c 网站开发流程图设计配色推荐的网站
张小明 2026/3/2 21:43:20
c 网站开发流程图,设计配色推荐的网站,ps软件网站有哪些功能,网站网页策略一、安装准备#xff1a;环境依赖安装
在 CentOS7 系统中搭建 Snort#xff0c;需先安装必备依赖库与拓展包#xff0c;确保后续安装顺利进行。 复现平台 天枢一体化虚拟仿真平台 操作系统 CentOS7 1.1 基础依赖库安装
执行以下命令安装核心依赖#xff1a; sudo yum…一、安装准备环境依赖安装在 CentOS7 系统中搭建 Snort需先安装必备依赖库与拓展包确保后续安装顺利进行。复现平台天枢一体化虚拟仿真平台操作系统CentOS71.1基础依赖库安装执行以下命令安装核心依赖sudo yum install -y gcc flex bison zlib libpcap pcre libdnet tcpdump1.2libnghttp2 依赖安装最新版 Snort 需依赖 libnghttp2通过 EPEL 源安装sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmsudo yum install -y libnghttp21.3源代码安装额外依赖仅源码安装方式需执行若选择从源代码安装 Snort需补充安装开发包sudo yum install -y zlib-devel libpcap-devel pcre-devel libdnet-devel openssl-devel libnghttp2-devel luajit-devel二、Snort 安装两种安装方式2.1通过 yum 安装推荐简化流程直接使用 yum 命令快速安装sudo yum install -y snort2.2通过源代码安装自定义配置更灵活2.2.1. 准备下载目录mkdir ~/snort_src cd ~/snort_src2.2.2. 安装 DAQ数据采集库下载 DAQ 源代码包可替换版本号为最新版wget https://www.snort.org/downloads/snort/daq-2.0.7.tar.gz解压并进入目录tar -xvzf daq-2.0.7.tar.gzcd daq-2.0.7编译安装./configure make sudo make install返回下载目录cd ~/snort_src2.3安装 Snort下载 Snort 源代码可替换版本号为最新版wget https://www.snort.org/downloads/archive/snort/snort-2.9.16.1.tar.gz解压并进入目录tar -zxvf snort-2.9.16.1.tar.gzcd snort-2.9.16.1编译安装启用 sourcefire./configure --enable-sourcefire make sudo make install三、Snort 配置NIDS 模式部署3.1基础环境配置3.1.1. 更新共享库与创建符号链接sudo ldconfigsudo ln -s /usr/local/bin/snort /usr/sbin/snort3.1.2创建专用用户与用户组sudo groupadd snortsudo useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort3.1.3建立目录结构与设置权限# 创建目录sudo mkdir -p /etc/snort/rulessudo mkdir /var/log/snortsudo mkdir /usr/local/lib/snort_dynamicrules# 设置权限sudo chmod -R 5775 /etc/snortsudo chmod -R 5775 /var/log/snortsudo chmod -R 5775 /usr/local/lib/snort_dynamicrulessudo chown -R snort:snort /etc/snortsudo chown -R snort:snort /var/log/snortsudo chown -R snort:snort /usr/local/lib/snort_dynamicrules3.1.4. 创建规则相关文件sudo touch /etc/snort/rules/white_list.rulessudo touch /etc/snort/rules/black_list.rulessudo touch /etc/snort/rules/local.rules3.1.5. 复制配置文件仅源码安装需执行sudo cp ~/snort_src/snort-2.9.16.1/etc/*.conf* /etc/snortsudo cp ~/snort_src/snort-2.9.16.1/etc/*.map /etc/snort3.2检测规则下载与配置Snort 提供三种规则集社区规则免费、注册规则需注册获取 Oink 代码、订阅规则付费订阅。3.2.1 社区规则快速测试用下载并解压wget https://www.snort.org/rules/community -O ~/community.tar.gzsudo tar -xvf ~/community.tar.gz -C ~/sudo cp ~/community-rules/* /etc/snort/rules注释不必要的规则引用sudo sed -i s/include \$RULE\_PATH/#include \$RULE\_PATH/ /etc/snort/snort.conf3.2.2. 注册用户规则需注册获取 Oink 代码替换 Oink 代码并下载wget https://www.snort.org/rules/snortrules-snapshot-29120.tar.gz?oinkcode你的Oink代码 -O ~/registered.tar.gz解压到配置目录sudo tar -xvf ~/registered.tar.gz -C /etc/snort3.3核心配置文件修改snort.conf编辑配置文件sudo vim /etc/snort/snort.conf3.3.1配置网络地址# 保护的内部网络替换为实际IP段ipvar HOME_NET 172.16.10.4/24# 外部网络默认即可ipvar EXTERNAL_NET !$HOME_NET3.3.2配置规则文件路径var RULE_PATH /etc/snort/rulesvar SO_RULE_PATH /etc/snort/so_rulesvar PREPROC_RULE_PATH /etc/snort/preproc_rulesvar WHITE_LIST_PATH /etc/snort/rulesvar BLACK_LIST_PATH /etc/snort/rules3.3.3配置日志输出output unified2: filename snort.log, limit 1283.3.4 启用规则集# 启用本地规则include $RULE_PATH/local.rules# 若使用社区规则添加以下行include $RULE_PATH/community.rules四、功能验证测试 Snort 运行4.1配置有效性测试执行以下命令验证配置是否正确sudo snort -T -c /etc/snort/snort.conf成功提示Snort successfully validated the configuration!若报错需根据提示修复常见问题缺少文件 / 文件夹、规则引用错误。4.2警报功能测试4.2.1 添加测试规则编辑本地规则文件sudo vi /etc/snort/rules/local.rules添加 ICMP 测试规则alert icmp any any - $HOME_NET any (msg:ICMP test; sid:10000001; rev:001;)规则说明alert触发时产生警报icmp协议类型any any源地址 / 端口所有$HOME_NET any目标地址 / 端口保护网络 所有端口sid唯一规则 ID本地规则需≥1000001rev规则版本4.2.2 启动 Snort 并监听# ens33为网卡名称可通过ip addr或ifconfig查询sudo snort -A console -i ens33 -u snort -g snort -c /etc/snort/snort.conf4.2.3测试效果从其他计算机 ping 目标服务器终端会输出 ICMP 警报按CtrlC停止监听。4.2.4 查看日志snort -r /var/log/snort/snort.log.时间戳按TAB补全4.3后台服务运行4.3.1 下载启动脚本源码安装需执行wget https://www.snort.org/documents/snort-startup-script-for-centos -O ~/snortdsudo chmod 755 ~/snortd sudo mv ~/snortd /etc/init.d/4.3.2 启动服务sudo systemctl daemon-reloadsudo systemctl start snortd4.3.3 服务管理命令# 停止服务sudo systemctl stop snortd# 重启服务sudo systemctl restart snortd# 查看状态sudo systemctl status snortd五、可视化 WEB 报警平台搭建5.1安装基础组件yum install -y mysql-server mysql-devel php-mysql php-pear php-gd libtool php-imap php-ldap php-mbstring php-odbc php-pear php-xml php-pecl-apc# 设置MySQL开机自启并启动chkconfig --level 235 mysqld onsystemctl start mysqld5.2 MySQL 数据库配置5.2.1设置 root 密码/usr/bin/mysqladmin -u root password 你的密码5.2.2创建 Snort 数据库与用户mysql -u root -p# 输入密码后执行以下SQL命令mysql create database snort;mysql use snort;mysql create user snortlocalhost IDENTIFIED BY ******;#在以上命令中“******”是MySQL中⽤户Snort的密码。#接着创建名为snort、密码为“123456”的数据库⽤户并赋予名为“snort”的数据库权限mysql grant create,select,update,insert,delete on snort.* to snortlocalhost identified by ******;mysql set password for snortlocalhostpassword(******); //为⽤户snort设置访问密码mysql source ~/barnyard2-2-1.13/schemas/create_mysql; //该命令不可重复输⼊⼀定要执⾏此命令mysql show tablesmysql use snort;------------------| Tables_in_snort |------------------| data || detail || encoding || event || icmphdr || iphdr || opt |Snort⼊侵检测系统搭建Centos712| reference || reference_system || schema || sensor || sig_class || sig_reference || signature || tcphdr || udphdr |------------------16 rows in set (0.00 sec)mysql flush privileges; //刷新数据库权限mysql exit5.3Barnyard2 安装配置日志转存数据库5.3.1 下载并解压 Barnyard2wget https://github.com/firnsy/barnyard2/archive/v2-1.13.zipunzip v2-1.13.zipcd ~/barnyard2-2-1.13/5.3.2 编译安装./configure --with-mysql --with-mysql-libraries/usr/lib64/mysqlmakemake install5.3.3 配置 Barnyard2# 复制配置文件sudo cp ~/barnyard2-2-1.13/etc/barnyard2.conf /etc/snort/# 创建日志目录与状态文件sudo mkdir /var/log/barnyard2sudo chown snort.snort /var/log/barnyard2sudo touch /var/log/snort/barnyard2.waldosudo chown snort.snort /var/log/snort/barnyard2.waldo# 编辑配置文件sudo vim /etc/snort/barnyard2.conf修改配置文件关键参数config logdir:/var/log/barnyard2config hostname: localhostconfig interface: ens33 # 替换为实际网卡config waldo_file:/var/log/snort/barnyard2.waldo# 末尾添加数据库配置output database: log, mysql, usersnort password你的密码 dbnamesnort hostlocalhost sensor namesensor015.3.4 启动 Barnyard2barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo -g snort -u snort5.4安装依赖插件yum install -y httpd mysql-server php php-mysql php-mbstring php-mcrypt mysql-devel php-gd mcrypt libmcrypt libmcrypt-devel php-pear# 安装PEAR插件单次失败可多次尝试pear channel-update pear.php.netpear install mail Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman mail_mime5.5安装 ADODBcd ~/snort_srcwget https://sourceforge.net/projects/adodb/files/adodb-php5-only/adodb-520-for-php5/adodb-5.20.18.ziptar -xvzf adodb-5.20.8.tar.gzsudo mv adodb5 /var/adodbsudo chmod -R 755 /var/adodb5.6安装 BASEWEB 管理平台# 下载并解压wget https://sourceforge.net/projects/secureideas/files/BASE/base-1.4.5/base-1.4.5.tar.gztar -zxvf base-1.4.5.tar.gzsudo mv base-1.4.5 /var/www/html/base/# 配置BASEcd /var/www/html/basesudo cp base_conf.php.dist base_conf.phpsudo vim /var/www/html/base/base_conf.php修改 BASE 配置$BASE_urlpath /base; # 第50行$DBlib_path /var/adodb/; # 第80行$alert_dbname snort; # 第102行$alert_host localhost;$alert_port ;$alert_user snort;$alert_password 你的密码; # 第106行与MySQL中snort用户密码一致设置文件权限sudo chown -R snort:snort /var/www/html/basesudo chmod o-r /var/www/html/base/base_conf.php5.7启动 WEB 服务# 启动mysql服务service mysqld start# 启动HTTP服务service httpd start# 关闭防火墙测试环境生产环境需配置防火墙规则systemctl stop firewalld.service# 查看防火墙状态firewall-cmd --state访问 WEB 平台浏览器输入http://服务器IP/base六、常见问题与解决方案6.1编译安装 DAQ 报错缺少 aclocal-1.15# 解决方案sudo yum install -y libtool# 若仍报错更新软件源后重试yum upgrade6.2启动 Snort 报错加载 libdnet.1 失败ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.16.3安装 MySQL 报错无 mysql-server 包# 步骤1下载MySQL repo源wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm# 步骤2安装repo包rpm -ivh mysql-community-release-el7-5.noarch.rpm# 步骤3安装MySQLyum install mysql-server6.4运行 Barnyard2 报错无法打开 sid-msg.mapsudo touch /etc/snort/sid-msg.map6.5Ping 测试无日志输出检查snort.conf中HOME_NET配置是否与服务器实际 IP 段一致cat /etc/snort/snort.conf | grep ipvar HOME_NET6.6监听网卡不匹配通过以下命令确认正确网卡名称ip addr修改snort.conf与barnyard2.conf中的网卡配置如 eth0、ens33。