|
阅读:3935回复:0
搭建基于Suricata+Barnyard2+Base的IDS前端Snorby
◆0
关于CentOS+Base+Barnyard2+Suricata就不多说了,这里有文章已经写的很详细了。 请参考:http://drops.wooyun.org/tips/413 ◆1 这里安装CentOS6系统同样是使用最小化安装,仅安装@Base @Development Tools @Development Library 系统安装完毕后,初始化安装软件包 [root@localhost ~]#yum -y install libyaml libyaml-devel gcc gcc-c++ make file file-devel git libxslt-devel curl curl-devel ImageMagic ImageMagic-devel[root@localhost ~]#yum -y install mysql mysql-libs mysql-server mysql-devel[root@localhost ~]#/usr/bin/mysql_secure_installation[root@localhost ~]#yum -y install httpd httpd-devel apr-utils php php-common php-cli php-pear php-curl php-mcrypt php-pecl php-devel php-mysql[root@localhost ~]#ln -sf /usr/lib64/mysql /usr/lib/mysql[root@localhost ~]#sed -i 's/Options Indexes FollowSymLinks/Options FollowSymLinks/g' /etc/httpd/conf/httpd.conf[root@localhost ~]#sed -i 's/ServerTokens OS/ServerTokens Prod/g' /etc/httpd/conf/httpd.conf[root@localhost ~]#sed -i 's/ServerAdmin root@localhost/ServerAdmin [email protected]/g' /etc/httpd/conf/httpd.conf[root@localhost ~]#/etc/init.d/httpd restart◆2 安装Ruby: [root@localhost opt]#wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p327.tar.gz[root@localhost opt]#tar zxvf ruby-1.9.3-p227/[root@localhost ruby-1.9.3-p227]#./configure[root@localhost ruby-1.9.3-p227]#make && make install[root@localhost ruby-1.9.3-p227]#cd ../安装openssl extensions [root@localhost ~]#cd /opt/[root@localhost opt]#cd ruby-1.9.3-p227/ext/openssl[root@localhost openssl]#ruby extconf.rb[root@localhost openssl]#make && make install[root@localhost openssl]#cd ../../../◆3 安装rubygems [root@localhost ~]#cd /opt[root@localhost opt]#tar zxvf rubygems-1.8.24.tar.gz[root@localhost opt]#cd rubygems-1.8.24/[root@localhost opt]#ruby setup.rb更改gem源 [root@localhost ~]#gem sources -l[root@localhost ~]#gem sources -r https://rubygems.org/[root@localhost ~]#gem sources –a http://ruby.taobao.org/[root@localhost ~]#gem sources -u安装gems包 [root@localhost ~]#gem install bundle[root@localhost ~]#gem install thor i18n bundler tzinfo builder memcache-client rack rack-test erubis mail rack-mount rails --no-rdoc --no-ri[root@localhost ~]#gem install tzinfo-data[root@localhost ~]#gem install rake --version=0.9.2 --no-rdoc --no-ri[root@localhost ~]#gem uninstall rake --version=0.9.2.2◆4 安装wkhtmltopdf [root@localhost ~]#cd /opt[root@localhost ~]#wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.9.9-static-amd64.tar.bz2[root@localhost ~]#tar jxvf wkhtmltopdf-0.9.9-static-amd64.tar.bz2[root@localhost ~]#cp wkhtmltopdf-amd64 /usr/local/bin/wkhtmltopdf[root@localhost ~]#chown root.root /usr/local/bin/wkhtmltopdf◆5 安装配置snorby: [root@localhost ~]#cd /var/www/html[root@localhost html]#git clone http://github.com/Snorby/snorby.git[root@localhost html]#cd /var/www/html/snorby/config/[root@localhost config]#cp database.yml.example database.yml[root@localhost config]#cp snorby_config.yml.example snorby_config.yml[root@localhost config]#chown -R apache.apache /var/www/html/snorby/修改database.yml,在“Enter Password Here”这里填入MySQL数据库的密码 修改snorby_config.yml,把time_zone前面的注释去掉,并把UTC改为Asia/Chongqing [root@localhost config]#cd ../[root@localhsot snorby]#bundle exec rake snorby:setup[root@localhost snorby]#bundle exec rails server -e production &此处开启http://0.0.0.0:3000端口的监听(此步骤需翻墙) [root@localhost snorby]#ruby script/delayed_job start RAILS_ENV=production此处开启snorby的进程 ◆6 关于Apache+mod_passenger 关于mod_passenger的配置: 为了方便访问,每次都手动输入3000端口显得非常麻烦,把ruby跟apache结合起来需要mod_passenger,安装过程如下: 1、 使用gem安装passenger [root@localhost ~]#gem install --no-ri --no-rdoc passenger2、 安装apache模块 [root@localhost ~]#/usr/local/bin/passenger-install-apache2-module –a3、 配置apache [root@localhost ~]#cd /etc/httpd/conf.d/4、 新建一个snorby.conf LoadModulepassenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-4.0.14/buildout/apache2/mod_passenger.soPassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-4.0.14PassengerDefaultRuby /usr/local/bin/rubyServerName snorby.domain.com # !!! Be sure to point DocumentRoot to 'public'!DocumentRoot /var/www/html/snorby/public # This relaxes Apache security settings.AllowOverride all # MultiViews must be turned off. Options -MultiViews5、 重启apache 6、 界面 图片:2013092911345386384.png  图片:2013092911345386384.png |
|
