首页 >数据库 >mysql教程 >如何安装 Snort、Barnyard2、Snorby、Passenger 和 Pull

如何安装 Snort、Barnyard2、Snorby、Passenger 和 Pull

WBOY原创: 2016-06-07 15:01:211691浏览

https://es.oteric.info/articles/how-to-install-snort-barnyard2-snorby-passenger-and-pulled-pork 在您的主目录中设置一个 Source 目录，然后安装一些必需的您需要的软件包：# mkdir ~/Source # sudo chown

https://es.oteric.info/articles/how-to-install-snort-barnyard2-snorby-passenger-and-pulled-pork

在您的主目录中设置一个源目录，然后安装一些您需要的软件包：
# mkdir ~/Source<code># mkdir ~/Source # sudo chown -R username:usergroup ~/Source # sudo chown -R 用户名:用户组 ~/Source

注意：当您运行以下命令时，Apt 将要求输入 - 例如 MySQL 会要求您输入 MySQL 服务器的“root”密码。确保其安全，不要忘记。
# sudo apt-get update && apt-get install apache2 libapache2-mod-php5 libwww-perl mysql-server mysql-common mysql-client # sudo apt-get update && apt-get install apache2 libapache2-mod-php5 libwww-perl mysql-server mysql-common mysql-client php5-mysql libnet1 libnet1-dev libpcre3 libpcre3-dev autoconf libcrypt-ssleay-perl libmysqlclient-dev php5-gd php-pear libphp-adodb php5-cli libtool libssl-dev gcc-4.4 g++ automake gcc make flex bison apache2-doc ca-certificates vim php5-mysql libnet1 libnet1-dev libpcre3 libpcre3-dev autoconf libcrypt-ssleay-perl libmysqlclient-dev php5-gd php-pear

libphp-adodb php5-cli libtool libssl-dev gcc-4.4 g++ automake gcc make flex bison apache2-doc ca-certificates vim

现在，安装 Snort 必备组件 - libpcap、libdnet 和 DAQ。

安装 libpcap：# cd ~/Source # wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz # tar -zxf libpcap-1.1.1.tar.gz # cd libpcap-1.1.1 # ./configure --prefix=/usr --enable-shared # sudo su # make && make install # exit # cd ~/来源

# wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz

# tar -zxf libpcap-1.1.1.tar.gz
# cd libpcap-1.1.1# cd ~/Source # wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz # tar -zxf libdnet-1.12.tgz # cd libdnet-1.12 # ./configure --prefix=/usr --enable-shared # sudo su # make && make install # exit # ./configure --prefix=/usr --enable-shared

# 须藤苏

# make && make install
# 退出# cd ~/Source # wget http://www.snort.org/dl/snort-current/daq-0.5.tar.gz # tar -zxf daq-0.5.tar.gz # cd daq-0.5

安装 libdnet：

# cd ~/来源 # wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz<code># vi ~/Source/daq-0.5/os-daq-modules/daq_pcap.c # tar -zxf libdnet-1.12.tgz

# cd libdnet-1.12

# ./configure --prefix=/usr --enable-shared
# 须藤苏context->buffer_size = strtol(entry->key, NULL, 10); # make && make install

# 退出

安装DAQ：context->buffer_size = strtol(entry->value, NULL, 10); # cd ~/来源

# wget http://www.snort.org/dl/snort-current/daq-0.5.tar.gz

# tar -zxf daq-0.5.tar.gz
#cd daq-0.5# ./configure # sudo su # make && make install # exit

DAQ 需要进行修补才能正确识别 buffer_size 参数。

# sudo su # echo >> /etc/ld.so.conf /usr/lib && ldconfig # exit

在第 219 行替换：

# cd ~/Source # wget http://www.snort.org/dl/snort-current/snort-2.9.0.4.tar.gz # tar -zxf snort-2.9.0.4.tar.gz && cd snort-2.9.0.4 # ./configure --with-mysql --enable-dynamicplugin --enable-perfprofiling --enable-ipv6 --enable-zlib --enable-gre --enable-reload --enable-linux-smp-stats # sudo su # make && make install # exit # sudo mkdir /etc/snort /etc/snort/rules /var/log/snort /var/log/barnyard2 /usr/local/lib/snort_dynamicrules # sudo groupadd snort && useradd -g snort snort # sudo chown snort:snort /var/log/snort /var/log/barnyard2 # sudo cp ~/Source/snort-2.9.0.4/etc/*.conf* /etc/snort # sudo cp ~/Source/snort-2.9.0.4/etc/*.map /etc/snort

与：

# sudo vi /etc/snort/snort.conf

现在，配置并安装 DAQ：

# ./config # 须藤苏<code>Line #39 - ipvar HOME_NET 192.168.1.0/24 – make this match your internal (friendly) network Line #42 - ipvar EXTERNAL_NET !$HOME_NET Line #80 - var RULE_PATH ./rules – this assumes /etc/snort/rules Line #186-#190 comment out all of the preprocessor normalize_ lines Line #366 - add this: output unified2: filename snort.log, limit 128 Line #395 - delete or comment out all of the “include $RULE_PATH” lines except “local.rules” # make && make install

# 退出

更新共享库路径# sudo vi /etc/snort/rules/local.rules # sudo su

# 回声>> /etc/ld.so.conf /usr/lib && ldconfig

# 退出
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001;) 现在，安装、配置并启动 Snort

# cd ~/来源<p>
# wget http://www.snort.org/dl/snort-current/snort-2.9.0.4.tar.gz<br>
# tar -zxf snort-2.9.0.4.tar.gz && cd snort-2.9.0.4<code># sudo /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0

# ./configure --with-mysql --enable-dynamicplugin --enable-perfprofiling --enable-ipv6 --enable-zlib --enable-gre --enable-reload --enable-linux-smp-stats

# 须藤苏 # make && make install # 退出 # sudo mkdir /etc/snort /etc/snort/rules /var/log/snort /var/log/barnyard2 /usr/local/lib/snort_dynamicrules # sudo groupadd snort && useradd -g snort snort # sudo chown snort:snort /var/log/snort /var/log/barnyard2 # sudo cp ~/Source/snort-2.9.0.4/etc/*.conf* /etc/snort # sudo cp ~/Source/snort-2.9.0.4/etc/*.map /etc/snort 现在，我们需要对 snort 配置文件进行一些更改：更改这些行：

第 39 行 - ipvar HOME_NET 192.168.1.0/24 – 使其与您的内部（友好）网络相匹配
第 42 行 - ipvar EXTERNAL_NET !$HOME_NET
第 80 行 - var RULE_PATH ./rules – 假设 /etc/snort/rules
第 #186-#190 行注释掉所有预处理器 normalize_ 行
第 #366 行 - 添加以下内容：输出 unity2: filename snort.log, limit 128
第 #395 行 - 删除或注释掉除“local.rules”之外的所有“include $RULE_PATH”行

现在，输入一个简单的测试规则，我们可以通过 ping 触发：在 local.rules 文件底部添加以下规则：现在我们可以开始并测试 snort。

从另一台机器 Ping 管理 IP 地址，警报应打印到控制台，如下所示：
02/09-11:29:43.450236 [**] [1:10000001:0] ICMP 测试 [**] [优先级：0] {ICMP} 172.26.12.1 -> 172.26.12.2<code>02/09-11:29:43.450236 [**] [1:10000001:0] ICMP test [**] [Priority: 0] {ICMP} 172.26.12.1 -> 172.26.12.2 02/09-11:29:43.450251 [**] [1:10000001:0] ICMP test [**] [Priority: 0] {ICMP} 172.26.12.2 -> 172.26.12.1 02/09-11:29:44.450949 [**] [1:10000001:0] ICMP test [**] [Priority: 0] {ICMP} 172.26.12.1 -> 172.26.12.2 02/09-11:29:44.450957 [**] [1:10000001:0] ICMP test [**] [Priority: 0] {ICMP} 172.26.12.2 -> 172.26.12.1 02/09-11:29:43.450251 [**] [1:10000001:0] ICMP 测试 [**] [优先级：0] {ICMP} 172.26.12.2 -> 172.26.12.1

02/09-11:29:44.450949 [**] [1:10000001:0] ICMP 测试 [**] [优先级：0] {ICMP} 172.26.12.1 -> 172.26.12.2

02/09-11:29:44.450957 [**] [1:10000001:0] ICMP 测试 [**] [优先级：0] {ICMP} 172.26.12.2 -> 172.26.12.1

如果您看到这些警报，则表明 Snort 正在工作...使用 ctrl-c 杀死 snort。

您需要为 Barnyard2 设置一个 MySQL 数据库，以便能够记录 Snort 事件（如果您也安装 Snorby，则需要跳过此步骤，因为 Snoby 创建所有必需的 Snort 表以及 Snorby 特定表）
# mysql -u root -p mysql> create database snort; mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost; mysql> grant ALL on snort.* to snorby@localhost; mysql> SET PASSWORD FOR snort@localhost=PASSWORD('password'); mysql> SET PASSWORD FOR snorby@localhost=PASSWORD('password'); mysql> exit 因此，登录 MySQL 并设置 snort 数据库：

# mysql -u root -p <p>
mysql>创建数据库snort；<br>
mysql>将 snort.* 上的 CREATE、INSERT、SELECT、DELETE、UPDATE 授予 snort@localhost；<code># mysql -u root -p < ~/Source/snort-2.9.0.4/schemas/create_mysql snort<br>
# mysql -u root -p<br>
mysql> use snort;<br>
mysql> show tables; # you should see the list of new tables you just imported.<br>
mysql> exit;

mysql>将 snort.* 上的所有内容授予 snorby@localhost;

mysql>设置 snort@localhost=PASSWORD('password');

的密码 mysql>设置 snorby@localhost=PASSWORD('password') 的密码;
mysql>退出

# vi /etc/mysql/my.cnf 现在我们必须导入数据库模式：

# mysql -u root -p # mysql -u root -p # mysql -u root -p<code>bind-address = localhost mysql>使用snort；

mysql>显示表格； # 您应该看到刚刚导入的新表的列表。

mysql>退出；

其他 MySQL 配置：
socket = /var/run/mysqld/mysqld.sock

将绑定地址更改为本地主机：
pid-file = /var/run/mysqld/mysqld.pid

现在，我们必须确保 MySQL 创建一个 pid 文件来跟踪它自己的进程 id（这是本文档后面解释的 snortbarn 启动脚本所需要的）
# touch /var/run/mysqld/mysql.pid # chown mysql:mysql /var/run/mysqld/mysqld.pid 再次打开 /etc/mysql/my.cnf 并查找该行的第三个实例（在“基本设置”区域下）：

# sudo apt-get install gcc g++ build-essential libssl-dev libreadline5-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt-dev libxml2-dev libyaml-0-2 libyaml-dev libtcltk-ruby 将此行添加到套接字行的第三个实例下方：

# wget http://ftp.ruby-lang.org//pub/ruby/1.9/ruby-1.9.2-p180.tar.gz # tar -xvzf ruby-1.9.2-p180.tar.gz && cd ruby-1.9.2-p180 # ./configure # sudo su # make && make install # exit 保存 my.cnf 然后运行这两个命令：

# touch /var/run/mysqld/mysql.pid<p>
# chown mysql:mysql /var/run/mysqld/mysqld.pid</p>

# sudo apt-get install imagemagick git-core libmysqlclient-dev mysql-server libmagickwand-dev 现在，安装 Snorby 先决条件：

# sudo gem install tzinfo builder memcache-client rack rack-test erubis mail text-format bundler thor i18n sqlite3-ruby # sudo gem install rack-mount --version=0.6.0 # sudo gem install rails --version=3.0.5 # sudo gem update 安装 Ruby 的最新稳定版本（截至撰写本文时）：

# wget http://ftp.ruby-lang.org//pub/ruby/1.9/ruby-1.9.2-p180.tar.gz<p>
# tar -xvzf ruby-1.9.2-p180.tar.gz && cd ruby-1.9.2-p180<br>
# ./configure<code># cd ~/Source<br>
# wget http://dl.dropbox.com/u/38088/wkhtmltopdf<br>
# sudo cp wkhtmltopdf /usr/bin/

# 须藤苏

# make && make install

# 退出

现在，安装 MySQL、git 支持和 ImageMagick：
# cd /var/www # sudo mkdir -p /var/www/snorby # sudo adduser --system --home /var/www/snorby/ --no-create-home --group --shell /bin/bash snorby # sudo usermod -a -G snorby www-data # sudo git clone http://github.com/Snorby/snorby.git /var/www/snorby && cd /var/www/snorby

安装 Snorby 所需的宝石：
# sudo gem install tzinfo builder memcache-clientrackrack-testerubismailtext-formatbundlerthori18nsqlite3-ruby<code># sudo bundle update # sudo bundle pack # sudo bundle install --path vendor/cache # sudo chown -R www-data:www-data /var/www/snorby/ # sudo apache2ctl restart # sudo vi /var/www/snorby/config/database.yml # sudo gem installrack-mount --version=0.6.0

# sudo gem install Rails --version=3.0.5

# sudo gem 更新
snorby: &snorby adapter: mysql username: snorby password: password host: localhost development: database: snort <<: *snorby test: database: snort <<: *snorby production: database: snort <<: *snorby 安装 wkhtmltopdf 的预编译版本：

# cd ~/来源<🎜>
# wget http://dl.dropbox.com/u/38088/wkhtmltopdf<🎜>
# sudo cp wkhtmltopdf /usr/bin/

<🎜> <🎜> 现在，安装并配置 Snorby。<🎜> <🎜> 下拉最新版本的Snorby：<🎜>

# cd /var/www<🎜>
# sudo mkdir -p /var/www/snorby<🎜>
# sudo adduser --system --home /var/www/snorby/ --no-create-home --group --shell /bin/bash snorby<🎜>
# sudo usermod -a -G snorby www-data<🎜>
# sudo git clone http://github.com/Snorby/snorby.git /var/www/snorby && cd /var/www/snorby

<🎜> <🎜> 通过运行以下命令安装所有其他 gem：<🎜>

# sudo 捆绑更新<🎜>
# sudo 捆绑包<🎜>
# sudo bundle install --path供应商/缓存<🎜>
# sudo chown -R www-data:www-data /var/www/snorby/<🎜>
# sudo apache2ctl restart<🎜>
# sudo vi /var/www/snorby/config/database.yml

<🎜> <🎜> database.yml 文件应如下所示（用真实密码替换“password”）：<🎜>

snorby: &snorby<🎜>
  适配器：mysql<🎜>
  用户名：snorby<🎜>
  密码： 密码<🎜>
  主机：本地主机<🎜>
 <🎜>
发展：<🎜>
  数据库：snort<🎜>
  <<：*snorby<🎜>
 <🎜>
测试：<🎜>
  数据库：snort<🎜>
  <<：*snorby<🎜>
 <🎜>
制作：<🎜>
  数据库：snort<🎜>
  <<：*snorby

<🎜>

然后，配置Snorby系统邮件：
# sudo vi /var/www/snorby/config/email.yml

它应该看起来像这样：
生产：<code> production: :address: smtp.domain.com :port: 25 :authentication: plain :user_name: user :password: pass :地址: smtp.domain.com

：端口：25

：身份验证：普通
:user_name: 用户# sudo vi /var/www/snorby/config/initializers/mail_config.rb :密码:通过

然后，配置邮件初始值设定项：
ActionMailer::Base.delivery_method = :sendmail ActionMailer::Base.sendmail_settings = { :location => '/usr/sbin/sendmail', :arguments => '-i -t' }

在 Perform_deliveries 调用上方添加以下代码块（如果您不使用 sendmail，则使用其他示例）：
ActionMailer::Base.delivery_method = :sendmail<code>development: domain: snorby.crypsoft.com wkhtmltopdf: /usr/bin/wkhtmltopdf test: domain: snorby.crypsoft.com wkhtmltopdf: /usr/bin/wkhtmltopdf production: domain: snorby.crypsoft.com wkhtmltopdf: /usr/bin/wkhtmltopdf ActionMailer::Base.sendmail_settings = {

：位置=> '/usr/sbin/sendmail',

: 参数 => '-i -t'
}# rake snorby:setup RAILS_ENV=production

另外，不要忘记修复 /var/www/snorby/config/snorby_config.yml 文件：

开发： 域名：snorby.crypsoft.com<code># rake snorby:reset RAILS_ENV=production wkhtmltopdf: /usr/bin/wkhtmltopdf

测试：

域名：snorby.crypsoft.com

wkhtmltopdf: /usr/bin/wkhtmltopdf
# cd ~/Source # wget http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz # tar -zxf barnyard2-1.9.tar.gz && cd barnyard2-1.9 # ./configure --with-mysql # sudo su # make && make install # exit # sudo mv /usr/local/etc/barnyard2.conf /etc/snort # sudo vi /etc/snort/barnyard2.conf 制作：

域名：snorby.crypsoft.com

wkhtmltopdf: /usr/bin/wkhtmltopdf
config hostname: uboxee config interface: eth0 如果这是第一次设置 Snorby，请运行以下命令根据 database.yml 设置创建数据库架构：

config alert_with_interface_name 如果这不是第一次设置 Snorby，请运行此命令（所有数据将丢失）：

output alert_fast 现在，snort 表应该已设置完毕并准备好接收来自 barnyard2 的事件。

现在，安装并配置 barnyard2：
# cd ~/来源<code>output database: log, mysql, user=snort password= dbname=snort host=localhost # wget http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz

# tar -zxf barnyard2-1.9.tar.gz && cd barnyard2-1.9

# ./configure --with-mysql
# 须藤苏# sudo /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 & # sudo /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -C /etc/snort/classification.config & # make && make install

# 退出

# sudo mv /usr/local/etc/barnyard2.conf /etc/snort

# sudo vi /etc/snort/barnyard2.conf

取消第 60 和 61 行的注释，并将设为适合您环境的值：# sudo pkill snort # sudo pkill barnyard2 配置主机名：uboxee

配置接口：eth0

取消第 65 行的注释，以便主机名和接口将包含在警报中：# mysql -u snort -p -D snort -e "select count(*) from event"

将第 #215 行更改为：

# sudo vi /etc/init.d/snortbarn

在文件末尾添加以下行：现在使用以下命令启动 snort 和 barnyard2：

# sudo /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 &
# sudo /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf 
-d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo 
-G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map 
-C /etc/snort/classification.config &

要查看它是否正常工作，请 ping 机器以查看是否有任何内容通过 barnyard 输出到控制台。如果它有效，你可以继续并停止喷鼻息和稗子：

# sudo pkill snort
# sudo pkill barnyard2

现在，检查 barnyard 是否正确地将事件插入数据库：如果计数返回一个大于零的数字，那么它一定正在工作。现在，为了确保 snort 和 barnyard2 在每次重新启动时自动启动，请执行以下操作：

将以下所有代码添加到 snortbarn 文件中（省略破折号）：
#! /bin/sh#! /bin/sh # ### BEGIN INIT INFO # Provides: snortbarn # Required-Start: $remote_fs $syslog mysql # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # X-Interactive: true # Short-Description: Start Snort and Barnyard ### END INIT INFO /lib/init/vars.sh /lib/lsb/init-functions mysqld_get_param() { /usr/sbin/mysqld --print-defaults | tr " " "n" | grep -- "--" | tail -n 1 | cut -d= -f2 } do_start() { #log_daemon_msg "Starting Snort and Barnyard" "" # Make sure mysql has finished starting ps_alive=0 while [ $ps_alive -lt 1 ]; do pidfile=`mysqld_get_param pid-file` if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi #echo "sleeping" >&2 sleep 1 done /sbin/ifconfig eth0 up /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 & /usr/local/bin/barnyard2 -q -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -C /etc/snort/classification.config 2> /dev/nul & #log_end_msg 0 return 0 } do_stop() { #log_daemon_msg "Stopping Snort and Barnyard" "" kill $(pidof snort) 2> /dev/nul kill $(pidof barnyard2) 2> /dev/nul #log_end_msg 0 return 0 } case "" in start) do_start ;; stop) do_stop ;; restart) do_stop do_start ;; *) echo "Usage: snort-barn {start|stop|restart}" >&2 exit 3 ;; esac exit 0 #

### 开始初始化信息

# 提供：snortbarn# chmod 755 /etc/init.d/snortbarn

# 必需启动：$remote_fs $syslog mysql

# 必需停止：$remote_fs $syslog# chmod 755 /lib/init/vars.sh # chmod 755 /lib/lsb/init-functions # 默认开始：2 3 4 5

# 默认停止：0 1 6

# X-Interactive: true

# 简短描述：启动 Snort 和 Barnyard# service mysql restart # cat /var/run/mysql/mysqld.pid

### 结束初始化信息

/lib/init/vars.sh

/lib/lsb/init-functions
mysqld_get_param() {# /etc/init.d/snortbarn start /usr/sbin/mysqld --print-defaults | /usr/sbin/mysqld --print-defaults | tr“”“n” | grep -- "--$1" | grep -- "--$1" |尾-n 1 |切-d=-f2

}

do_start() {# ps -ef | grep snort #log_daemon_msg "启动 Snort 和 Barnyard" ""

# 确保mysql已经启动完毕
snort 4211 1 1 18:39 pts/0 00:00:00 /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 root 4212 1 1 18:39 pts/0 00:00:00 /usr/local/bin/barnyard2 -q -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -C /etc/snort/classification.config ps_alive=0

while [ $ps_alive -lt 1 ];

做

pidfile=`mysqld_get_param pid-file`

if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1;然后 ps_alive=1;菲

#echo“睡觉”>&2

睡觉1
完成# sudo apt-get install libcurl4-openssl-dev /sbin/ifconfig eth0 up

/usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 & /usr/local/bin/barnyard2 -q -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/ gen-msg.map -S /etc/snort/sid-msg.map -C /etc/snort/classification.config 2> /dev/nul & #log_end_msg 0 返回 0 } do_stop() { #log_daemon_msg "停止 Snort 和 Barnyard" "" 杀死 $(pidof snort) 2> /dev/nul 杀死 $(pidof barnyard2) 2> /dev/nul #log_end_msg 0 返回 0 } 案例“$1”位于开始） do_start ;; 停止） do_stop ;; 重新启动） do_stop do_start ;; *) echo "用法: snort-barn {start|stop|restart}" >&2 3号出口 ;; esac 退出0 使脚本可执行：然后，使两个包含的脚本可执行：

# chmod 755 /lib/init/vars.sh
# chmod 755 /lib/lsb/init-functions

现在，对其进行测试以确保其正常工作。重新启动 mysql 以确保在启动时创建 mysqld.pid 文件：

# 重启 mysql 服务
# cat /var/run/mysql/mysqld.pid

如果显示 mysql 进程 ID，则说明它正在运行。现在运行 snortbarn 脚本：检查snort和barnyard2是否启动成功：您应该输出如下所示：

snort 4211 1 1 18:39 pts/0 00:00:00 /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
根 4212 1 1 18:39 pts/0 00:00:00 /usr/local/bin/barnyard2 -q -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -C /etc/snort/classification.config

如果是这样，那么您就完成了该步骤。现在，安装 Passenger 以使用 Apache 运行 Ruby on Rails 为 Passenger 安装一个依赖项：

安装 Passenger 及其所需的任何模块：
# sudo su<code># sudo su # gem install --no-ri --no-rdoc --version 3.0.3 passenger # /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.3/bin/passenger-install-apache2-module -a # echo "LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.3/ext/apache2/mod_passenger.so" > /etc/apache2/mods-available/passenger.load # echo "" > /etc/apache2/mods-available/passenger.conf # echo " PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.3" >> /etc/apache2/mods-available/passenger.conf # echo " PassengerRuby /usr/local/bin/ruby" >> /etc/apache2/mods-available/passenger.conf # echo "" >> /etc/apache2/mods-available/passenger.conf # a2enmod passenger # a2enmod rewrite # a2enmod ssl # exit # gem install --no-ri --no-rdoc --version 3.0.3乘客

# /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.3/bin/passenger-install-apache2-module -a

# echo "LoadModule Passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.3/ext/apache2/mod_passenger.so" > /etc/apache2/mods-available/passenger.load
# 回显“”> /etc/apache2/mods-available/passenger.conf# sudo apache2ctl restart # echo " PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.3" >>> /etc/apache2/mods-available/passenger.conf

# echo " PassengerRuby /usr/local/bin/ruby" >>> /etc/apache2/mods-available/passenger.conf

# 回显“”>> /etc/apache2/mods-available/passenger.conf
# a2enmod 乘客# ps -ef | grep apache2 # a2enmod 重写

# a2enmod ssl

# 退出
# cd /var/www/snorby # sudo bundle install # sudo bundle pack # sudo bundle install --path vendor/cache # sudo chown -R www-data:www-data vendor/ # sudo apache2ctl restart 重新启动 apache 以应用更改：

truncate snort.caches; truncate snort.delayed_jobs; truncate snort.data; truncate snort.event; truncate snort.icmphdr; truncate snort.iphdr; truncate snort.notes; truncate snort.opt; truncate snort.signature; truncate snort.tcphdr; truncate snort.udphdr; 检查并确保 apache 正确启动：

# cd ~/Source # wget http://pulledpork.googlecode.com/files/pulledpork-0.5.0.tar.gz # tar -zxf pulledpork-0.5.0.tar.gz && cd pulledpork-0.5.0 # sudo su # cp pulledpork.pl /usr/local/bin && cp etc/*.conf /etc/snort # vi /etc/snort/pulledpork.conf 现在，准备好 Snorby 捆绑包的最后一步：

# cd /var/www/snorby<p>
# sudo 捆绑安装<br>
# sudo 捆绑包<code>Line 56: change to: rule_path=/etc/snort/rules/snort.rules<br>
Line 64: change to: rule_path=/etc/snort/rules/local.rules<br>
Line 67: change to: sid_msg=/etc/snort/sid-msg.map<br>
Line 90: change to: config_path=/etc/snort/snort.conf<br>
Line 101: change to: distro=Lucid-Lynx<br>
Line 133: Uncomment and change to: snort_version=2.9.0.4<br>
Line 137: Uncomment and change to: /etc/snort/enablesid.conf<br>
Line 139: Uncomment and change to: /etc/snort/disablesid.conf<br>
Line 140: Uncomment and change to: /etc/snort/modifysid.conf

# sudo bundle install --path供应商/缓存

# sudo chown -R www-data:www-data 供应商/

# sudo apache2ctl restart

# echo pcre:fwsam >> /etc/snort/disablesid.conf 现在，清理数据库中可能存在的所有测试相关条目：

截断 snort.caches;<p>
截断 snort.delayed_jobs;<br>
截断 snort.data;<code># vi /etc/snort/modifysid.conf

截断 snort.event;

截断 snort.icmphdr;

截断 snort.iphdr;
截断 snort.notes;302,429,1821 "$EXTERNAL_NET" "$HOME_NET" 截断 snort.opt;

截断 snort.signature;

截断 snort.tcphdr;
截断 snort.udphdr;

# /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l 现在，安装 Pullpork 并下拉最新规则

# cd ~/来源

# wget http://pulledpork.googlecode.com/files/pulledpork-0.5.0.tar.gz

# tar -zxf Pullpork-0.5.0.tar.gz && cd Pullpork-0.5.0
# 须藤苏# rm /var/www/index.html # chmod 755 /var/www/base # pkill snort && pkill barnyard2 # rm -rf /var/log/snort/* /var/log/barnyard2/* # cp pullpork.pl /usr/local/bin && cp etc/*.conf /etc/snort

# vi /etc/snort/pulledpork.conf

注释掉第 20 和 24 行# vi /etc/snort/rules/local.rules – Comment out the test rule # vi /etc/snort/snort.conf – Line 394: add: include $RULE_PATH/snort.rules # exit 第 56 行：更改为：rule_path=/etc/snort/rules/snort.rules

第64行：更改为：rule_path=/etc/snort/rules/local.rules 第67行：更改为：sid_msg=/etc/snort/sid-msg.map 第90行：更改为：config_path=/etc/snort/snort.conf 第 101 行：更改为：distro=Lucid-Lynx 第133行：取消注释并更改为：snort_version=2.9.0.4 第137行：取消注释并更改为：/etc/snort/enablesid.conf 第139行：取消注释并更改为：/etc/snort/disablesid.conf 第140行：取消注释并更改为：/etc/snort/modifysid.conf 现在，禁用所有阻止 (fwsam) 规则修复modifysid.conf 文件中的明显拼写错误：将最后一行更改为：跑拉猪肉您现在应该在 /etc/snort/rules 中看到 local.rules 和 snort.rules。清理：

# rm /var/www/index.html
# chmod 755 /var/www/base
# pkill snort && pkill barnyard2
# rm -rf /var/log/snort/* /var/log/barnyard2/*

不要忘记注释掉测试规则并启用新的 Pullpork (snort.rules)

# vi /etc/snort/rules/local.rules – 注释掉测试规则
# vi /etc/snort/snort.conf – 第 394 行：添加：包括 $RULE_PATH/snort.rules
# 退出

声明：

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系admin@php.cn

上一篇：在SQL Server 2012中实现CDC for Oracle下一篇：Oracle 11安装详解

查看更多

如何安装 Snort、Barnyard2、Snorby、Passenger 和 Pull

相关文章