Mysql 설치
1. Mysql 서버 설치
[root@localhost rule]# yum install mysql-server Loaded plugins: fastestmirror, refresh-packagekit, security .. 생략
2. Mysql 실행
[root@localhost rule]# service mysqld start
Initializing MySQL database: Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
[ OK ]
Starting mysqld: [ OK ]
3. Mysql 로그인 후 DB 생성, 아이디 생성
[root@localhost rule]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.1.73 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> create database snort; Query OK, 1 row affected (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | snort | | test | +--------------------+ 4 rows in set (0.00 sec) mysql> grant all on snort.* to 'snortuser'@'localhost' identified by 'test@1234'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> exit
Barnyard2 설치
1. barnyard2 다운 받아서 설치하기
[root@localhost snort_install]# wget http://ftp.psu.ac.th/pub/snort/barnyard2-1.9.tar.gz .. 생략 [root@localhost snort_install]# ls barnyard2-1.9.tar.gz daq-2.0.0.tar.gz libdnet-1.12.tgz snort-2.9.5 daq-2.0.0 libdnet-1.12 rule snort-2.9.5.tar.gz [root@localhost snort_install]# tar -zxvf barnyard2-1.9.tar.gz .. 생략 [root@localhost snort_install]# cd barnyard2-1.9 [root@localhost snort_install]# ./configure --with-mysql --with-mysql-libraries=/usr/lib64/ [root@localhost barnyard2-1.9]# make [root@localhost barnyard2-1.9]# make install
2. barnyard2 폴더 생성, 권한 설정
[root@localhost barnyard2-1.9]# cp etc/barnyard2.conf /etc/snort/ [root@localhost barnyard2-1.9]# cp -p /snort_install/rule/etc/sid-msg.map /etc/snort/ [root@localhost barnyard2-1.9]# mkdir /var/log/barnyard2 [root@localhost barnyard2-1.9]# chmod 666 /var/log/barnyard2 [root@localhost barnyard2-1.9]# chmod 775 -R /var/log/snort/ [root@localhost barnyard2-1.9]# chown snort:snort -R /var/log/snort
3. barnyard2 schemas를 mysql에 생성
[root@localhost barnyard2-1.9]# mysql -u snortuser -p snort < schemas/create_mysql Enter password: [root@localhost barnyard2-1.9]# [root@localhost barnyard2-1.9]# service mysqld restart Stopping mysqld: [ OK ] Starting mysqld: [ OK ] [root@localhost barnyard2-1.9]#
Barnyard2 설정
barnyard2.conf 설정
[root@localhost barnyard2-1.9]# vim /etc/snort/barnyard2.conf # database: log to a variety of databases # --------------------------------------- # # Purpose: This output module provides logging ability to a variety of databases # See doc/README.database for additional information. # # Examples: output database: log, mysql, user=snortuser password=test@1234 dbname=snort host=localhost # output database: alert, postgresql, user=snort dbname=snort # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # output database: log, oracle, dbname=snort user=snort password=test #
Barnyard2 실행 테스트
Snort 실행
[root@localhost barnyard2-1.9]# snort -u snort -g snort -c /etc/snort/snort.conf -i eth1
Running in IDS mode
--== Initializing Snort ==--
.. 생략
barnyard2. 실행
[root@localhost barnyard2-1.9]# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.u2
Running in Continuous mode
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"
Log directory = /var/log/barnyard2
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database: host = localhost
database: user = snortuser
database: database name = snort
database: sensor name = localhost.localdomain:NULL
database: sensor id = 1
database: sensor cid = 1
database: data encoding = hex
database: detail level = full
database: ignore_bpf = no
database: using the "log" facility
--== Initialization Complete ==--
______ -*> Barnyard2 <*-
/ ,,_ \ Version 2.1.9 (Build 263)
|o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php
+ '''' + (C) Copyright 2008-2010 SecurixLive.
Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.
Opened spool file '/var/log/snort//snort.u2.1457444603'
Closing spool file '/var/log/snort//snort.u2.1457444603'. Read 0 records
Opened spool file '/var/log/snort//snort.u2.1457449267'
Waiting for new data
동작이 잘 됨 ^^'네트워크 > Snort' 카테고리의 다른 글
| 3) Snort Report 설치 (0) | 2016.03.09 |
|---|---|
| 1) Snort 설치 (1) | 2016.03.08 |
