Linux ha 群集资料整理 开源技术辅导 开源项目推荐 非原创整理 本站验证 vpnsocks5gameproxy 西安 Linux 沙龙 培训 业务QQ964891849

之前考虑过使用centos 自带的lamp 不过发现acid有问题，就选择源码编译；
首先是源码编译的过程 LAMP的，这个是第一步骤：

yum -y install ntp vim-enhanced gcc gcc-c++ flex bison autoconf automake bzip2-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel kernel

(1) GD2

cd /usr/local/src
wget http://www.libgd.org/releases/oldreleases/gd-2.0.34.tar.gz
tar xzvf gd-2.0.34.tar.gz
cd gd-2.0.34
./configure --prefix=/usr/local/gd2
make
make install
(2) LibXML2

cd /usr/local/src
wget http://www.imagemagick.org/download/delegates/libxml2-2.6.29.tar.gz
tar xzvf libxml2-2.6.29.tar.gz
cd libxml2-2.6.29
./configure --prefix=/usr/local/libxml2
make
make install
(3) LibMcrypt
 
cd /usr/local/src
wget http://ftp.devil-linux.org/pub/devel/sources/1.2/libmcrypt-2.5.8.tar.bz2
tar xjvf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8
./configure --prefix=/usr/local/libmcrypt
make
make install
(4) Apache 日志截断程序

cd /usr/local/src
wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
tar xzvf cronolog-1.6.2.tar.gz
cd cronolog-1.6.2
./configure --prefix=/usr/local/cronolog
make
make install

8．升级OpenSSL和OpenSSH
cd /usr/local/src
wget http://www.openssl.org/source/openssl-0.9.8e.tar.gz
wget http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz
tar xzvf openssl-0.9.8e.tar.gz
cd openssl-0.9.8e
./config --prefix=/usr/local/openssl
make
make test
make install
   
cd /usr/local/src
tar xzvf openssh-4.6p1.tar.gz
cd openssh-4.6p1
./configure  --prefix=/usr --with-pam --with-zlib --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make
make install

三、编译安装L.A.M.P环境
1. 下载软件
cd /usr/local/src
wget http://archive.apache.org/dist/httpd/httpd-2.2.4.tar.bz2
wget http://mirror.provenscaling.com/mysql/community/source/5.0/mysql-5.0.27.tar.gz
wget http://museum.php.net/php5/php-5.2.3.tar.bz2
wget http://files.directadmin.com/services/customapache/ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz
2. 编译安装MySQL
tar xzvf mysql-5.0.27.tar.gz
cd mysql-5.0.27
./configure  --prefix=/usr/local/mysql --localstatedir=/var/lib/mysql  --with-comment=Source   --with-server-suffix=-Comsenz --with-mysqld-user=mysql   --without-debug --with-big-tables --with-charset=utf8  --with-collation=utf8   --with-extra-charsets=all     --with-pthread  --enable-static  --enable-thread-safe-client --with-client-ldflags=-all-static --with-mysqld-ldflags=-all-static   --enable-assembler --without-isam   --without-innodb  --without-ndb-debug
./configure  --prefix=/usr/local/mysql --localstatedir=/var/lib/mysql  --with-comment=Source   --with-server-suffix=-Comsenz --with-mysqld-user=mysql   --without-debug --with-big-tables --with-charset=utf8     --with-extra-charsets=all     --with-pthread  --enable-static  --enable-thread-safe-client --with-client-ldflags=-all-static --with-mysqld-ldflags=-all-static   --enable-assembler --without-isam   --without-innodb  --without-ndb-debug
make
make install
useradd mysql
cd /usr/local/mysql
bin/mysql_install_db --user=mysql
chown -R root:mysql .
chown -R mysql /var/lib/mysql
cp share/mysql/my-huge.cnf /etc/my.cnf
cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
chkconfig --level 3 mysqld on
/etc/rc.d/init.d/mysqld start
bin/mysqladmin -u root password '1234'

3. 编译安装Apache
cd /usr/local/src
tar xjvf httpd-2.2.4.tar.bz2
cd httpd-2.2.4
./configure --prefix=/usr/local/apache2 --with-included-apr --enable-so --enable-deflate=shared --enable-expires=shared --enable-rewrite=shared --enable-static-support --disable-userdir
make
make install
echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local

4. 编译安装PHP
cd /usr/local/src
tar xjvf php-5.2.3.tar.bz2
cd php-5.2.3
./configure  --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-libxml-dir=/usr/local/libxml2 --with-gd=/usr/local/gd2 --with-jpeg-dir=/usr --with-png-dir=/usr --with-bz2 --with-freetype-dir --with-iconv-dir --with-zlib-dir  --with-openssl=/usr/local/openssl --with-mcrypt=/usr/local/libmcrypt --enable-soap --enable-gd-native-ttf --enable-memory-limit --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --disable-cgi --disable-cli

make
make install
mkdir -p /usr/local/php/etc
cp php.ini-dist /usr/local/php/etc/php.ini

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

测试通过之后开始第二个，就是重新编译snort，支持mysql的插件，将snort的log保存在mysql的snort表中；

设置mysql数据库

/etc/init.d/mysqld start 启动mysql

在mysql的client中执行一下的操作

create database snort;
create database snort_archive;
 mysql snort </usr/local/src/snort-2.8.4.1/schemas/create_mysql
 grant all privileges on *.* to test@'%' identified by '1234';
 flush privileges;

建立snort数据库和test账户

现在开始重新编译snort

进入源码目录执行./configure --with-mysql这个编译参数，之后就是make;make install安装；

然后将源码preproc_rules这个目录复制到/etc/snort中，之后将snortrules-snapshot-CURRENT.tar.gz这个现在的规则文件复制到/etc/snort中，然后解开；重新配置snort.conf文件

[root@rs1 snort-2.8.4.1]# cat /etc/snort.conf |grep -v ^$|grep -v ^#
var HOME_NET any
var EXTERNAL_NET any
var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET
portvar HTTP_PORTS 80
portvar SHELLCODE_PORTS !80
portvar ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/2          4,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
var RULE_PATH /etc/snort/rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
preprocessor frag3_global: max_frags 65536
preprocessor frag3_engine: policy first detect_anomalies
preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
                              track_udp no
preprocessor stream5_tcp: policy first, use_static_footprint_sizes
preprocessor http_inspect: global \
    iis_unicode_map /etc/snort/unicode.map 1252
preprocessor http_inspect_server: server default \
    profile all ports { 80 8080 8180 } oversize_dir_length 500
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor ftp_telnet: global \
   encrypted_traffic yes \
   inspection_type stateful
preprocessor ftp_telnet_protocol: telnet \
   normalize \
   ayt_attack_thresh 200
preprocessor ftp_telnet_protocol: ftp server default \
   def_max_param_len 100 \
   alt_max_param_len 200 { CWD } \
   cmd_validity MODE < char ASBCZ > \
   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
   telnet_cmds yes \
   data_chan
preprocessor ftp_telnet_protocol: ftp client default \
   max_resp_len 256 \
   bounce yes \
   telnet_cmds yes
preprocessor smtp: \
  ports { 25 587 691 } \
  inspection_type stateful \
  normalize cmds \
  normalize_cmds { EXPN VRFY RCPT } \
  alt_max_command_line_len 260 { MAIL } \
  alt_max_command_line_len 300 { RCPT } \
  alt_max_command_line_len 500 { HELP HELO ETRN } \
  alt_max_command_line_len 255 { EXPN VRFY }
preprocessor sfportscan: proto  { all } \
                         memcap { 10000000 } \
                         sense_level { low }
preprocessor dcerpc2
preprocessor dcerpc2_server: default
preprocessor dns: \
    ports { 53 } \
    enable_rdata_overflow
preprocessor ssl: noinspect_encrypted, trustservers
output database: log, mysql, user=test password=1234 dbname=snort host=192.168.1.167
include /etc/snort/classification.config
include /etc/snort/reference.config
include $RULE_PATH/local.rules
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-php.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/oracle.rules
include $RULE_PATH/mysql.rules
include $RULE_PATH/snmp.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/pop2.rules
include $RULE_PATH/pop3.rules
include $RULE_PATH/nntp.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/experimental.rules
include $RULE_PATH/my.rules

到现在已经重新编译设置了snort，第三步就是下载acid和base，acid在这里下载

wget http://crypto.nknu.edu.tw/textbook1ed/update/CH13/SnortToolTAR/acid-0.9.6b23.tar.gz
wget http://crypto.nknu.edu.tw/textbook1ed/update/CH13/SnortToolTAR/adodb464.tgz
wget http://crypto.nknu.edu.tw/textbook1ed/update/CH13/SnortToolTAR/jpgraph-1.19.tar.gz

Base在SF上下载http://sourceforge.net/project/showfiles.php?group_id=103348

# cp a*.* /usr/local/apache/htdocs
# cp jpgraph-1.11.tar.gz /usr/local/apache/htdocs
 cp a*.* /var/www/html/
cp jpgraph-1.19.tar.gz /var/www/html/
# tar zxvf adodb330.tgz
# tar zxvf jpgraph-1.11.tar.gz
# mv jpgraph-1.11 jpgraph
# tar zxvf acid-0.9.6b23.tar.gz
# cd acid
# vi acid_conf.php
#行12 把“$DBlib_path = "";”  改成“$DBlib_path = "/usr/local/apache2/htdocs/adodb"”
# $alert_dbname   = "snort_log";  //改成snort
  $alert_host     = "localhost";
  $alert_port     = "";
  $alert_user     = "root";
  $alert_password = "mypassword"; //改成你的数据库密码
  /* Archive DB connection parameters */
  $archive_dbname   = "snort_archive";  //改成snort
  $archive_host     = "localhost";
  $archive_port     = "";
  $archive_user     = "root";
  $archive_password = "mypassword";”  //改成你的数据库密码
#行68 把“$ChartLib_path = "";”  改成“$ChartLib_path = "/usr/local/apache/htdocs2/jpgraph/src";”
# 修改完毕后，保存退出。

将base也放置到/usr/local/apache/htdocs2中，

cd /usr/local/src
wget http://downloads.sourceforge.net/secureideas/base-1.4.3.1.tar.gz
cp base-1.4.3.1.tar.gz  /usr/local/apache2/htdocs/
cd /usr/local/apache2/htdocs/

然后启动apache 进行acid和base的配置

base新版本会出现

Warning: include_once(Mail.php) [function.include-once]: failed to open stream: No such file or directory in /usr/local/apache2/htdocs/base/includes/base_action.inc.php on line 29
Warning: include_once() [function.include]: Failed opening 'Mail.php' for inclusion (include_path='.:') in /usr/local/apache2/htdocs/base/includes/base_action.inc.php on line 29
Warning: include_once(Mail/mime.php) [function.include-once]: failed to open stream: No such file or directory in /usr/local/apache2/htdocs/base/includes/base_action.inc.php on line 30
Warning: include_once() [function.include]: Failed opening 'Mail/mime.php' for inclusion (include_path='.:') in /usr/local/apache2/htdocs/base/includes/base_action.inc.php on line 30
在putty中执行
pear install Mail
pear upgrade PEAR
pear install Mail_Mime

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/apache2/htdocs/base/languages/simplified_chinese.lang.php:738) in /usr/local/apache2/htdocs/base/base_common.php on line 1077
这个问题，建议注释掉