Centos6.6安装Snort+Barnyard+Pulledpork+Snorby(2)

sudochmod -R 700 snort* sudochmod -R 700 pkgconfig cd /usr/local/bin

sudochown -R snort:snortdaq-modules-config sudochown -R snort:snort u2*

sudochmod -R 700 daq-modules-config sudochmod 700 u2* cd /etc

sudochown -R snort:snort snort sudochmod -R 700 snort

At this point we are ready to see if Snort starts up and reads the rules.

cd /usr/local/bin

./snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf

Check /var/log/message to catch any fatal errors or crashes.

Before install Barnyard2 we have to set up mysql root password. Issue the following command:

mysqladmin -u root password NEWPASSWORD

where NEWPASSWORD is whatever you want. Next step is to install Barnyard2.

Give the following commands in order to install and configure Barnyard2:

cd /usr/local/src

git clone https://github.com/firnsy/barnyard2.git cd barnyard2 ./autogen.sh

./configure --with-mysql -with-mysql-libraries=/usr/lib64/mysql make

sudo make install

sudocpetc/barnyard2.conf /etc/snort sudocp rpm/barnyard2 /etc/init.d

sudochmod 700 /etc/init.d/barnyard2

sudocp rpm/barnyard2.config /etc/sysconfig/barnyard2 sudocp /etc/init.d/barnyard2 /etc/init.d/barnyard2_default sudosed -i -e '/BARNYARD_OPTS=/s/$SNORTDIR\\/${INT}/$SNORTDIR/' -e '/BARNYARD_OPTS=/s/-L \\$SNORTDIR\\/\\${INT}/-l $SNORTDIR/' -e '/\\\/var/s/\\$prog/barnyard2/' /etc/init.d/barnyard2 sudosed -i 's#$SNORTDIR/${INT}#$SNORTDIR#g' /etc/init.d/barnyard2

sudocp /etc/sysconfig/barnyard2 /etc/sysconfig/barnyard2_default sudosed -i '/CONF=/s/barnyard.conf/barnyard2.conf/' /etc/sysconfig/barnyard2

sudosed -i '/LOG_FILE=/s/\/etc/sysconfig/barnyard2

Now at the end of /etc/snort/barnyard2.conf file put the following config:

output database: log, mysql, user=root password=NEWPASSWORD dbname=snorby host=localhost

where NEWPASSWORD is your mysql root password. Time to install Pulledpork.

cd /usr/local/src wget

https://pulledpork.googlecode.com/files/pulledpork-0.7.0.tar.gz

tar -zxvf pulledpork-0.7.0.tar.gz cd pulledpork-0.7.0

sudocp pulledpork.pl /usr/local/bin/pulledpork sudochmod 700 /usr/local/bin/pulledpork sudocpetc/* /etc/snort

sudocp /etc/snort/pulledpork.confpulledpork.conf_default sudosed -i[conf] -e

'/^local_rules=/s/\\/usr.*/\\/etc\\/snort\\/rules\\/local.rules/' -e

'/^rule_path/s/\\/usr.*/\\/etc\\/snort\\/rules\\/snort.rules/' \\ -e '/sid_msg=/s/\\/usr.*/\\/etc\\/snort\\/sid-msg.map/' -e '/config_path=/s/\%usr.*/\\etc\\/snort\\/snort.conf/' -e

'/black_list=/s/\\/usr.*/\\/etc\\/snort\\/rules\\/iplists\\/default.blacklist/' \\

-e '/IPRV/s/\\/usr.*/\\/etc\\/snort\\/rules\\/iplists/' /etc/snort/pulledpork.conf

One more thing to set up for pulledpork is the oinkcode. Oinkcode is a unique key, which is associated with a user account in snort.org. If you have a subscription you will get the latest rules, otherwise you will receive the free rule package. When you create an account onsnort.org copy your oinkcode and replace “” with yours in the following lines of/etc/snort/pulledpork.conf file:

rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|

rule_url=https://www.snort.org/reg-rules/|opensource.gz|

Next step is to install Snorby.

Before install Snorby we have to install five prerequisite package:

? ? ? ? ?

yaml ruby 1.9.x rails imagemagick wkhtmltopdf

cd /usr/local/src

wget pyyaml.org/download/libyaml/yaml-0.1.6.zip unzip yaml.zip cd yaml ./configure

make

sudo make install cd /usr/local/src

wget cache.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p547.tar.gz tar -zxvf ruby-1.9.3-p547.tar.gz cd ruby-1.9.3-p547 ./configure make

sudo make install sudo gem install rails

sudo gem install nokogiri -- --use-system-libraries sudo gem install bundler cd /usr/local/src

wget www.imagemagick.org/download/ImageMagick.tar.gz tar -zxvf ImageMagick.tar.gz cd ImageMagick* ./configure make

sudo make install cd /usr/local/src wget

sourceforge.net/projects/wkhtmltopdf/files/archive/0.12.0/wkhtmltox-linux-amd64_0.12.0-03c001d.tar.xz

tar xJ wkhtmltox-linux-amd64_0.12.0-03c001d.tar.xz cd wkhtml*

sudo mv bin/wkhtmltopdf /usr/local/bin

Finally it’s time to install and configure Snorby.

cd /usr/local/src

git clone https://github.com/Snorby/snorby.git cd snorby

sudo bundle install --deployment

sudocp /usr/local/src/snorby/config/database.yml.example /usr/local/src/snorby/config/database.yml

sudocp /usr/local/src/snorby/config/snorby_config.yml.example /usr/local/src/snorby/config/snorby_config.yml

Open /usr/local/src/snorby/config/database.yml file and change

password: \Password Here\# Example: password: \

to

password: \

where NEWPASSWORD is your mysql root password Now issue the following commands:

cd /usr/local/src/snorby bundle exec rake snorby:setup

In order to have access to Snorby front-end from anywhere we will install Phusion Passenger. Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js. It is designed to integrate into the Apache HTTP Server or the nginx web server, but also has a mode for running standalone without an external web server. Installing Phusion Passenger:

gem install passenger

passenger-install-apache2-module --auto

At the end of the installation, passenger will show us some lines to add in the/etc/httpd/conf/httpd.conf file. We copy-paste them at the end of /etc/httpd/conf/httpd.conffile and we change DocumentRoot to point at /usr/local/src/snorby/public directory. Similar we

change to . One last thing is to modify iptables in order to allow traffic to port 80.

sudocp /etc/sysconfig/iptables/etc/sysconfig/iptables_default sudosed -i '/22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport

80 -j ACCEPT' /etc/sysconfig/iptables sudo /etc/init.d/iptables restart

Now we can download new rules with pulledpork:

/usr/local/bin/pulledpork -c /etc/snort/pulledpork.conf -C /etc/snort/snort.conf -P -I security -e /etc/snort/enablesid.conf -i /etc/snort/disablesid.conf -M /etc/snort/modifysid.conf -v

Finally start all the necessary services:

/etc/init.d/mysqld restart /etc/init.d/httpd restart /etc/init.d/snort start /etc/init.d/barnyard2 start

In case you have problems with the snorby worker you can run the following commands:

cd /usr/local/src/snorby

sudo RAILS_ENV=production script/rails r \sudo RAILS_ENV=production script/rails r \sudo RAILS_ENV=production script/rails r \sudo RAILS_ENV=production script/rails r

\sudo RAILS_ENV=production script/rails r

\sudo RAILS_ENV=production script/rails r \

sudo RAILS_ENV=production script/rails r \sudo RAILS_ENV=production script/rails r

\

百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读，免费范文网，提供经典小说综合文库Centos6.6安装Snort+Barnyard+Pulledpork+Snorby(2)在线全文阅读。