recuperer mysql http://mysql-mirror.free.fr/Downloads/MySQL-3.23/mysql-3.23.53.tar.gz
./configure
make
make test
make install
scripts/mysql_install_db
<facultatif> cp support-files/my-medium.cnf /etc/my.cnf
<test> mysqladmin version
mysqladmin -u root password snort
echo "CREATE DATABASE snort;" | mysql -u root -p
user add snort
echo "grant INSERT,SELECT on snort.* to snort@localhost;" | mysql
-u root -p
mysql -u root -D snort -p < ./contrib/create_mysql
[root@laptop snort-1.9.0]# ./configure --enable-flexresp --with-mysql=/home/dev/mysql
install libnet pour flexresp (beta)
wget http://www.packetfactory.net/libnet/dist/libnet.tar.gz
./configure
make
make install
ADODB
wget http://phplens.com/lens/dl/adodb250.tgz
PHPplot
wget http://ftp1.sourceforge.net/phplot/phplot-4.4.6.tar.gz
JPGRAPH
wget http://www.aditus.nu/jpgraph/downloads/jpgraph-1.9.1.tar.gz
GD
wget http://www.boutell.com/gd/http/gd-1.8.4.tar.gz
LIBPNG
wget http://www.libpng.org/pub/png/src/libpng-1.2.5.tar.gz
ZLIB
wget http://www.gzip.org/zlib/zlib-1.1.4.tar.gz
LIBJPEG6b
wget http://www.ijg.org/files/jpegsrc.v6b.tar.gz
PHP
wget http://fr.php.net/distributions/php-4.2.3.tar.gz
Apache
wget http://apache.crihan.fr/dist/httpd/apache_1.3.27.tar.gz
ACID
wget http://www.andrew.cmu.edu/~rdanyliw/snort/acid-0.9.6b22.tar.gz
[root@laptop libpng]# cp scripts/makefile.linux makefile
[root@laptop libpng]# make test ; make install
[root@laptop jpeg-6b]# ./configure; make install
[root@laptop gd-1.8.4]# make ; make install
[root@laptop apache_1.3.27]# ./configure --enable-module=so
[root@laptop mysql]# mkdir lib
[root@laptop mysql]# cd lib
[root@laptop lib]# ln -s /home/dev/mysql-3.23.53/libmysql mysql
[root@laptop php-4.2.3]# ./configure --with-mysql=/home/dev/mysql --with-gd=/ho
me/dev/gd --enable-sockets --with-apache=/home/dev/apache --with-jpeg-dir=/home
/dev/jpeg-6b --with-png-dir --with-png-dir=/home/dev/libpng --with-zlib-dir=/ho
me/dev/zlib > conf.log
Inspecter conf.log pour verifier GD,libpng,libjpeg,zlib
[root@laptop php-4.2.3] make ; make install
vi /etc/php.ini
display_errors=On -> Off
[root@laptop apache_1.3.27]# make ; make install
[root@laptop apache_1.3.27]# apachectl start
Verifier http://laptop/phplot/examples/format_chart.php
[root@laptop dev]# mv adodb /var/www/html/
[root@laptop html]# mv /home/dev/jpgraph-1.9.1 .
[root@laptop dev]# mv acid-0.9.6b22.tar.gz /var/www/html/
[root@laptop dev]# cd /var/www/html/
[root@laptop html]# gunzip acid-0.9.6b22.tar.gz
[root@laptop html]# tar -xvf acid-0.9.6b22.tar
Verifier que mysql est lance (/etc/init.d/mysql status)
Modifier acid_conf.php
$DBlib_path = "/var/www/html/adodb";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "root";
$alert_password = "snort";
$ChartLib_path = "/var/www/html/jpgraph/src"
$portscan_file : /var/log/snort/scan.log
Lancer snort : snort -c /home/dev/snort/etc/snort.conf
-> http://laptop/acid/acid_main.php
------------------------
SRRAM
wget http://belnet.dl.sourceforge.net/sourceforge/srram/srram_0.6b.tar.gz
- create the database
- create a dir /home/snort/rules_mgt
- move the import and export scripts into this dir ( srram_import.sh,rules_import.pl,rules_export.pl)
- move the rules_mgt.pl to your cgi-bin dir
- create a script in /etc/cron.daily that:
executes `srram_import.sh`
pauses for about 10-15 min
executes `rules_export.pl`
pauses for a min or two
restarts snort
[root@laptop snort-1.9.0]# ./configure --with-mysql=/home/dev/mysql/
si mysql=no modifier "for i in lib lib/mysql;do" en modifier "for
i in lib libmysql;do"
make
make check
make install
etc/snort.conf
Modif +
-> output database: log, mysql, user=root password=snort dbname=snort host=localhost
mkdir /var/log/snort
snort -D -v