1. mysql 설정
CREATE DATABASE snort;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON snort.* TO 'snort'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES;
2. snort 설치
apt-get -y install snort-mysql
3. 데이터베이스 설정
zcat /etc/snort/create_mysql.gz | mysql -u snort -p snort
vi /etc/snort/database.conf
| output database: log, mysql, user=[db username] password=[db password] dbname=[db name] host=localhost |
4. 설정파일 삭제
rm -rf /etc/snort/db-pending-config
5. snort 실행 테스트
/etc/snort/snort -c snort.conf
문제 미발생시 종료후 서비스 정상 구동
/etc/init.d/snort start
6. acidbase 설치
apt-get -y install acidbase
7. Apache 재시작
/etc/init.d/apache2 restart
8. acidbase 접속
http://localhost/acidbase
9. Rule 추가
vi /etc/snort/rules/local.rules 수정
10. snort 재실행
/etc/init.d/snort restart