SNORT+APM+ACID ON Redhat 9.0 | ÀÛ¼ºÀÏ : 2003/11/10 11:32 |
Á¶È¸¼ö : 7566 |
º» ³»¿ëÀº ¾î´ÀÁ¤µµ ÀÌÇØ·Â(?)°ú IDS¿¡ ´ëÇÑ °³³äÀ» °¡Áø ºÐÀ» ±âÁØÀ¸·Î ½ºÇǵðÇÏ°Ô ¼³¸íÇØ ³õÀº ´Ü¼øÇÑ ÀýÂ÷¼ÀÔ´Ï´Ù. »ó¼¼ÇÑ ¼³¸íÀ» ¿øÇϽøé ÇØ´ç ¸Þ´º¾óÀ» Âü°íÇϼ¼¿ä. Âü°íÇÑ ¹®¼ http://www.snort.org/docs/writing_rules/ http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf http://www.snort.org/docs/snort_acid_rh9.pdf http://www.snort.org/docs/FreeBSD47RELEASE-Snort-MySQLVer1-3.pdf http://www.snort.org/docs/snort-win2k.htm ¹Ì¸® ¼³Ä¡µÇ¾îÀÖ¾î¾ß ÇÒ ÆÐÅ°Áö libpcap-0.7.2-1.rpm zlib-1.1.4-8.rpm libgd, libpng libjpeg-6b? !! ¼³Ä¡Áß ÇÊ¿äÇÏ´Ù°í ¿¡·¯ ¶ß¸é ÇØ´ç ÆäÅ°Áö ±ò¾ÆÁÖ¸éµÊ. ^^; ÀÚ½ÅÀÖ´Ù¸é ¼Ò½º·Î ±ò¾Æ¼ °æ·Î¸¦ ÁöÁ¤ÇØÁ־ ¹«¹æÇÔ. ^^; ´Ù¿î·Îµå (!! º¸Åë /tmp ȤÀº /usr/local/src ¿¡´Ù°¡ ´Ù¿î ¹ÞÁÒ~? ^^) http://members.chello.se/jpgraph/jpgdownloads/jpgraph-1.13.tar.gz http://www.students.fh-sbg.ac.at/~gwalch/adodb330.tgz http://www.andrew.cmu.edu/~rdanyliw/snort/acid-0.9.6b23.tar.gz 1. mysql ¼³Ä¡ # tar xfz mysql-4.1.0-alpha.tar.gz # cd mysql-4.1.0-alpha # ./configure --prefix=/usr/local/mysql && make -s && make -s install # scripts/mysql_install_db # chown -R root.mysql /usr/local/mysql # chown -R mysql /usr/local/mysql/var # cp support-files/mysql-x.conf /etc/my.cnf <-- »ç¾ç¿¡ ¸Â´Â ÆÄÀÏ ¼±Åà # vi /etc/ld.so.conf /usr/local/lib /usr/local/mysql/lib/mysql 2ÁÙ Ãß°¡ # ldconfig -v # cd /usr/local/mysql # bin/mysqld_safe --user=mysql & ºÎÆýà ÀÚµ¿ ½ÇÇàµÇ°Ô Á¶Ä¡¸¦ ÃëÇسõ´Â´Ù.¤»¤»¤»¤» 2. Apache-2.0.47 + PHP-4.3.2 ¼³Ä¡ # tar xfz httpd-2.1.0.tar.gz # cd httpd-2.0.47 # ./configure --prefix=/usr/local/apache --enable-mods-shared=all --enable-so && make -s && make -s install # tar xfz php-4.3.2.tar.gz # cd php-4.3.2 # ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs \ --with-config-file-path=/usr/local/apache/conf --enable-sockets \ --with-mysql=/usr/local/mysql --with-zlib-dir=/usr --with-gd && make -s && make -s install # cp php.ini-dist /usr/local/apache/conf # vi /usr/local/apache/conf/httpd.conf LoadModule php4_module modules/libphp4.so AddType application/x-httpd-php .ph .php .html Àû´çÇÑ À§Ä¡¿¡ Ãß°¡ ½ÃÄÑÁØ´Ù. # vi /etc/rc.loal /usr/local/apache/bin/apachectl start <--- ºÎÆýà ½ÇÇàµÇ°Ô²û ÇÑÁÙ Ãß°¡. !! httpd.conf ÆÄÀÏ ¼³Á¤Àº ÇØ´çµÇ´Â ÆäÀÌÁö°¡ ¿¸®°Ô²û °¢ÀÚ ¾Ë¾Æ¼ ¼³Á¤À» ÀßÇϽñæ.. 3. SNORT-2.0.0 ¼³Ä¡ # tar xfz snort-2.0.0.tar.gz # cd snort-2.0.0 # ./configure --prefix=/usr/local/snort && make -s && make -s install !! ¹®¼»ó¿¡´Â prefix Áö½ÃÀÚ¸¦ ¾²Áö ¾Ê¾ÒÁö¸¸ ÇÑ°÷À¸·Î ¸ô¾Æ¼ °ü¸®ÇÏ´Â°Ô ÆíÇϹǷΠÇÊÀÚ´Â ÀÌ·¸°Ô ¼³Ä¡Çß´Ù. # mkdir -p /usr/local/snort/etc/snort # mkdir -p /usr/local/snort/var/log < -- ·Î±×³²±æ °æ·Î Àß ±â¾ïÇØµÑ °Í # cp -rfp rules /usr/local/snort/etc < -- ·êÆÄÀÏ °æ·Î Àß ±â¾ïÇØµÑ °Í # cp etc/* /usr/local/snort/etc/snort < -- ¼³Á¤ÆÄÀÏ º¹»ç(±ÍÂú¾Æ¼ ´Ù º¹»çÇßÀ½.) # vi /usr/local/snort/etc/snort/snort.conf var HOME_NET 10.2.2.0/24 < -- ³»ºÎ ³×Æ®¿÷ ¾ÆÀ̵ð / ¸¶½ºÅ© ºñÆ®¼ö ex) 192.168.1.x C Ŭ·¡½º¸¦ 4°³ÀÇ ¼ºê³ÝÀ¸·Î ³ª´©¾úÀ»¶§ ºñÆ®¼ö´Â 2 ÀÌ°í ¸ð´ÏÅ͸µÇÒ ³×Æ®¿÷ÀÌ 192.168.1.192 ¶ó¸é ¾Æ·¡¿Í °°ÀÌ ÇÑ´Ù. var HOME_NET 192.168.1.192/26 var RULE_PATH /usr/local/snort/etc/rules <--- ·êÆÄÀÏ °æ·Î output database : log, mysql, user="À¯Àú¸í" password="Æнº¿öµå" dbname="µðºñ¸í" host="localhost" # cp contrib/S99snort /etc/init.d/snort # chmod 750 /etc/init.d/snort # vi /etc/init.d/snort CONFIG=/usr/local/snort/etc/snort/snort.conf < -- º¯°æ LOGDIR=/usr/local/snort/var/log¡¡¡¡¡¡¡¡¡¡¡¡<--- Ãß°¡ #SNORT_GID=nogroup¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡<--- ÁÖ¼®Ã³¸® $SNORT_PATH/snort -c $CONFIG -i $IFACE -g $SNORT_GID $OPTIONS --> $SNORT_PATH/snort -c $CONFIG -i $IFACE $OPTIONS -l $LOGDIR ·Î º¯°æ !! ½©½ºÅ©¸³Æ®¸¦ ÀÌÇØÇÑ´Ù¸é ÀÚ½ÅÀÇ ±¸¹Ì¿¡ ¸Â°Ô ¼öÁ¤ÇϽñæ... 4. MySQL ¼ÂÆà (!! ÇöÀç À§Ä¡ÇÑ µð·ºÅ͸®´Â snort-2.0.0 ¼Ò½ºµð·ºÅ͸®ÀÌ´Ù.) # /usr/local/mysql/bin/mysql > drop database test; > use mysql; > insert into db values('localhost','µðºñ¸í','µðºñÀ¯Àú','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y'); > insert into user (Host,User,Password) values('localhost','À¯Àú¸í',password('Æнº¿öµå')); > flush privileges; > exit # /usr/local/mysql/bin/mysql -u snort -p snort < ./contrib/create_mysql >Enter password: # zcat ./contrib/snortdb-extra.gz | /usr/local/mysql/bin/mysql -u snort -p snort >Enter password: !! Á¦´ë·Î ½ºÅ°¸¶¿Í µ¥ÀÌÅÍ°¡ ÀԷµǾîÀÖ´ÂÁö °¢ÀÚ È®ÀÎÇغ»´Ù. ^^; 5. JPGraph-1.13 + ADODB + ACID-0.9.6b23 ¼³Ä¡ # tar xfz jpgraph-1.13.tar.gz # tar xfz adodb330.tgz # tar xfz acid-0.9.6b23.tar.gz # mv jpgraph-1.13 /YOUR/HOMEPAGE/DRECTORY/jpgraph # mv adodb /YOUR/HOMEPAGE/DRECTORY # mv acid /YOUR/HOMEPAGE/DRECTORY # cd /YOUR/HOMEPAGE/DRECTORY/acid # vi acid_conf.php $DBlib_path = "/YOUR/HOMEPAGE/DRECTORY/adodb"; $DBtype = "mysql"; $alert_dbname = "µðºñ¸í"; $alert_host = "localhost"; $alert_port = ""; $alert_user = "À¯Àú¸í"; $alert_password = "Æнº¿öµå"; $archive_dbname = "µðºñ¸í"; $archive_host = "localhost"; $archive_port = ""; $archive_user = "À¯Àú¸í"; $archive_password = "Æнº¿öµå"; $ChartLib_path = "/YOUR/HOMEPAGE/DRECTORY/jpgraph/src"; $chart_fileformat = "png"; 6. È®ÀÎ ºê¶ó¿ìÀúâ¿¡¼ http://yourhost/acid/ or http://yourip/~°èÁ¤/acid setup ÆäÀÌÁö°¡ ³ª¿À¸é Creat ACID AG ¹öÆ°À» Ŭ¸¯ÇÑ´Ù. ÀÌÁ¦ ¸ðµç°ÍÀÌ ³¡³µ´Ù. snort¸¦ ½ÇÇà½ÃÅ°°í ºê¶ó¿ìÁ® âÀ» ¶ç¿ì¸é ½Ç½Ã°£À¸·Î ºÐ¼®µÈ ³»¿ëÀÌ ³ªÅ¸³´Ù. !! ºÎÆýà ÀÚµ¿ ½ÃÀÛµÇ°Ô ÇÏ´Â ¹æ¹ýÀº ÀϺη¯ ÀûÁö ¾Ê¾Ò´Ù. ½º½º·Î ¾Ë¾Æ¼ ÇϽñæ... 7. ´ý ½ÇÁ¦ Å×½ºÆ® ÇÒ¼öÀִ ȯ°æ snort ¼¹ö 1´ë / ÀÏ¹Ý ³ëµå¿ë ÇǾ¾ 1´ë ÀÌ»ó / IP 2°³ ÀÌ»ó Áö´É½ºÀ§Ä¡(port-mirroring Áö¿ø Çʼö) 1´ë ¹Ì·¯¸µÀ¸·Î ¿À°í°¡´Â ÆÐŶÀ» snort¼¹ö Æ÷Æ®·Î º¹»çµÇ°Ô²ûÇÑ´Ù. |
Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ / URL : http://coffeenix.net/board_view.php?bd_code=119 |