-length,idealforconsistentdatalikecountrycodes.2)VARCHARisvariable-length,efficientforvaryingdatalikenames.3)BINARYandVARBINARYstorebinarydata,similartoC

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

4 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Grow A Garden - Complete Mutation Guide

2 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Hot Tools

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.