snort入侵检测试验报告

实验：入侵检测系统（Snort）的安装与配置一、实验目的学会WINDOWS下SNORT的安装与配置二、实验环境WinXP虚拟机三、实验步骤与结果.在“我的电脑”中C盘中建立文件夹“zhangxiaohong”.安装WinPcap,运行WinPcap_4_1_2.zip,默认安装。.在“我的电脑”中C盘中建立文件夹“zhangxiaohong”.安装WinPcap,运行WinPcap_4_1_2.zip,默认安装。V/inPcap4.0.2InstallerWelcometotheWinPcap4,0.2InstallationWizardTECHNOLOGIESThisproductisbroughttoyoubyCACENullsoftInstallSystemv2.16[_Next> |[ 匚anEPacketCapturfn9andNetworkAnnfycisSofutioncVinFcap4_0_2Setup三.安装mysql,运行mysql-5.0.22-win32.zip,选择自定义安装选择安装路径C:\zhangxiaohong\mysql下，安装时注意：端口设置为3306（以后要用到），密码本实验设置成123.安装apache.运行apache_2.2.4—win32-x86—no_ssl.zip,安装至Uc:\zhangxiaohong\Apache.安装Apache,配置成功一个普通网站服务器.出现ApacheHTTPServer2.0.55的安装向导界面，点“Next”继续.确认同意软件安装使用许可条例，选择“Iacceptthetermsinthelicenseagreement”，点“Next”继续.将Apache安装到Windows上的使用须知，请阅读完毕后，按“Next”继续.选择安装类型，Typical为默认安装，Custom为用户自定义安装，我们这里选择Custom,有更多可选项。按“Next”继续.出现选择安装选项界面，如图所示，左键点选“ApacheHTTPServer2.0.55”，选择“Thisfeature,andallsubfeatures,willbeinstalledonlocalharddrive.”.即“此部分，及下属子部分内容，全部安装在本地硬盘上”。点选“Change...”，手动指定安装目录。.我这里选择安装在"C:\zhangxiaohong\Apache”，各位自行选取了，一般建议不要安装在操作系统所在盘，免得操作系统坏了之后，还原操作把Apache配置文件也清除了。选“OK”继续。.返回刚才的界面，选“Next”继续。.好了现在我们来测试一下按默认配置运行的网站界面，在IE地址栏打“”，点“转到”，就可以看到如下页面，表示Apache服务器已安装成功。Ji--- x।+优叼生辿3W9芥解R.£口以方卷」勺.工卬岁11卜・甘，小W怛士i员刘3代并，越 这不是你想看电的页面空？■之班以台.见式tn面，是用/月哪俎以收总门1T站点的皿蟒有黑河，陋昏岬推归点的人同+ 即比岫点所瘦用的南网 , 园笈•HT以在恬用上的网玷偏弱型上，自由地快用下面的图片.再用便用好餐川--j^^pwarvribqpAF=>AUIEZ.| .安装和配置PHP53、安装winpcap.解压php-5.2.5-Win32至Uc:\zhangxiaohong\php.添加gd图形库支持复制c:\zhangxiaohong\php\php5ts.dll和c:\zhangxiaohong\php\libmysql.dll文件至UC:\Windows\system32复制c:\zhangxiaohong\php\php.ini-dist到C:\Windows文件夹并重命名为php.ini,修改php.ini,分别去掉“extension=php_gd2.dll”和“extension=php_mysql.dll”前的分号，.并指定extension_dir="c:\zhangxiaohong\php\ext",.同时复制c:\zhangxiaohong\php\ext下的php_gd2.dll与php_mysql.dll至UC:\Windows\system32在C:\zhangxiaohong\apache\conf\httpd.conf中添加口LoadModulephp5_modulec:/zhangxiaohong/php/php5apache2.dllAddTypeapplication/x-httpd-php.phpAddTypeapplication/x-httpd-php-source.phpsAddTypeapplication/x-httpd-php.htmlAddTypeapplication/x-httpd-php.htm.重启Apache服务在C:\zhangxiaohong\apache\htdocs目录下新建webinf.php(文件内容为：<?phpinfo();?>)并使用/webinf.php访问测试是否能够显示当前Apache服务器的信息，如果能够显示表明Apache和php工作基本正常六.安装snort.运行Snort2905Installer.exe安装在C:\zhangxiaohong\Snort下即可，运行C:\zhangxiaohong\Snort\bin\snort.exe或者在DOS中找到该位置，如果安装Snort成功会出现一个可爱的小猪.并按照以下修改C:\zhangxiaohong\Snort\etc\snort.conf文件.打开snort.conf文件.在文档中作相应的修改.varRULE_PATHc:\zhangxiaohong\snort\rulesincludeclassification.configincludereference.config修改为绝对路径：includec:\zhangxiaohong\snort\etc\classification.configincludec:\zhangxiaohong\snort\etc\reference.config在该文件的最后加入下面语句：outputdatabase:alert,mysql,host=localhostuser=rootpassword=123dbname=snortencoding=hexdetail=full.创建snort数据库的表复制c:\zhangxiaohong\snort\schames文件夹下的create_mysql文件至UC:\zhangxiaohong\mysql\bin文件夹下七.安装和设置mysql打开mysql的的客户端执行如下命令Createdatabasesnort;Createdatabasesnort_archive;Usesnort;Sourcecreate_mysql;Usesnort_archive;Sourcecreate_mysql;Grantallon*.*to“root”@”localhost”;加入php对mysql的支持：得到修改c:\windows\php.ini文件去掉extension=php_mysql.dll前的分号。复制c:\zhangxiaohong\php\ext文件夹下的php_mysql.dll文件到c:\windows文件夹。复制c:\zhangxiaohong\php\libmysql.dll文件至Uc:\windows\system32下八.安装adodb解压缩adodb到c:\zhangxiaohong\php\adodb文件夹下。九.安装jpgrapg库解压缩jpgraph到c:\zhangxiaohong\php\jpgraph文件夹下十.安装acid解压缩acid到c\zhangxiaohong\apache\apache2\htdocs\acid文件夹下修改acid_conf.php文件为以下内容$DBlib_path="c:\zhangxiaohong\php\adodb";$DBtype="mysql";$alert_dbname="snort";$alert_host="localhost";$alert_port="3306";$alert_user="root";$alert_password="123";$archive_dbname="snort_archive";$archive_host="localhost";$archive_port="3306";$archive_user="root";$archive_password="123";$ChartLib_path="c:\zhangxiaohong\php\jpgraph\src";十一.重启apache、mysql服务十二..在浏览器中初始化acid数据库：http://localhost/acid/acid_db_setup.php单击CRETEACIDAG按钮，AddstablestoextendtheSnortDBtosupporttheACIDfunctionality安装成功，测试一下：启动Apache和mysql服务运行ACID：打开浏览器，地址为/acid。则表示ACID安装成功。十三.解压缩snort规则包把压缩包内的所有文件解压缩到c:\zhangxiaohong\snort\下十四.启动snortC:\zhangxiaohong\snort\bin\snort.exe-c“c:\zhangxiaohong\snort\etc\snort.conf”-l"c:\zhangxiaohong\snort\log”—d—e-X如果出现错误修改snort配置文件c:\zhangxiaohong\snort\etc\snort.conf修改内容如下：将dynamicpreprocessordirectory/usr/local/lib/snort_dynamicpreprocessor/修改为：dynamicpreprocessordirectoryC:/zhangxiaohong/snort/lib/snort_dynamicpreprocessor/dynamicpreprocessorfileC:/zhangxiaohong/snort/lib/snort_dynamicpreprocessor/sf_ssl.dll将dynamicpreprocessorfile〈fullpathtolibsf_dcerpc_preproc.so〉修改为：dynamicpreprocessorfileC:\zhangxiaohong\Snort\lib\snort_dynamicpreprocessor\sf_dcerpc.dll参考上一条在相应位置修改为下面内容：dynamicpreprocessorfileC:\zhangxiaohong\Snort\lib\snort_dynamicpreprocessor\sf_dns.dlldynamicpreprocessorfileC:\zhangxiaohong\Snort\lib\snort_dynamicpreprocessor\sf_ftptelnet.dlldynamicpreprocessorfileC:\zhangxiaohong\Snort\lib\snort_dynamicpreprocessor\sf_smtp.dlldynamicpreprocessorfileC:\

zhangxiaohong\Snort\lib\snort_dynamicpreprocessor\sf_ssh.dlldynamicengineC:/zhangxiaohong/Snort/lib/snort_dynamicengine/sf_engine.dlloutputdatabase:alert,mysql,user二rootpassword=123dbname:snorthost=localhostencoding:hexdetail二fullincludec:\zhangxiaohong\snort\etc\classification.configincludec:\zhangxiaohong\snort\etc\reference.