Linux平台配置snort+apache+php+mysql+acid环境(2)

5．安装 pcre-7.0
tar zxvf pcre-7.0.tar.gz
cd pcre-7.0
./configure --prefix=/usr/local/snort/pcre
make
make install
浏6.安装 snort-2.0.0.tar.gz
6.1建立snort配置文件和日志目录
groupadd snort
useradd -g snort snort
mkdir /etc/snort
mkdir /var/log/snort 生成日志文件alert
tar -xvzf snort-2.0.0.tar.gz
cd snort-2.0.0
./configure --prefix=/usr/local/snort  --with-MySQL=/usr/local/mysql选项激活Snort的数据库插件功能
--with-libpcap-includes=/usr/local/snort/libpcap/include 告诉Snort 查找libpcap库的地方
--with-libpcap-libraries=/usr/local/snort/libpcap/lib
--with-libpcre-includes=/usr/local/snort/pcre/include
--with-libpcre-libraries=/usr/local/snort/pcre/lib
--enable-dynamicplugin
make
make install
6.2配置snort并加载rules
cd rules
cp * /etc/snort
cd ../etc
cp snort.conf /etc/snort
cp *.config /etc/snort
6.3修改snort.conf(/etc/snort/snort.conf)
var HOME_NET 10.2.2.0/24 (修改为你的内部网网络地址，我的是192.168.146.0/24)
var RULE_PATH ../rules 修改为 var RULE_PATH /etc/snort/
改变记录日志数据库：
 output database: log, mysql, user=snort password=111111 dbname=snort host=localhost
指定Snort输出到mysql类型的数据库。其中，dbname为Snort输出存放的数据库名；user和password是用于访问该数据库的用户身份和密码；host即为mysql数据库所在的主机地址，对IDS控制中心而言，host为0.0.0.0即本机地址；在IDS传感器上，host则指向IDS控制中心。
6.4设置snort为自启动
在snort安装目录下
cd contrib
cp S99snort /etc/init.d/snort
vi /etc/init.d/snort
修改snort如下
SNORT_PATH=/usr/local/snort/bin
CONFIG=/etc/snort/snort.conf
SNORT_GID=snort
chmod 755 /etc/init.d/snort
cd /etc/rc3.d
ln -s /etc/init.d/snort S99snort
ln -s /etc/init.d/snort K99snort
cd /etc/rc5.d
ln -s /etc/init.d/snort S99snort
ln -s /etc/init.d/snort K99snort
6.5创建snort数据库,并导入数据
/usr/local/mysql/bin/mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('111111');
>Query OK, 0 rows affected (0.25 sec)
mysql> create database snort;
>Query OK, 1 row affected (0.01 sec)
mysql> grant INSERT,SELECT on root.* to snort@localhost;
>Query OK, 0 rows affected (0.02 sec)
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('new_password');
>Query OK, 0 rows affected (0.25 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
>Query OK, 0 rows affected (0.02 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
>Query OK, 0 rows affected (0.02 sec)
mysql> exit;
>Bye