Windows下安装Snort(2)
来源:互联网 发布:网络心灵鸡汤段子 编辑:程序博客网 时间:2024/05/30 23:07
全面且官方的WinIDS Installation Guide:http://wenku.baidu.com/view/e676414f2b160b4e767fcf29.html
这个WINIDS以snort mysQL等为基础,在windows下搭建了一个IDS系统。
这个是他的说明文档中关于Snort安装和配置的部分,值得参考。
Install and configure Snort
Navigate to the 'd:\tmp' folder, double left-click on the 'Snort...' file to start the installer, left-click the 'I Agree' button, left-click 'Next' (leave default), left-click 'Next', in the 'Destination Folder' dialog box, type 'd:\winids\snort' (less the outside quotes), left-click 'Next' allowing Snort to install, left-click the 'Close' button, and finally left-click 'OK'.
Navigate to the 'd:\tmp' folder and dissolve the 'snortrules-snapshot-CURRENT.zip' file into 'd:\winids\snort'.
Navigate to the 'd:\winids\snort\etc' folder, right-click on the 'snort.conf' file and open with 'WordPad'.
Note: Use the Find in WordPad to locate and change the variables below.
The home network variable below defines the network you wish to monitor, like the local LAN segment for instance It is set by specifying one or more networks in the form of aCIDR.
Note: The IP address below is fictitious and must be changed to the correct IP Address and CIDR that reflects the actual network that the IDS is monitoring.
Original: var HOME_NET any
Change: var HOME_NET 192.168.1.0/24
The external network below specifies one or more networks where you believe threats or attacks will originate. Thevar EXTERNAL_NET variable below can also be set by specifying aCIDR, or you can make use of the home network variable we've specified below.
Original: var EXTERNAL_NET any
Change: var EXTERNAL_NET !$HOME_NET
Original: var RULE_PATH ../rules
Change: var RULE_PATH d:\winids\snort\rules
Original: dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so
Change: dynamicpreprocessor file d:\winids\snort\lib\snort_dynamicpreprocessor\sf_dcerpc.dll
Original: dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so
Change: dynamicpreprocessor file d:\winids\snort\lib\snort_dynamicpreprocessor\sf_dns.dll
Original: dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
Change: dynamicpreprocessor file d:\winids\snort\lib\snort_dynamicpreprocessor\sf_ftptelnet.dll
Original: dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so
Change: dynamicpreprocessor file d:\winids\snort\lib\snort_dynamicpreprocessor\sf_smtp.dll
Original: dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so
Change: dynamicpreprocessor file d:\winids\snort\lib\snort_dynamicpreprocessor\sf_ssh.dll
Original: dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
Change: dynamicengine d:\winids\snort\lib\snort_dynamicengine\sf_engine.dll
Note: Find the line entr1es below and change the next lines.
Original:
# preprocessor sfportscan: proto { all } \
# memcap { 10000000 } \
# sense_level { low }
Change:
preprocessor sfportscan: proto { all } \
memcap { 10000000 } \
sense_level { low } \
logfile { portscan.log }
Note: Just below '# output log_tcpdump: tcpdump.log' insert this next line:
output alert_fast: alert.ids
Original: # output database: log, mysql, user=root password=test dbname=db host=localhost
Change: output database: log, mysql, user=snort password=l0gg3r dbname=snort host=localhost sensor_name=WinIDS
Original: include classification.config
Change: include d:\winids\snort\etc\classification.config
Original: include reference.config
Change: include d:\winids\snort\etc\reference.config
Original: # include threshold.conf
Change: include d:\winids\snort\etc\threshold.conf
Now save the file and eXit WordPad.
- Windows下安装Snort(2)
- WINDOWS下安装Snort
- windows下的snort安装
- Windows 下如何安装配置Snort视频教程
- ubuntu下安装snort
- ubuntu 下安装snort
- Windows 平台下基于 snort的入侵检测系统安装
- Windows 平台下基于 snort的入侵检测系统安装
- Windows下Snort的配置
- ubuntu 6.06下安装snort!
- Ubuntu 下安装snort-mysql
- ubuntu下snort的安装
- ubuntu下snort的安装
- Linux下安装snort(ubuntu为例)
- 与 SNORT 相关的sth(2)--- 关于SNORT的安装
- 在Windows上安装Snort+MySQL
- Windows 平台下基于 snort的入侵检测系统安装功略
- Linux下Snort的安装配置
- HDFS集群的平衡
- oracle 优化之解释计划
- 使用FABridge在GWT中集成FLEX
- POJ 2063 完全背包
- Qcon杭州2011 听课笔记&小结
- Windows下安装Snort(2)
- iPod 10年进化历程(视频)
- STL 常见的注意问题
- 段错误bug的调试
- LayoutInflater
- vc 网络编程(socket)
- 2011 程序员薪资调查报告
- 学习STL 做个简单的笔记
- MFC属性页示例