RedHat9上入侵检测系统的设置(3)

五.安装配置Web接口
　　安装JPGraph1.11
cp jpgraph-1.11.tar.gz /www/htdocs
cd /www/htdocs
tar -xzvf jpgraph-1.xx.tar.gz
rm -rf jpgrap-1.xx.tar.gz
cd jpgraph-1.11
rm -rf README
rm -rf QPL.txt
　　安装ADODB:
cp adodb330.tgz /www/htdocs/
cd /www/htdocs
tar -xzvf adodb330.tgz
rm -rf adodb330.tgz
　　安装配置Acid:
cp acid-0.0.6b23.tar.gz /www/htdocs
cd /www/htdocs
tar -xvzf acid-0.9.6b23.tar.gz
rm -rf acid-0.9.6b23.tar.gz
cd /www/htodcs/acid/
　　编辑acid_conf.php,修改相关配置如下：
#8194;$DBlib_path = "/www/htdocs/adodb";
/* The type of underlying alert database
*
* MySQL : "mysql"
* PostgresSQL : "postgres"
* MS SQL Server : "mssql"
*/
#8194;$DBtype = "mysql";
/* Alert DB connection parameters
* -  $alert_dbname : MySQL database name of Snort alert DB
* -  $alert_host : host on which the DB is stored
* -  $alert_port : port on which to access the DB
* -  $alert_user : login to the database with this user
* -  $alert_password : password of the DB user
*
* This information can be gleaned from the Snort database
* output plugin configuration.
*/
#8194;$alert_dbname = "snort";
#8194;$alert_host = "localhost";
#8194;$alert_port = "";
#8194;$alert_user = "root";
#8194;$alert_password = "Your_Password";
/* Archive DB connection parameters */
#8194;$archive_dbname = "snort";
#8194;$archive_host = "localhost";
#8194;$archive_port = "";
#8194;$archive_user = "root";
#8194;$archive_password = "Your_Password ";
And a little further down
#8194;$ChartLib_path = "/www/htdocs/jpgraph-1.11/src";
/* File format of charts ('png', 'jpeg', 'gif') */
#8194;$chart_file_format = "png";
　　进入web界面： ,点"Setup Page"链接 ->Create Acid AG ,访问将会看到ACID界面。
六.测试系统
　　重启系统或者直接启动相关后台程序：
/etc/init.d/mysql restart
/etc/init.d/snort start
/etc/init.d/httpd start
　　利用nmap,nessus,CIS或者X-scan对系统进行扫描，产生告警纪录。
　　 察看纪录。
　　至此，一个功能强大的IDS配置完毕。各位可以利用web界面 远程登陆，监控主机所处局域网，同时安装phpMyAdmin对mysql 数据库进行操控。