在Window下采用Snort配置入侵檢測系統(tǒng)

1、在 Window 下采用 Snort 配置入侵檢測系統(tǒng)院系：計算機與通信工程學院班級：信息安全學號：姓名：1安裝 ApacheApache安裝在 C:apache文件夾下|= Apacbe HTTP Server- 2. 0 - InstaJLlLiMoik ff 1 zardRead This FirstRead this Before Running Apache on Windows.Apache HTTP Server込What is it?HThe Apache HTTP Server is a powerful and flexible HTTP/1.1 compliantweb

2、server. Originally designed as a replacement for the NCSA HTTP Server, it has grown to be the most popularweb server on the Internet. As a project ofthe Apache Software Foundaiion. the developers aim to collaboralrvely develop and mainiain a robust, commercial-grade, standards-based server with free

3、ly availablB source code."Hie LaUjslDetails ofthe latest version can be found on the Apache HTTP server project page under:http:/httDd.aD/ |A InstallShieldApacKe HTTP Serveir 2. 0 -Server InformationNetwork Domain (e.g. ) |Server Name (e.g ):ILiLiQAdministrators Email Address (e.g. webm

4、aster©):Install Apache HTTP Server 2.0 programs «and shortcuts for;G for All Users, on Port 80, as a Service Recommended.only for the Current User, on Port 808® when started Manualy.Inst afIShi eld< £ack | 阻乂Cancel在"Folder name”文本框中輸入"C:apache”，如下圖所示:修改安裝路徑-安裝到C:apac

5、he文件夾下正在安裝ApacheApache安裝完成為了避免Apache監(jiān)聽端口與 Web服務器默認的端口發(fā)生沖突， 必須更改監(jiān)聽端口。 方法 是打開配置文件 C:Apache2confheepd.conf ，將其監(jiān)聽端口更改為不常用的端口 50080，如 下圖所示：ttIt Change this to Listen on specific IP aAMp1©葺弓。弓 as houn belou tott preuent Apache From glomming onto all bound IP addresses (0.O.Q.0)ttiLlsteri 12.：31t_56_7

6、B：ewListen 5 008T更改監(jiān)聽端口重新啟動計算機。然后，單擊“開始”-“運行”，輸入cmd然后在C:apacheApache2bi nApache.exe 拖動到命令窗口里然后輸入“ -k in stall”找到電腦有下角的紅色的標志。雙擊打開CH選擇"start "按鈕啟動Inferos of t yj-ndow L版才 5,2.2790110 .版權片爲 1852MU3 nicroso f t Carp -K:Doc<iments and Settins Adninistrator>netsta.t -anBe七 iveConnect ions

7、kProtnLoca1 AddressForeign AddressStateTCPe.ov0.e：2i:0LISTENINGTere .o.4.0：sfl=0LISTENIHaTCP：丄3百：0LISTENINGTCP0.0.0,0：0LISTENINGTCPfl .6.0.0:1025LISTENINGTCPe.0.0.0:1027o.a.a.BiQLISTEHINGTCPe.e.0.0：102=0LISrEHINGTCP0尙阿.0：33fi?:0LISTENINGTCPB.8.0.fi；44$504B.

8、8.8=0LISrENINGTCP8,B.e.0；B09:0LISTEHINGTCP6.o.e.e：ss?0-0.0.0:0LISTENIHG! TCF».B_0.0：58880；0LISTEHIHGTCP127.0.0町 Z1?=0LISTENINGTCF1921&了l?.l：13?a.B.0.0:0LISTENING頁命令援示符50080端口已經(jīng)進入監(jiān)聽狀態(tài)2.安裝PHP 將文件php-432-Win32.Zip 解壓縮至 C:php目錄下。 將C:php目錄下的php4ts.dll文件復制到 C:WINDOWSsystem32

9、目錄下。 將C:php目錄下的php.ini-dist復制到目錄下，再將這個文件改名為 php.ini。 添加系統(tǒng)圖形庫的支持。在php.ini中的extension=php_gd2.dll語句前的“；"注釋符去掉，如下圖所示：P plip_ XHL1 文件 編揖 曹格式查看 世 幫助逍）;extension = php_cpdF-dll ;extrnsion=php_c;extensionphpcurldll ;extension=php_db.dll ；extension-php_dba.dll jextenion=php dbase.dll geKtensiQnphp_dbK.

10、dllxtensiion=php_d（）nxnl .dll ;extensionphp_exiFdA ;extenslvn -=ph p_f df. dll ;e»tensiQn=php_filepradll巴 xtfii 于 dllsextension-php-gettext dll. ；extensifln-php tiyp&rwdedll. ,EKten5ion = php iconvdl丄 ;extensionphp_i Fx.dll添加系統(tǒng)對圖形庫的支持 將文件 C:phpextensionphp_gd2.dll 復制到 C:php 目錄下。 添加Apache對PH

11、P的支持。在C:aphcheapache2confhttpd.conf 文件中添加如下兩行:此處有空格此處有空格 重啟Apache服務 在.apache2htdocs目錄下新建test.php測試文件，文件的內(nèi)容如下圖所示，這一步主要 是用來測試前面的安裝是否成功。測試文件從瀏覽器中訪問http:/127.0O1/test.php ，以測試PHP是否安裝成功。如果安裝成功，則出現(xiàn)如下圖所示的界面。制釉vinW hdfVlNTM K Wi9Nd U feuM 37RMi r “ 沖 * “ ii.! hWb1* 2.D HimllurWllM WtCKQ SuOKMlK肝師應匚口nnquraDa

12、m Filla jftipjrwl PathCPHP4PI2CO2陽協(xié)RdP ExlHmcMi2Cn2C42Gfiend E 吐顧SB2GO21-D10ncrhread SataiieriahledRgiMierBO 州 P STflOfnar-!Ty. - t- ：:-Title 劇ngum北斛 iaq Hi Zana鳥5闆網(wǎng) LMiguage 色ngrm ZtondEngnu vlj , CWTMhl tQZind TwffinciipMrPHP CreditsConfigurationPHP CoreDllOCMLOCM V4M«M#tlm VakioOnPHP安裝成功3安裝

13、Snort將Snort安裝到C:Snort目錄下£ju.<»x 1 2- 2 SetupJnl xiSelect compcnertte to retail:EESnortOccumentaticnContrib-DescriptionHover your rrwuse over 召 component to see its description.Choose ComponentsChoose which features of Snort you want to instalLCheck the comporerts you iant to install and

14、 jncheck the components you dan t 怔nt to install. CfcckNeytto continue.required; 了2MBNuIIsoFl Install System /2rCb3Cancel< Bad<.-I： I x|Choose Install LocationChcxise ±e folder in which to install Snort.Setup wl install Snort in the Follciwing folder.To install in -a cl 肝 ei空 nt Foldercli

15、ck Browse arid select another folder, dick fJe)dt to continue.Browse.Space required:Space available： 11.9GBNuIIsoFl Iristall System v2，Qb3< Backliidi話口CancelSnort安裝目錄Snort 2. 2 SetupCompletedInstallation CompleteSetup was completed successfully.Extract: snort-sort.plExtract; snort2html.plExtra ct

16、: snortdb-e xtra gz Extract: snortlogExtract: snoitnet.tar.gzExtract: snortpp.cExtract: snortwatch-0.7.tar.gzExtract: snortrchdb-90a 上ar.gzExtract: snort_stat.plExtract: 5pade-092200.1 .tar.gzDelete file: C:5nortcontribVcYSiqnore Completed耳Rullsoft Install System v2.0b3-|i Close | Cance!Snort安裝成功4.

17、安裝并配置MySql數(shù)據(jù)庫解壓縮mysql-4.0.13-win.zip，并將其安裝到文件夾 C:mysql目錄中 ySOLSTv-H Clio" 4.0.22夕* »* *«« Next >MySQL Servers and Clients 4.0.22«jIl 譏-wrcntHded ihy 燦 eu Hc(ax、nube*wrtvnrr)lhsWAHNBiG- Tht? pirnw - p*3trrtrd-» c*r<切寸門,V HLnisd teetors.Ur iJh-idiodu-iir 01 d?ibZcr

18、cfSaprofln y ary CwrtGohi初?evec材 enjcr-rr? rT歸 cixjhprauctirdeoihe MYtr'uneNtm prtibr ini*i(m C«i Ioqjl 5elu| 打"Men cbse &申 ptoin r ha/nmnft dck NcdloCQrnc =<hE 5必口；npor *< ' My.i. 、，：" i i ' snnr Epw*54&認陽5。Sen.'CTS adCert: 4Qyou eampUerL 坐了廠 0 CanedTn.&

19、#163;orBat.i on.This i$ a release of MySQL 4.0.22 for Win32.NOTE: Ifpou install MySQL in a folder other than CAMYSQL or you intend to wtert MySQL on NTAVin2000 as a service, you must create a file named C:MY.CNF or Windowsmji.ini o( winntmy.ini with the following information:mysqldbas edir=E: 2in$ta

20、llali orrpa th? datadir=E: /data-path/After your have installed MySQL, the installation directory will contain 4 fies named 'my-smail cnf my-f. my-large cnf my-huge cnf.Vou can u$e this as a starting point fo( your ownCancel< Back安裝成功在命令行界面將其目錄改為C:mysqlbin，并執(zhí)行下面的命令:Mysqld -nt-installMySql在Win

21、dows中以服務方式運行執(zhí)行net start mysql命令，啟動 MySql服務Gt電七 sta±*t nysqlHySQL服務己經(jīng)啟動成功。C 二 5y 總 q 1 xl)in啟動MySql服務在C:mysqlbin提示符處輸入命令 “ mysql - root -p "并按Enter鍵，以root用戶登錄 Mysql 數(shù)據(jù)庫，如下圖所示C=binC* "MnyaqlShim ql -u root pEnt eir pekssupor-d :WeIcorne to the Hi/SQL nonltoir-. CommartdLs end wlili ； 01

22、*Vouf MySQL connerct ion dd is 1 to sewer- ueris： ion : 4.B.22debugrType 1 li& lp ；f or J for lie Ip. Type 1 J to c le-ar tlie buffer.曲卻毎髯人以root用戶登錄Mysql數(shù)據(jù)庫使用SQL語句create database語句創(chuàng)建數(shù)據(jù)庫 snort和snort_archive，如下圖所示:C; sni/sqL'sbin >r»ysnL -u root -p£ntcr pasord=Uelcome to tlie MySQ

23、L nonitot*. Connands end uith ； orVoub' MSQL cormechion £<1 £s 1 t o Serve!*- uei?.S.on! 4_0 .22debu. Type J he lp ；' ov 7V For help. TvPeto cleap the JbuFfei*.mysQl> ere ate database snortQuci'i OK* 1 row aFfectedsecmysql> ere ate database snort_archiveuueri OK, 1 rou

24、 af f ec ted <6. 00創(chuàng)建數(shù)據(jù)庫 snort和snort archive使用 C:snortcontribcreate_mysql 腳本文件，在數(shù)據(jù)庫 snort 和 snort_archive 中建立 Snort 運行必須的數(shù)據(jù)表，如下圖所示：Ci>cd mj/sqlG- nql>c（l blnC： Mnysql>Jt）in>nysql 一D snort h root -p<c:snortM;ontribcreate jiysqLEntef pas?vwrd：C： nyaqlxhin>fTiyoql D onoi't-aicl

25、ivo u root p<c : 'MinorLtconti'ib'ci*oato_nyDqJ Enter peissucrd：）C： mysqlbin>建立Snort運行必須的數(shù)據(jù)表再次以root用戶身份登錄 MySql，創(chuàng)建用戶acid和snort,并給這兩個用戶分配權限，圖 下圖所示：C： m<jsqlbin>n</sql ll rant -pleone to the MySQL monitor. Gonnands end with ； orVnui* MjKQLf:-inn i d i s 4 te i'u pp u inn

26、 : 4,0_22d&hi»QTypft 'b桿fv '、h f ni* hn Ip. Typfi J n J tn kIra'JinFFflif*.hrq1 >iiRgrn nn *. * tn "ruiriRntifiAtl hy ''ar i dtnst"-> ；Query OK. 0 rows affected (0.16 sec>rtvsQil> gFAnc usacie or *.* to '*snortPlocilhost" identified by snor

27、ttestIP；Query OK, 9 rows affected (0.00 sec>mijsql> 5frant Select, insert, update , de lete, ere ate , alter on snort _* to Mac id,bPH,Loe alhast°；Query 0K> B rows affected <S.05 sec>msql 呂rant select, insert on snort ,* to ''snort'localhostM；Querv QK” W rows aFfected

28、 CH-00 sec>iivgq1> </rant select .insert直1七曹卜 on snort_archiue .* to "acid-e'-localhost'*;Que rv OK, 0 i*oks af fee ted (0.01 stc >m 1為用戶分配權限至此，Mysql數(shù)據(jù)庫的安裝與配置完成5. 安裝 ADODB將adodb360.zip文件壓縮到 C:phpadodb目錄下，即完成了 ADODB的安裝6. 安裝并配置控制臺ACID 將壓縮文件 acid-0.9.6b23.tar.gz 加壓至 C:apacheapa

29、che2htdocsacid 目錄下 用寫字板打開 C:apacheapache2htdocsacid目錄下的acid_conf.php文件，進行如下修改:$DBIib_path = "c:phpadodb"$DBtype = "mysql"$alert_db name= "sn ort"$alert_host="localhost"$alert_port="3306"$alert_user="acid"$alert_password = "acidtest&quo

30、t;/* Archive DB conn ecti on parameters */ $archive_db name = "sno rt_archive" $archive_host = "localhost"$archive_port= "3306"$archive_user= "acid"$archive_password = "acidtest"$ChartLib_path = "c:phpjpgraphsrc"在瀏覽器的地址欄輸入:50

31、080/acid/acid_db_setup.php ，按 Enter 鍵后可得到圖下圖所示的網(wǎng)頁：ACID網(wǎng)頁單擊“Create ACID AG按鈕，按照系統(tǒng)提示創(chuàng)建數(shù)據(jù)庫, 這表示ACID數(shù)據(jù)庫創(chuàng)建成功了完成后應出現(xiàn)如下圖所示的網(wǎng)頁。成功創(chuàng)建了 ACID數(shù)據(jù)庫7安裝jpgrapg庫將文件 jpgragh-1.12.2.tar.gz 解壓到 C:phpjpgrpgh 目錄下，修改 C:phpjpgraphsrc 下的jpgragh.php文件，去掉前面語句的注釋，結果如下圖所示：/ The full absolute nane of the direct cry to be used to

32、store the/ cached 呂e files. This tiirect Ory vrill not Le used i£ 4:Lie USE_CACHE / define (further do-wn) is false. If you enable ihe cache please note/ this directory MUST be readable and writable for the process turming PHP. / Must end with r/rDEFINErCACIE_DIR Vtfip/jpgraFk_cacW#) :/ Directo

33、ry for jpGraph TTF torts. Must end with '廠"DEFINE C TTF_Dir, Vusr/S lKd/lib/Xl 1/forrt s/truetype/J ;更改jpgraph.php文件8.安裝 WinPcapWinPcap安裝完成9配置并啟動Snort用寫字板打開 C:Snortetcsnort.conf文件，將文件中的下列語句In elude classificatio n.configIn clude referen ce.c onfig修改為：In clude C:s no rtetcclassificatio n.con

34、figIn clude C:s no rtetcrefere nce.c onfig這樣做的目的是將文件路徑修改為絕對路徑，如下圖所示：# Include rsfer&nce syst常 Note for Windaws users: You are advised to make this an absolute pathj5 such as: c： Isnoft Etulr erf EtEficu-u onf ig常曲黠聊肚翔曲歸空歸禪琳曲斡蘋觀辟曲舁軸韓甜韋井琳棘蘋粽曲:從駅Misfit源文件路徑t Include refQtsnce systm?$ Note for Windo

35、ws uers: You are advised t o make this an absolute path,i such as: ciVsnortetcVrefeTerice. configmclnds c: snort et t:reference canf ig將文件路徑修改為絕對路徑在文件最后添 加語句 “ output database:alert, mysql, host=localhost user=snort password=snorttest dbname=snort encoding=hex detail=full ”，女口下圖所示：Include aivy Lhxsi

36、ul口工 wqpptE弓呂un cauiLds. S-ee thi&sholi 匚口nf hl tlw§ <sftcrt £rc>/rcc 出白ciory for details Comanl® doXi: necearaiilyt口5 contained in ttus confj but a 3tpsr(rt wtif iw)忙曇 it easier to r>.i5Lntem thens' Not» for Vindotfs urer e: ¥uu are advised t c： nai« this in ah irolut c pith,6 such 錮： caX&ftjEtitcXthEwkDld- cotif盤 Unc cmeTft if msided,* mcludr thrc sho d. cartu ulpiit d出t 心出曹：lei t上 nys ql3 husl-loui?x-n.Drt pus