2011年7月23日 星期六

[研究] N-Stalker Free Edition 2012 網站漏洞掃描軟體使用教學


[研究] N-Stalker Free Edition 2012 網站漏洞掃描軟體使用教學

下載網址
http://nstalker.com/products/free/download-free-edition
填寫資料,下載連結會寄到電子郵件信箱中
下載得到 NStalker-WebSecurityScanner-Free2012-b105.exe

版本功能差異比較

http://www.nstalker.com/products/compare-editions/security-checks/

使用方法如下:











參考

[研究] N-Stalker Free Edition 2009 網站漏洞掃描軟體使用教學
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20278

(完)

2011年7月18日 星期一

[研究] 架設 CentOS 6.0 Yum Server


[研究] 架設 CentOS 6.0 Yum Server 

如果你的 CentOS 6.0 有很多台,可能想自己架設 Yum Server,而不是連上預設的 Yum Server,或連上國內某大學 Yum Server。

以下是以 CentOS 6.0 x86 架設 CentOS 6.0 Yum Server 方法:
(你也可以拿 Fedora 15 或其他 Linux 架設給 CentOS 6.0 Yum Server,方法不保證 100% 相同)

安裝所需套件和建立相關目錄:
代碼:
yum  -y  install  yum-arch  createrepo wget

mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/os/i386
mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/updates/i386
mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/extras/i386
mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/centosplus/i386
mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/contrib/i386

mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/os/x86_64
mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/updates/x86_64
mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/extras/x86_64
mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/centosplus/x86_64
mkdir -p  /var/www/html/pub/Linux/CentOS/6.0/contrib/x86_64

ln -s /var/www/html/pub/Linux/CentOS/6.0  /var/www/html/pub/Linux/CentOS/6


建立 yum_cent60.sh 檔案,此處是去抓義守大學 (ISU) 的 Yum Server 內容:
(你可以改成其他大學,路徑要再確認一下)
代碼:

#---------------------------
# yum_cent60.sh
#---------------------------

cd  /var/www/html/pub/Linux/CentOS/6.0/os/i386
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/os/i386
createrepo /var/www/html/pub/Linux/CentOS/6.0/os/i386

cd  /var/www/html/pub/Linux/CentOS/6.0/updates/i386
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/updates/i386
createrepo /var/www/html/pub/Linux/CentOS/6.0/updates/i386

cd  /var/www/html/pub/Linux/CentOS/6.0/extras/i386
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/extras/i386
createrepo /var/www/html/pub/Linux/CentOS/6.0/extras/i386

cd  /var/www/html/pub/Linux/CentOS/6.0/centosplus/i386
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/centosplus/i386
createrepo /var/www/html/pub/Linux/CentOS/6.0/centosplus/i386

cd  /var/www/html/pub/Linux/CentOS/6.0/contrib/i386
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/contrib/i386
createrepo /var/www/html/pub/Linux/CentOS/6.0/contrib/i386

#---------------------

cd  /var/www/html/pub/Linux/CentOS/6.0/os/x86_64
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/os/x86_64
createrepo /var/www/html/pub/Linux/CentOS/6.0/os/x86_64

cd  /var/www/html/pub/Linux/CentOS/6.0/updates/x86_64
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/updates/x86_64
createrepo /var/www/html/pub/Linux/CentOS/6.0/updates/x86_64

cd  /var/www/html/pub/Linux/CentOS/6.0/extras/x86_64
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/extras/x86_64
createrepo /var/www/html/pub/Linux/CentOS/6.0/extras/x86_64

cd  /var/www/html/pub/Linux/CentOS/6.0/centosplus/x86_64
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/centosplus/x86_64
createrepo /var/www/html/pub/Linux/CentOS/6.0/centosplus/x86_64

cd  /var/www/html/pub/Linux/CentOS/6.0/contrib/x86_64
wget --passive-ftp -m -nH -nd ftp://ftp.isu.edu.tw/pub/Linux/CentOS/6.0/contrib/x86_64
createrepo /var/www/html/pub/Linux/CentOS/6.0/contrib/x86_64


設定為可執行:
代碼:
chmod  +x  /root/yum_cent60.sh


執行 vi /etc/crontab 設定排程,此處設定每天 PM 6:00 (18:00) 執行 /root/yum_cent60.sh
代碼:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed
00 18 * * * /root/yum_cent60.sh

(完)

Client 的設定

當你有 CentOS 6.0 需要使用此台 CentOS 6.0 Yum Server 時,Client 請做下面修改
(假設該台 Yum Server IP 為 10.3.0.60)

/etc/yum.repos.d/CentOS-Base.repo 用下面的取代

代碼:
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://10.3.0.60/pub/Linux/CentOS/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://10.3.0.60/pub/Linux/CentOS/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://10.3.0.60/pub/Linux/CentOS/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://10.3.0.60/pub/Linux/CentOS/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
baseurl=http://10.3.0.60/pub/Linux/CentOS/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6


相關文章

[研究] Fedora 15 x86 yum server 指定義守大學方法
viewtopic.php?f=16&t=20256

[研究] CentOS 6.0 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?f=16&t=20206

[研究] Fedora 14 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?f=16&t=19591

[研究] CentOS 5.5 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?f=16&t=19592

(完)

[研究] CentOS 6.0 yum server 指定義守大學方法

[研究] CentOS 6.0 Yum Server 指定義守大學方法

/etc/yum.repos.d/CentOS-Base.repo 用下面的取代

代碼:
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://ftp.isu.edu.tw/pub/Linux/CentOS/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://ftp.isu.edu.tw/pub/Linux/CentOS/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://ftp.isu.edu.tw/pub/Linux/CentOS/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://ftp.isu.edu.tw/pub/Linux/CentOS/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
baseurl=http://ftp.isu.edu.tw/pub/Linux/CentOS/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6


相關文章

[研究] CentOS 6.0 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?f=16&t=20206

[研究] Fedora 14 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?f=16&t=19591

[研究] CentOS 5.5 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?f=16&t=19592

(完)

[研究] Fedora 15 x86 yum server 指定義守大學方法


[研究] Fedora 15 x86 yum server 指定義守大學方法

/etc/yum.respo.d 中的4個檔案用下面的取代

fedora.repo
代碼:
[fedora]
name=Fedora $releasever - $basearch
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
baseurl=http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/releases/$releasever/Everything/$basearch/os/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
enabled=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[fedora-source]
name=Fedora $releasever - Source
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/
baseurl=http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/releases/$releasever/Everything/$basearch/debug/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch


fedora-updates.repo
代碼:
[updates]
name=Fedora $releasever - $basearch - Updates
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/
baseurl=http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/updates/$releasever/$basearch/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[updates-debuginfo]
name=Fedora $releasever - $basearch - Updates - Debug
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[updates-source]
name=Fedora $releasever - Updates Source
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch


fedora-updates-testing.repo
代碼:
[updates-testing]
name=Fedora $releasever - $basearch - Test Updates
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
baseurl=http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/updates/testing/$releasever/$basearch/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[updates-testing-debuginfo]
name=Fedora $releasever - $basearch - Test Updates Debug
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[updates-testing-source]
name=Fedora $releasever - Test Updates Source
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch



fedora-rawhide.repo
代碼:
# These packages are untested and still under development. This
# repository is used for development of new releases.
#
# This repository can see significant daily turnover and major
# functionality changes which cause unexpected problems with other
# development packages. Please use these packages if you want to work
# with the Fedora developers by testing these new development packages.
#
# # https://admin.fedoraproject.org/mailman/listinfo/test (Subscription
# Required) is available as a discussion forum for
# testing and troubleshooting for development packages in conjunction
# with new test releases.
#
# More information is available at http://fedoraproject.org/wiki/Testing
#
# Reproducible and reportable issues should be filed at
# http://bugzilla.redhat.com/.
#
# Product: Fedora
# Version: rawhide

[rawhide]
name=Fedora - Rawhide - Developmental packages for the next Fedora release
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/development/$basearch/os/
baseurl=http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/development/$basearch/os/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=$basearch
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[rawhide-debuginfo]
name=Fedora - Rawhide - Debug
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/development/$basearch/debug/
baseurl=http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/development/$basearch/debug/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide-debug&arch=$basearch
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[rawhide-source]
name=Fedora - Rawhide - Source
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/development/source/SRPMS/
baseurl=http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/development/source/SRPMS/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide-source&arch=$basearch
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch


相關文章

[研究] Fedora 15 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20243
http://shaurong.blogspot.com/2011/07/fedora-15-x86-yum-server.html

[研究] Fedora 14 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?t=19591

[研究] CentOS 6.0 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20206
http://shaurong.blogspot.com/2011/07/centos-60-yum-server.html

[研究] CentOS 5.5 yum server 指定義守大學方法
http://forum.icst.org.tw/phpbb/viewtopic.php?t=19592

(完)

2011年7月17日 星期日

[研究]phpSysInfo 3.0.11安裝(CentOS 6.0 x86)

[研究]phpSysInfo 3.0.11安裝(CentOS 6.0 x86)

phpSysInfo 是以網頁方式查詢主機系統資訊的系統

3.0.11 要求 PHP 至少 5.2 版 (CentOS 5.x yum 預設提供的 PHP < 5.2 版)

phpSysInfo 官方網站:
http://phpsysinfo.sourceforge.net/

代碼:
yum  -y install httpd php php-mbstring php-xml  wget
wget  http://sourceforge.net/projects/phpsysinfo/files/phpsysinfo/3.0.11/phpsysinfo-3.0.11.tar.gz/download

tar  zxvf  phpsysinfo-3.0.11.tar.gz  -C  /var/www/html/
cp  /var/www/html/phpsysinfo/config.php.new  /var/www/html/phpsysinfo/config.php
sed -i -e "s@define('PSI_DEFAULT_LANG', 'en');@define('PSI_DEFAULT_LANG', 'tw');@"  /var/www/html/phpsysinfo/config.php
grep PSI_DEFAULT_LANG /var/www/html/phpsysinfo/config.php
service httpd restart
service iptables stop
firefox http://localhost/phpsysinfo &


相關研究

[研究]phpSysInfo 3.0.11安裝(Fedora 15 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20250

[研究]phpSysInfo 3.0.11安裝(CentOS 6.0 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20228

[研究]phpSysInfo 3.0.7安裝(Fedora 14 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=19189

[研究]phpSysInfo系統資訊查詢系統-安裝法(Fedora 7)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=14976

[研究] phpsysinfo 2.5.4 主機系統資訊 安裝 (CentOS 5.4 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=18002

(完)

2011年7月15日 星期五

[研究] Snort 2.9.0.5 安裝(Fedora 15 x86)

[研究] Snort 2.9.0.5 安裝(Fedora 15 x86)

參考
http://www.snort.org/snort-downloads/rhel5

下載(請先手動下載)
http://www.snort.org/snort-downloads?

snort-2.9.0.5.tar.gz
http://www.snort.org/downloads/867

daq-0.5-1.i386.rpm
http://www.snort.org/downloads/856

snortrules-snapshot-2905.tar.gz
點選 http://www.snort.org/snort-rules/?#rules 右上角 Sign In
登入後,點選 Registered User Release 區域的 snortrules-snapshot-2905.tar.gz 下載

安裝步驟

代碼:
yum -y install gcc gcc-c++ kernel-devel patch make vim sshd libxml2 libxml2-devel pcre pcre-devel php php-common php-gd php-cli php-mysql flex bison php-pear-Numbers-Roman php-pear-Numbers-Words php-pear-Image-Color php-pear-Image-Canvas php-pear-Image-Graph libpcap libpcap-devel mysql mysql-devel mysql-bench mysql-server dnet dnet-devel libnet libnet-devel libdnet libdnet-devel zlib zlib-devel

rpm -ivh  daq-0.5-1.i386.rpm

tar zxvf snort-2.9.0.5.tar.gz
cd snort-2.9.0.5
./configure  --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3

make
make install
cd ..

mkdir /etc/snort
mkdir /var/log/snort
tar zxvf snortrules-snapshot-2905.tar.gz -C /etc/snort

cp /etc/snort/etc/* /etc/snort
groupadd snort
useradd -g snort snort
chown snort:snort /var/log/snort
touch /var/log/snort/alert
chown snort:snort /var/log/snort/alert
chmod 600 /var/log/snort/alert
mkdir /usr/local/lib/snort_dynamicrules
# no FC-15
cp /etc/snort/so_rules/precompiled/FC-14/i386/2.9.0.5/*.so /usr/local/lib/snort_dynamicrules
cat /etc/snort/so_rules/*.rules >> /etc/snort/rules/so-rules.rules

sed -i -e "s@var RULE_PATH ../rules@#var RULE_PATH ../rules@"  /etc/snort/snort.conf
sed -i -e '/var RULE_PATH ..\/rules/a var RULE_PATH \/etc\/snort\/rules'  /etc/snort/snort.conf

sed -i -e "s@var SO_RULE_PATH ../so_rules@#var SO_RULE_PATH ../so_rules@"  /etc/snort/snort.conf
sed -i -e '/var SO_RULE_PATH ..\/so_rules/a var SO_RULE_PATH \/etc\/snort\/so_rules'  /etc/snort/snort.conf

sed -i -e "s@var PREPROC_RULE_PATH ../preproc_rules@#var PREPROC_RULE_PATH ../preproc_rules@"  /etc/snort/snort.conf
sed -i -e '/var PREPROC_RULE_PATH ..\/preproc_rules/a var PREPROC_RULE_PATH \/etc\/snort\/preproc_rules'  /etc/snort/snort.conf

snort -T -c /etc/snort/snort.conf


執行測試結果
代碼:
[root@localhost ~]# snort -T -c /etc/snort/snort.conf
        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.0.5 IPv6 GRE (Build 135)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2011 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 8.12 2011-01-15
           Using ZLIB version: 1.2.5

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.13  <Build 18>
           Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_DNS (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_SSH (IPV6)  Version 1.1  <Build 3>
           Preprocessor Object: SF_DCERPC2 (IPV6)  Version 1.0  <Build 3>
           Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2  <Build 13>
           Preprocessor Object: SF_SDF (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_SMTP (IPV6)  Version 1.1  <Build 9>

Snort successfully validated the configuration!
Snort exiting
[root@localhost ~]#


[研究] Snort 2.9.0.5 安裝(Fedora 15 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20240

[研究] Snort 2.9.0.3 (tar.gz)安裝(Fedora 14 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=19216

[研究] Snort 2.8.5.2.tar.gz+MySQL+BASE快速安裝程式(CentOS 5.4)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=17658

[研究]Snort 2.8.5.2.tar.gz+MySQL+BASE快速安裝程式(Fedora 12 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=17672

[教學] [研究] Snort 2.8.1快速安裝程式精簡版(Fedora 8 ) 
http://forum.icst.org.tw/phpbb/viewtopic.php?t=15042

(完)