web介面,用來管理 snort 的 rules ,並由中央管理其它台有snort的主機
snortcenter-console
[1.] tar zxvf snortcenter-console-3-31-05.tar.gz
mv snortcenter-release snortcenter
mv snortcenter /var/www/html/
[2.] install adodb
[3.] echo "CREATE DATABASE snortcenter;" | mysql -u root -p
[4.] vi /var/www/html/snortcenter/config.php
$DBlib_path = "./adodb/";
$curl_path = "";
$DBtype = "mysql";
$DB_dbname = "snortcenter";
$DB_host = "localhost";
$DB_user = "root";
$DB_password = "";
$DB_port = "";
$hidden_key_num = "236785";
[5.] mysql -u root -D snortcenter < snortcenter_db.mysql
[6.] http://localhost/snortcenter
預設帳號密碼
login name: admin
password: change
參數說明:
$language
Define the language you want to use e.g. "en" for english, "de" for german.Look into language directory for supported languages.$DBlib_path
Path to ADODB directory e.g. "./adodb/" if you copied adodb into snortcenter dir
$curl_path
Path to curl binary if not defined in your default search path e.g. "/usr/local/bin/"
$DBtype
Type of database used e.g. "mysql"
$DB_dbname
SnortCenter Database name e.g. "snortcenter"
$DB_host
Host on which the SnortCenter database is stored e.g. "localhost"
$DB_user
Username to access the SnortCenter database e.g. "root"
$DB_password
Password to access the SnortCenter Database "root_password" or ""
$DB_port
Port on which to access the alert database (default port: 3306/tcp)
$User_authentication
Enable User authentication = 1 & to disable = 0 & disable only for auto update = 2
$hidden_key_num
Random number for security e.g. "1562564"
$send_mail
Email notification when rule update enable = 1 & to disable = 0
$mail['host']
The smtp server host/ip
$mail['port']
The smtp server port
$webmaster_email
Your email address (for future use)
$startpage
Page to load afther successfull authentication e.g. "sensor.php"
$proxy
Proxy server to connect to for internet rule update or to access sensors on the internet e.g. "proxy.your_domain:8080"
$alert_console
Path or URL to ACID for use with acid_plugin e.g. "./acid/"
$snortrules_url
URL to the snortrules.tar.gz file e.g. "http://www.snort.org/dl/signatures/snortrules.tar.gz"
snortcenter-agent
此套件是安裝於使用snort偵測的主機上,可利用snortcenter的console來start或stop其sensor的snort
[1.] tar zxvf snortcenter-agent-v2.x.linux.tar.gz
mv sensor /etc/snort
[2.] 安裝,執行下列指令,之後照著提示做 (此研究我沒有使用SSL)
/etc/snort/sensor/setup.sh
snortcenter-console + snortcenter-agent
[1.] 瀏覽 http://localhost/snortcenter/
[2.] ->sensor console->add sensor
sensor name router
sensor ip 192.168.1.1 port 2525
sensor root
password 123456 # 於主機上安裝agent時,所設定的帳號密碼
sensor agent type sensortcenter agent v.1 (SSL disabled) # 取消SSL
interface name to sniff eth1 # 要偵測的網卡
snort command line -d -l /var/log/snort # 附加的參數設定
[3.] 先按push,才能start,因為console要丟一些資訊到agent主機上,像snort.conf 等等 …
留言
不过还是谢谢分享、、、
[5.] mysql -u root -D snortcenter < snortcenter_db.mysql 这条命令是在那个目录里面输入的呢?我的总提示错误-bash: snortcenter_db.mysql: 没有那个文件或目录。自己新建一个snortcenter_db.mysql在/var/www/html/snortcenter/ 下,可是web的snortcenter显示Unable to CREATE table 'schema': 登录界面一直登录不上去,输入用户和密码admin、change没反应。请帮一下解惑。谢谢!
這個有些時間了,我也忘記在那裡看到的,我試找一下,也是找不到這個檔 !!!