在linux系统下构建入侵检测系统
五.安装配置Web接口
安装JPGraph1.11
cp jpgraph-1.11.tar.gz /www/htdocs
cd /www/htdocs
tar -xzvf jpgraph-1.xx.tar.gz
rm -rf jpgrap-1.xx.tar.gz
cd jpgraph-1.11
rm -rf README
rm -rf QPL.txt
安装ADODB:
cp adodb330.tgz /www/htdocs/
cd /www/htdocs
tar -xzvf adodb330.tgz
rm -rf adodb330.tgz
安装配置Acid:
cp acid-0.0.6b23.tar.gz /www/htdocs
cd /www/htdocs
tar -xvzf acid-0.9.6b23.tar.gz
rm -rf acid-0.9.6b23.tar.gz
cd /www/htodcs/acid/
编辑acid_conf.php,修改相关配置如下:
#8194;$DBlib_path = “/www/htdocs/adodb”;
/* The type of underlying alert database
*
* MySQL : “mysql”
* PostgresSQL : “postgres”
* MS SQL Server : “mssql”
*/
#8194;$DBtype = “mysql”;
/* Alert DB connection parameters
* - ?$alert_dbname : MySQL database name of Snort alert DB
* - ?$alert_host : host on which the DB is stored
* - ?$alert_port : port on which to access the DB
* - ?$alert_user : login to the database with this user
* - ?$alert_password : password of the DB user
*
* This information can be gleaned from the Snort database
* output plugin configuration.
*/
#8194;$alert_dbname = “snort”;
#8194;$alert_host = “localhost”;
#8194;$alert_port = “”;
#8194;$alert_user = “root”;
#8194;$alert_password = “Your_Password”;
/* Archive DB connection parameters */
#8194;$archive_dbname = “snort”;
#8194;$archive_host = “localhost”;
#8194;$archive_port = “”;
#8194;$archive_user = “root”;
#8194;$archive_password = “Your_Password “;
And a little further down
#8194;$ChartLib_path = “/www/htdocs/jpgraph-1.11/src”;
/* File format of charts (’png’, ‘jpeg’, ‘gif’) */
#8194;$chart_file_format = “png”;
进入web界面:
http://yourhost/acid/acid_main.php
点”Setup Page”链接 ->Create Acid AG
访问http://yourhost/acid将会看到ACID界面。
六.测试系统
重启系统或者直接启动相关后台程序:
/etc/init.d/mysql restart
/etc/init.d/snort start
/etc/init.d/httpd start
利用nmap,nessus,CIS或者X-scan对系统进行扫描,
产生告警纪录。
http://yourhost/acid 察看纪录。
至此,一个功能强大的IDS配置完毕。各位可以利用web界面
远程登陆,监控主机所处局域网,同时安装phpMyAdmin对mysql
数据库进行操控。
最新相关文章发表评论