论坛 › php › RHEL5.4 snort+mysql+php+acid 安装笔记

erlchina 发表于 2018-12-21 06:37:05

RHEL5.4 snort+mysql+php+acid 安装笔记

snort安装软件列表：
zlib-1.2.3.tar.gz （zlib-1.2.3-3.i386.rpm）
libpcap-1.0.0.tar.gz （libpcap-0.9.4-14.el5.i386.rpm）
libxml2-2.6.19.tar.gz （libxml2-2.6.26-2.1.2.8.i386.rpm）
libpng-1.2.40.tar.gz （libpng-1.2.10-7.1.el5_3.2.i386.rpm）
gd-2.0.33.tar.gz （gd-2.0.33-9.4.el5_1.1.i386.rpm）
mysql-5.0.22.tar.gz
DBD-mysql-3.0008.tar.gz
httpd-2.2.14.tar.gz
php-5.2.13.tar.gz
pcre-8.00.tar.gz （pcre-6.6-2.el5_1.7.i386.rpm）
snort-2.8.3.1.tar.gz
snortrules-snapshot-2.8.tar.gz
snortrules-snapshot-CURRENT.tar.gz
jpgraph-3.0.6.tar.bz2
adodb498.tgz
acid-0.9.6b23.tar.gz

1、需要准备的系统包如下（在RHEL5.4的光盘中都能找到）
1)zlib
http://blog.运维网.com/attachment/201007/135346719.jpg
2)libpcap
http://blog.运维网.com/attachment/201007/135517233.jpg
3)libxml2
http://blog.运维网.com/attachment/201007/135517346.jpg
4)libpng
http://blog.运维网.com/attachment/201007/135517835.jpg
5)gd
http://blog.运维网.com/attachment/201007/135517924.jpg
6)perl-DBI
http://blog.运维网.com/attachment/201007/135634259.jpg

2、所有的tar包我都拷贝到了/usr/local/src这个目录下：


http://blog.运维网.com/attachment/201007/135951183.jpg

3、安装MYSQL

1）解压mysql
# tar zxf mysql-5.0.56.tar.gz
2）进入目录mysql-5.0.56
# cd mysql-5.0.56
3）增加mysql组群
# groupadd mysql
4）增加mysql用户
# useradd -g mysql mysql
5）进行编译前准备，指定安装目录为/us/local/mysql
# ./configure --prefix=/usr/local/mysql
完成后如下图所示:
http://blog.运维网.com/attachment/201007/140512596.jpg
6）执行make
# make
完成后如下图所示：（时间比较长，耐心等待）
http://blog.运维网.com/attachment/201007/140659683.jpg
7）执行make install
# make install
完成后如下图所示：
http://blog.运维网.com/attachment/201007/140818436.jpg
8）初始化数据库
# cd /usr/local/mysql/
# /usr/local/mysql/bin/mysql_install_db --user=mysql
http://blog.运维网.com/attachment/201007/140924245.jpg
9）改变目录权限
http://blog.运维网.com/attachment/201007/141039395.jpg
# chmod -R root .
# chown -R mysql var
# chgrp -R mysql .
http://blog.运维网.com/attachment/201007/141159865.jpg
10）后台运行MYSQL
# /usr/local/mysql/bin/mysqld_safe --user=mysql &
http://blog.运维网.com/attachment/201007/141345940.jpg
11）修改ld.so.conf文件
# vi /etc/ld.so.conf
在文件中加入两行：
/usr/local/mysql/lib/mysql
/usr/local/lib
http://blog.运维网.com/attachment/201007/141439642.jpg
# ldconfig

4、安装DBD-mysql

# tar zxf DBD-mysql-3.0002.tar.gz
# cd DBD-mysql-3.0002
# export LANG=C
# perl Makefile.PL \
> --libs="-L/usr/local/mysql/lib/mysql -lmysqlclient -lz" \
> --cflags=-I/usr/local/mysql/include/mysql \
> --testhost=127.0.0.1 \
> --mysql_config=/usr/local/mysql/bin/mysql_config
http://blog.运维网.com/attachment/201007/185844873.jpg

# make


http://blog.运维网.com/attachment/201007/190115438.jpg
# make install
http://blog.运维网.com/attachment/201007/190210393.jpg

5、安装snort

# cd /usr/local/src
# tar zxf snort-2.8.4.1.tar.gz
# cd snort-2.8.4.1
1）Snort调用mysql
# ./configure --with-mysql=/usr/local/mysql
http://blog.运维网.com/attachment/201007/190327720.jpg
1）执行make
#make




2）执行make install
#make instalhttp://blog.运维网.com/attachment/201007/190424169.jpg
4)创建配置文件目录
# mkdir /etc/snort
5)日志目录
# mkdir /var/log/snort
6）安装snort规则
# tar zxf snortrules-snapshot-2860.tar.gz
# tar zxf snortrules-snapshot-CURRENT.tar.gz
# mv rules/ /etc/snort
# cp * /etc/snort/
# ll /etc/snort
http://blog.运维网.com/attachment/201007/190558887.jpg
7）修改/etc/snort/snort.conf文件
监听的本地网段
http://blog.运维网.com/attachment/201007/190642198.jpg
Rules的路径
http://blog.运维网.com/attachment/201007/190729577.jpg
修改用户，密码，以及主机名，还有就是把前面的#号去掉
http://blog.运维网.com/attachment/201007/190828972.jpg
保存退出
8）创建snort数据库
##赋予root用户远程密码123
##用root用户远程登录mysql，输入密码(111111)
# /usr/local/mysql/bin/mysqladmin -u root password 111111
# /usr/local/mysql/bin/mysql -u root –p

mysql> SET PASSWORD FOR root@localhost=PASSWORD('111111');
mysql> create database snort;
mysql> connect snort;
mysql> source /usr/local/src/snort-2.8.4.1/schemas/create_mysql;

http://blog.运维网.com/attachment/201007/191056785.jpg
mysql>show tables;　　执行下列命令:











mysql>grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;
Query OK, 0 rows affected (0.00 sec)
mysql>grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges; ##刷新
Query OK, 0 rows affected (0.01 sec)

退出数据库，启动snort
# snort -c /etc/snort/snort.conf
http://blog.运维网.com/attachment/201007/191434217.jpg
　　看到以上信息，说明snort基本上安装OK！！
6、安装apache
　　


# cd /usr/local/src
# tar zxf httpd-2.2.15.tar.gz
# cd httpd-2.2.15
# ./configure --prefix=/usr/local/apache --enable-module=ssl --enable-module=so
http://blog.运维网.com/attachment/201007/191709944.jpg
# make
# make install
http://blog.运维网.com/attachment/201007/191806832.jpg
1)       启动apache
# /usr/local/apache/bin/apachectl start
查看端口信息：（这里的tcp链接呢是有80的，说明我们Apache安装成功）
# netstat -tnl
http://blog.运维网.com/attachment/201007/191855178.jpg
从上图中，我们还可以看到3306端口是mysql的端口

7）安装PHP

# tar zxf php-5.2.13.tar.gz
# cd php-5.2.13
# ./configure \
>--prefix=/usr/local/php \
>--with-mysql=/usr/local/mysql \
>--with-apxs2=/usr/local/apache/bin/apxs \
> --with-gd \
>--with-zlib
http://blog.运维网.com/attachment/201007/192945158.jpg
# make
　　# make install
http://blog.运维网.com/attachment/201007/193116863.jpg
1）复制配置文件
# cp php.ini-dist /usr/local/bin/php.ini
2）修改apache配置文件 使其能够识别.PHP结尾的网页文件
# echo "AddType application/x-httpd-php .php">> /usr/local/apache/conf/httpd.conf
http://blog.运维网.com/attachment/201007/193214979.jpg
3）重启Apache 服务
# /usr/local/apache/bin/apachectl stop
# /usr/local/apache/bin/apachectl start
4）写一个php的测试页
# vi /usr/local/apache/htdocs/index.php



http://blog.运维网.com/attachment/201007/193308703.jpg
5）在游览其中输入http://IP地址/index.php:如下图所示：
http://blog.运维网.com/attachment/201007/193350759.jpg
6）登陆到mysql看看数据库中是否建立了test01这个数据库
# /usr/local/mysql/bin/mysql -u root -p
mysql> show databases;
http://blog.运维网.com/attachment/201007/193637804.jpg

8、安装acid+adodb+jpgraph

# tar zxf acid-0.9.6b23.tar.gz
# tar zxf adodb511.tgz
# tar zxf jpgraph-3.0.7.tar.gz
# mv acid /usr/local/apache/htdocs/
# mv adodb5 /usr/local/apache/htdocs/adodb
# mv jpgraph-3.0.7 /usr/local/apache/htdocs/jpgraph
这里呢，我是剪切过去的，但adodb5 和jpgraph-1.27是剪切后改名字为adodb 和jpgraph
修改acid的配置文件
http://blog.运维网.com/attachment/201007/193806722.jpg
修改数据库名字，端口默认那就好了，用户名 ，已经用户密码
http://blog.运维网.com/attachment/201007/193909508.jpg
http://blog.运维网.com/attachment/201007/193947441.jpg
/usr/local/mysql/bin/mysqld_safe --user=mysql &
snort -d -D -c /etc/snort/snort.conf
/usr/local/apache/bin/apachectl start
　　这些命令呢。我们可以写入/etc/rc.local 让它开机自动运行
　　9登陆到acid控制台
1）打开浏览器 输入http://你的ip地址/acid/acid_main.php，选择setup page
http://blog.运维网.com/attachment/201007/194146517.jpg

　　2）选择“Create ACID AG ”按钮
　　http://blog.运维网.com/attachment/201007/194427882.jpg
　　3）可以看到已经成功安装了
http://blog.运维网.com/attachment/201007/194627796.jpg
　　4）点击 “Home”，返回ACID控制台的首页，在这里就可以看到具体的一些信息了：
http://blog.运维网.com/attachment/201007/194725709.jpg

好了，一个简单的snort搭建就结束了，对snort的深入研究估计还要等一段时间，如果大家需要以上的软件包，请留下邮箱（确保你的邮箱可以接收超过50M的邮件！！！）

查看完整版本: RHEL5.4 snort+mysql+php+acid 安装笔记