發表文章
2.安裝 Snort 並將rele解壓縮到c:\snort
3.到snort目錄下etc下編輯snort.conf
A.把 var HOME_NET any 找出修改成
1.本機IP(主機型IDS)
2.192.168.104.0/24(單一區網 網路型IDS )
3.[172.18.11.0/24 ,172.19.11.0/24,172.18.19.12.0/24...]多網段
4.var RULE_PATH ../rules 更換var RULE_PATH c:\snort\rules
4.var RULE_PATH ../rules 更換var RULE_PATH c:\snort\rules
B# config detection: search-method lowmem del#
C.dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/改成 dynamicpreprocessor directory c:\snort\lib\snort_dynamicpreprocessor
D.dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so 之後改成 dynamicengine c:\snort\lib\snort_dynamicengine\sf_engine.dll
E.# output log_tcpdump: tcpdump.log 改成 output alert_fast: alert.ids
F.# preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low }
改成preprocessor sfportscan: proto { all } memcap { 10000000 }sense_level { low } logfile { portscan.log }
G.# output database: alert, 這行改成output database: alert, mysql, user=snort password=winsnort dbname=snort_log host=127.0.0.1 port=3306 sensor_name=HOSTNAME
H.安裝WinPcap
I.測試安裝是否正常 CMD 下打 snort -vp -iX "(X)為第幾張網卡"
A -->開始-->執行-->
B cmd cd \snort\bin
C snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -K ascii -iX(X=第幾張網卡1 2 3 4以此類推)
D 控制台->;系統管理工具->;服務 選擇snort 啟動類型改成自動 "若無法啟動 可能之前的步驟錯誤 請到 系統管理工具->的事件檢視器->應用程式 查看"
5.安裝MySQL 用進階設定將目錄裝在c:\MySQL 並選擇 standard configuration 選擇跟圖片所是一樣設定,取消Modify Security Settings,最後按Execute-->Finish 完成安裝
接著修改c:\mysql\my.ini 將原設定
sql-mode="STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" 改成
sql-mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
6.進入MySQL command Line Client 還未設密碼直接Enter
mysql>;create database snort_log;
mysql>;create database snort_archive;
mysql>;show databases;
mysql>;grant USAGE on *.* to base@localhost identified by "WinSnort";
mysql>;grant SELECT,INSERT,UPDATE,DELETE,CREATE,ALTER on snort_log.* to base@localhost;
mysql>grant SELECT,INSERT,UPDATE,DELETE,CREATE on snort_archive.* to base@localhost;
mysql>INSERT,SELECT,UPDATE on snort_log.* to snort@localhost;
沒有留言:
張貼留言