RedHat9上入侵检测系统的设置(2)

　创建硬链接:
　　cd /etc/rc3.d（文本方式启动)
ln -s /etc/init.d/mysql S85mysql
ln -s /etc/init.d/mysql K85mysql
cd /etc/rc5.d (图形方式启动）
ln -s /etc/init.d/mysql S85mysql
ln -s /etc/init.d/mysql K85mysql
4.安装Apache2.0.45和PHP4.3.1
tar -zxvf httpd-2.0.xx.tar.gz
cd httpd_2.xx.xx
./configure --prefix=/www --enable-so
注：apache根目录为 /www
make
make install
cd ..
tar -zxvf php-4.3.x.tar.gz
cd php-4.3.x
./configure --prefix=/www/php --with-apxs2=/www/bin/apxs --with-config- filepath=/www/php --enable-sockets --with-mysql=/usr/local/mysql --with-zlibdir=/
usr/local --with- gd
注意：这些为一行，中间不要有回车。
cp php.ini-dist /www/php/php.ini
　　编辑httpd.conf(/www/conf):
　　加入两行
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php
　　httpd.conf中相关内容如下：
#
# LoadModule foo_module modules/mod_foo.so
LoadModule php4_module modules/libphp4.so
# AddType allows you to tweak mime.types without actually editing it, or  $
# make certain files to be certain types.
#
AddType application/x-tar .tgz
AddType image/x- icon .ico
AddType application/x-httpd-php .php
　设置Apache为自启动：
cp /www/bin/apachectl /etc/init.d/httpd
cd /etc/rc3.d
ln -s /etc/init.d/httpd S85httpd
ln -s /etc/init.d/httpd K85httpd
cd /etc/rc5.d
ln -s /etc/init.d/httpd S85httpd
ln -s /etc/init.d/httpd K85httpd
　　测试一下 PHP:
cd /etc/init.d
./httpd start
　　在/www/htdocs下建立文件 test.php
cd /www/htdocs
vi test.php
　　加入
lt;?php
hpinfo();
?>
　　用浏览器访问,成功的话，出现一些系统,apache,php信息
5.安装 Snort2.0
5.1建立snort配置文件和日志目录
mkdir /etc/snort
mkdir /var/log/snort
tar -zxvf snort-2.x.x.tar.gz
cd snort-2.x.x
./configure --with-mysql=/usr/local/mysql
make
make install
5.2安装规则和配置文件
cd rules (在snort安装目录下）
cp * /etc/snort
cd ../etc
cp snort.conf /etc/snort
cp *.config /etc/snort
5.3修改snort.conf(/etc/snort/snort.conf)
　　var HOME_NET 10.2.2.0/24 (修改为你的内部网网络地址，我的是 192.168.0.0/24)
　　var RULE_PATH ../rules 修改为 var RULE_PATH /etc/snort/
　　改变记录日志数据库：
output database: log, mysql, user=root password=your_password
dbname=snort host=localhost