|
Snort is a famous lightweight IDS, reminded yesterday by a netizen, the first attempt to install on debian, the process is very simple.
For ease of analysis, also installed ACID. Here's a brief talk about the process.
Install apache + php4 + mysql, the Internet has a lot of relevant documents, no more paper waste of resources.
To establish a database to store snortdb mysql snort output;
The establishment of the database management account snort @ localhost, privileges except GRANT gave.
Not familiar with the mysql command can be used phpmyadmin (this stuff before bug more)
Mysql-based visualization of web management tools
Install snort-mysql, will automatically install snort-common, snort-rules-default
# Apt-get install snort-mysql
After answering a few questions after the installation configuration script, and then remember to set up tables in the snortdb
zcat /usr/share/doc/snort-mysql/contrib/create_mysql.gz | mysql -u [id] -p -h [host] [snort-database]
If you just said to me, like, [id] = snort [host] = localhost [snort-database] = snortdb
You may want to manually modify /etc/snort/snort.conf / etc / snort / rules / * system to meet their circumstances.
Installation acidlab
# Apt-get install acidlab
Have to answer a few questions, snort-achieve-db also use this library snotdb
Well, we're done, take a look in your browser http: // [yourhost] / acidlab / down no need for me to say.
Debian is really good, to save yourself a little bit to change the script to make these things fit.
Finally, to draw attention to two points
1 Establish .htpasswd protection http: // [yourhost] / acidlab / directory
2 Remember to regularly update your snort-rules |
|
|
|