一、环境准备与依赖包安装
1、更新Yum源和软件包
sudo yum clean all sudo yum makecache sudo yum -y update
2、安装Wget工具
sudo yum install -y wget
3、安装EPEL源
sudo yum install -y epel-release
4、安装所需组件
sudo yum install -y gcc flex bison zlib zlib-devel libpcap libpcap-devel pcre pcre-devel libdnet libdnet-devel tcpdump
二、安装Libdnet库
1、下载并解压libdnet库
wget https://github.com/inliniac/libdnet/archive/refs/heads/main.tar.gz tar -zxvf main.tar.gz cd libdnet-main
2、编译并安装libdnet
./configure make && make install
三、安装DAQ(Data Acquisition Library)
1、下载并解压DAQ
wget https://www.snort.org/downloads/daq-2.0.7.tar.gz tar -zxvf daq-2.0.7.tar.gz cd daq-2.0.7
2、编译并安装DAQ
make && make install
四、安装OpenSSL库
1、安装OpenSSL库
sudo apt-get install openssl
五、安装Snort
1、下载并解压Snort
wget https://www.snort.org/downloads/snort-2.9.20.tar.gz tar -xvzf snort-2.9.20.tar.gz cd snort-2.9.20
2、配置并编译Snort
./configure --enable-sourcefire make && make install
六、配置Snort
1、创建Snort用户和组
groupadd snort useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort
2、创建Snort目录
mkdir /etc/snort mkdir /etc/snort/rules mkdir /etc/snort/rules/iplists mkdir /etc/snort/preproc_rules mkdir /usr/local/lib/snort_dynamicrules mkdir /etc/snort
3、下载并解压Community规则
wget https://www.snort.org/rules/community -O ~/community.tar.gz tar -xvf ~/community.tar.gz -C ~/ sudo cp ~/community-rules/* /etc/snort/rules
4、编辑Snort配置文件
sudo vi /etc/snort/snort.conf
修改以下内容:
var RULE_PATH /etc/snort/rules var SO_RULE_PATH /etc/snort/so_rules var PREPROC_RULE_PATH /etc/snort/preproc_rules var WHITE_LIST_PATH /etc/snort/rules var BLACK_LIST_PATH /etc/snort/rules config logdir: /var/log/snort output unified2: filename snort.log, limit 128
5、测试Snort配置
snort -T -i ens32 -c /etc/snort/snort.conf
七、启动服务与防火墙配置
1、启动Apache服务
sudo systemctl start nginx sudo systemctl status nginx //检测是否在运行 sudo apt-get install apache2 sudo systemctl start apache2
2、启动防火墙并开放端口
sudo systemctl start firewalld //启动防火墙 sudo systemctl enable firewalld //开机自动启动 firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload
3、查看80端口状态
apt-get install lsof lsof -i:80
八、安装MySQL和PHP服务
1、下载并安装MySQL
wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm rpm -ivh mysql-community-release-el7-5.noarch.rpm sudo systemctl enable mysqld.service mysql_secure_installation
2、安装PHP
apt install -y php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap
九、FAQs问答环节
Q1: Snort安装过程中遇到缺少rpc.h文件的错误怎么办?
A1: 如果遇到缺少rpc.h文件的错误,可以将/usr/include/tirpc/rpc/
文件复制到/usr/include/rpc/
目录下,具体操作如下:
sudo cp /usr/include/tirpc/rpc/* /usr/include/rpc/
确保所有文件都正确复制过去,并且包含另外两个文件需要复制到include目录下,然后重新执行./configure
命令。
Q2: Snort启动后如何确认其正常运行?
A2: Snort启动后,可以通过以下命令确认其是否正常工作:
snort -T -i ens32 -c /etc/snort/snort.conf
如果输出显示“Snort successfully validated configuration!”,则表示Snort配置正确且正常运行。
以上内容就是解答有关“linux snort安装”的详细内容了,我相信这篇文章可以为您解决一些疑惑,有任何问题欢迎留言反馈,谢谢阅读。