《操作系统安全:安装配置snort.docx》由会员分享,可在线阅读,更多相关《操作系统安全:安装配置snort.docx(4页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、安装配置snort下载安装snort官网:安装依赖#sudo yum install gcc flex#sudo yum install gcc flexbison zlib zlib-devel libpcap libpcap-devel pc repcre-devel libdnet libdnet-devel tepdump(raotewltr -| su0o yw install qcc fle buon zli ziiD ievel libpcap ligc” 4。虱”re devel Ubmet ludet devel tcfdiapI 3.6 KBI 18 kBI 4.7 kBI
2、 3.4 k8I 3.4 kB I kB ouMMlplugin*:,6ySir2r怜el/ 64/ctaluk epelxtfMepel/_e4/prMry_db FARID6【)9.9 W,Zt3:c0mtMt.c/的_64”中q142nM24MMM6cMM436blW3b】 pra,.“lit,”,: (trr M HOPS (rfr 404 - hot yiy atMr airror.To Mrm th 15 iswe plee refer to the below wiki article/Niki .cntos. org/m rocf ve 4rticle didnt help t
3、o rwolve this nwe pl。uw t:/bm-cito.orn/.(1/4): extr*5Z7/x86_M/prry_d:fpel/i_/pruMryZdbFAILEDI US kB)W kS/5 I CO kB6:96:818:8:30 ITMtp:/Hirfr.tfU.irt.l*MM*.att/aHV7/xM_64/rodata/47/a,y_db(4/4): u加 1”/x86_64/pcary_0.MdinQ xrror speeds freo 3cq hostfile be: sirr9r.tocici. Running transaction check Pack
4、age daq.x86_64 0:2.O.6-1 will be installed Finished Dependency Resolution)ependencies ResolvedPackageArchVersionnstalling: daqx86_64Fransaction Summary iTnstall 1 Package#wget#./configuremakemake install备注:configure报错:configure: error: Your operating systems lex is insufficient to compile libsfbpf.
5、You should install both bison and flex.处理:yum install flex bison -yconfigure报错:ERROR! Libpcap library version = 1.0.0 not found.处理:yum install libpcap libpcap-devel -y安装snort#yuminstall或#wget #./configure enable-sourcefiremakemake install备注:configure报错:ERROR! dnet header not found, go get it from处理:
6、wget r.gzcd libdnet-1.11./configure & make & make instal安装规那么#mkdir -p /etc/snort/rules#wget #tar -zxf community-rules.tar.gz -C /etc/snort/rules使用使用snort有三种用法:嗅探模式、记录模式和网络入侵检测模式。嗅探模式#snort -v该模式打印通信的双方IP及协议头部,类似tcpdump记录模式#snort -dev -I ./log该模式将截获的数据包记入文件(此处是当前log目录下),重点是-I网络入侵检测模式/etc/snort/rules
7、/community-rules/snort.conf该模式将会按指定的规那么扫描通信数据包备注:报错:ERROR: /etc/snort/rules/community-rules/snort.conf(249) Could not stat dynamic module path /usr/local/lib/snort_dynamicrules: No such file or directory.处理:mkdir -p /usr/local/lib/snort_dynamicrules报错:ERROR: /etc/snort/rules/community-rules/classification.config(0) Unable to open rules file /etc/snort/rules/community-rules/classification.config: No such file or directory.处理:将上边2.3解压出的snort包中的etc/classification.config复制到/etc/snort/rules/community-rules/classification.config (暂未能成功运行)