web介面,用來管理 snort 的 rules ,並由中央管理其它台有snort的主機

snortcenter-console

[1.] tar zxvf snortcenter-console-3-31-05.tar.gz

      mv snortcenter-release snortcenter

      mv snortcenter /var/www/html/

[2.] install adodb

[3.] echo "CREATE DATABASE snortcenter;" | mysql -u root -p

[4.] vi /var/www/html/snortcenter/config.php

$DBlib_path = "./adodb/";
$curl_path = "";
$DBtype = "mysql";
$DB_dbname = "snortcenter";
$DB_host = "localhost";
$DB_user = "root";
$DB_password = "";
$DB_port = "";
$hidden_key_num = "236785";

[5.] mysql -u root -D snortcenter < snortcenter_db.mysql

[6.] http://localhost/snortcenter

         預設帳號密碼

         login name: admin

         password: change

 

參數說明:

$language
 Define the language you want to use e.g. "en" for english, "de" for german.Look into language directory for supported languages.

$DBlib_path
 Path to ADODB directory e.g. "./adodb/" if you copied adodb into snortcenter dir
$curl_path  
 Path to curl binary if not defined in your default search path e.g. "/usr/local/bin/"
 
$DBtype
 Type of database used e.g. "mysql"
 
$DB_dbname
 SnortCenter Database name e.g. "snortcenter"
 
$DB_host
 Host on which the SnortCenter database is stored e.g. "localhost"
 
$DB_user
 Username to access the SnortCenter database e.g. "root"
 
$DB_password
 Password to access the SnortCenter Database "root_password" or ""
 
$DB_port
 Port on which to access the alert database (default port: 3306/tcp)
 
$User_authentication
 Enable User authentication = 1 & to disable = 0 & disable only for auto update = 2
 
$hidden_key_num
 Random number for security e.g. "1562564"
 
$send_mail
 Email notification when rule update enable = 1 & to disable = 0
 
$mail['host']
 The smtp server host/ip
 
$mail['port']
 The smtp server port
 
$webmaster_email
 Your email address (for future use)
 
$startpage
 Page to load afther successfull authentication e.g. "sensor.php"
 
$proxy
 Proxy server to connect to for internet rule update or to access sensors on the internet e.g. "proxy.your_domain:8080"
 
$alert_console
 Path or URL to ACID for use with acid_plugin e.g. "./acid/"
 
$snortrules_url
 URL to the snortrules.tar.gz file e.g. "http://www.snort.org/dl/signatures/snortrules.tar.gz

snortcenter-agent

此套件是安裝於使用snort偵測的主機上,可利用snortcenter的console來start或stop其sensor的snort

[1.] tar zxvf snortcenter-agent-v2.x.linux.tar.gz

      mv sensor /etc/snort

[2.] 安裝,執行下列指令,之後照著提示做 (此研究我沒有使用SSL)

      /etc/snort/sensor/setup.sh

 

snortcenter-console + snortcenter-agent

[1.] 瀏覽 http://localhost/snortcenter/

[2.] ->sensor console->add sensor

sensor name                   router
sensor ip                         192.168.1.1   port   2525
sensor                             root
password                        123456                        # 於主機上安裝agent時,所設定的帳號密碼
sensor agent type           sensortcenter agent v.1 (SSL disabled)     # 取消SSL
interface name to sniff     eth1                             # 要偵測的網卡
snort command line         -d -l /var/log/snort        # 附加的參數設定

[3.] 先按push,才能start,因為console要丟一些資訊到agent主機上,像snort.conf 等等 …

Related posts 相關文章
新一代入侵偵測/防護系統 Snort++,就是 Snort 3 啦
More...
Snort 官網改版,較清楚乾淨
More...
Sourcefire 被 Cisco 買走了,但承諾 Snort 持續為 OpenSource ?
More...
snort 規則管理,pulledpork
More...

作者

留言

lowellfcc 

不过还是谢谢分享、、、

lowellfcc 

[5.] mysql -u root -D snortcenter < snortcenter_db.mysql 这条命令是在那个目录里面输入的呢?我的总提示错误-bash: snortcenter_db.mysql: 没有那个文件或目录。自己新建一个snortcenter_db.mysql在/var/www/html/snortcenter/ 下,可是web的snortcenter显示Unable to CREATE table 'schema': 登录界面一直登录不上去,输入用户和密码admin、change没反应。请帮一下解惑。谢谢!

    作者

    這個有些時間了,我也忘記在那裡看到的,我試找一下,也是找不到這個檔 !!!

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。