搭建基於Suricata+Barnyard2+Base的IDS前端Snorby

wyzsk發表於2020-08-19
作者: rootsecurity · 2013/10/02 23:46

0x00


關於CentOS+Base+Barnyard2+Suricata就不多說了,這裡有文章已經寫的很詳細了。

請參考:/tips/?id=413

0x01


這裡安裝CentOS6系統同樣是使用最小化安裝,[email protected] @Development Tools @Development Library

系統安裝完畢後,初始化安裝軟體包

[[email protected] ~]#yum -y install libyaml libyaml-devel gcc gcc-c++ make file file-devel git libxslt-devel curl curl-devel ImageMagic ImageMagic-devel 
[[email protected] ~]#yum -y install mysql mysql-libs mysql-server mysql-devel 
[[email protected] ~]#/usr/bin/mysql_secure_installation 
[[email protected] ~]#yum -y install httpd httpd-devel apr-utils php php-common php-cli php-pear php-curl php-mcrypt php-pecl php-devel  php-mysql 
[[email protected] ~]#ln -sf /usr/lib64/mysql /usr/lib/mysql 
[[email protected] ~]#sed -i 's/Options Indexes FollowSymLinks/Options FollowSymLinks/g' /etc/httpd/conf/httpd.conf 
[[email protected] ~]#sed -i 's/ServerTokens OS/ServerTokens Prod/g' /etc/httpd/conf/httpd.conf 
[[email protected] ~]#sed -i 's/ServerAdmin [email protected]/ServerAdmin [email protected]/g' /etc/httpd/conf/httpd.conf 
[[email protected] ~]#/etc/init.d/httpd restart 

0x02


安裝Ruby:

[[email protected] opt]#wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p327.tar.gz 
[[email protected] opt]#tar zxvf ruby-1.9.3-p227/ 
[[email protected] ruby-1.9.3-p227]#./configure 
[[email protected] ruby-1.9.3-p227]#make && make install 
[[email protected] ruby-1.9.3-p227]#cd ../ 

安裝openssl extensions

[[email protected] ~]#cd /opt/ 
[[email protected] opt]#cd ruby-1.9.3-p227/ext/openssl 
[[email protected] openssl]#ruby extconf.rb 
[[email protected] openssl]#make && make install 
[[email protected] openssl]#cd ../../../ 

0x03


安裝rubygems

[[email protected] ~]#cd /opt 
[[email protected] opt]#tar zxvf rubygems-1.8.24.tar.gz 
[[email protected] opt]#cd rubygems-1.8.24/ 
[[email protected] opt]#ruby setup.rb 

更改gem源

[[email protected] ~]#gem sources -l 
[[email protected] ~]#gem sources -r https://rubygems.org/ 
[[email protected] ~]#gem sources –a http://ruby.taobao.org/ 
[[email protected] ~]#gem sources -u 

安裝gems包

[[email protected] ~]#gem install bundle 
[[email protected] ~]#gem install thor i18n bundler tzinfo builder memcache-client rack rack-test erubis mail rack-mount rails --no-rdoc --no-ri 
[[email protected] ~]#gem install tzinfo-data 
[[email protected] ~]#gem install rake --version=0.9.2 --no-rdoc --no-ri 
[[email protected] ~]#gem uninstall rake --version=0.9.2.2 

0x04


安裝wkhtmltopdf

[[email protected] ~]#cd /opt 
[[email protected] ~]#wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.9.9-static-amd64.tar.bz2 
[[email protected] ~]#tar jxvf wkhtmltopdf-0.9.9-static-amd64.tar.bz2 
[[email protected] ~]#cp wkhtmltopdf-amd64 /usr/local/bin/wkhtmltopdf 
[[email protected] ~]#chown root.root /usr/local/bin/wkhtmltopdf

0x05


安裝配置snorby:

[[email protected] ~]#cd /var/www/html 
[[email protected] html]#git clone http://github.com/Snorby/snorby.git 
[[email protected] html]#cd /var/www/html/snorby/config/ 
[[email protected] config]#cp database.yml.example database.yml 
[[email protected] config]#cp snorby_config.yml.example snorby_config.yml 
[[email protected] config]#chown -R apache.apache /var/www/html/snorby/ 

修改database.yml,在“Enter Password Here”這裡填入MySQL資料庫的密碼

修改snorby_config.yml,把time_zone前面的註釋去掉,並把UTC改為Asia/Chongqing

[[email protected] config]#cd ../ 
[[email protected] snorby]#bundle exec rake snorby:setup 
[[email protected] snorby]#bundle exec rails server -e production & 

此處開啟http://0.0.0.0:3000埠的監聽(此步驟需翻牆)

[[email protected] snorby]#ruby script/delayed_job start RAILS_ENV=production 

此處開啟snorby的程式

0x06


關於Apache+mod_passenger

關於mod_passenger的配置:

為了方便訪問,每次都手動輸入3000埠顯得非常麻煩,把ruby跟apache結合起來需要mod_passenger,安裝過程如下:

1、 使用gem安裝passenger

[[email protected] ~]#gem install --no-ri --no-rdoc passenger 

2、 安裝apache模組

[[email protected] ~]#/usr/local/bin/passenger-install-apache2-module –a 

3、 配置apache

[[email protected] ~]#cd /etc/httpd/conf.d/ 

4、 新建一個snorby.conf

LoadModule
passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-4.0.14/buildout/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-4.0.14
PassengerDefaultRuby /usr/local/bin/ruby

<VirtualHost *:80> 
ServerName snorby.domain.com # !!! Be sure to point DocumentRoot to 'public'! 
DocumentRoot /var/www/html/snorby/public 
<Directory /var/www/html/snorby/public> # This relaxes Apache security settings. 
AllowOverride all # MultiViews must be turned off. Options -MultiViews 
</Directory>
</VirtualHost>

5、 重啟apache

6、 介面

2013092911345386384.png

2013092911360595705.png

本文章來源於烏雲知識庫,此映象為了方便大家學習研究,文章版權歸烏雲知識庫!

相關文章