| $ cd /tmp $ wget http://www.snort.org/dl/binaries/linux/snort-postgresql-2.3.3-0.fdr.1.i386.rpm --19:12:27-- http://www.snort.org/dl/binaries/linux/snort-postgresql-2.3.3-0.fdr.1.i386.rpm => `snort-postgresql-2.3.3-0.fdr.1.i386.rpm' www.snort.org をDNSに問いあわせています... 199.107.65.177 www.snort.org[199.107.65.177]:80 に接続しています... 接続しました。 HTTP による接続要求を送信しました、応答を待っています... 200 OK 長さ: 192,134 [text/plain] 100%[============================>] 192,134 133.55K/s 19:12:29 (133.17 KB/s) - `snort-postgresql-2.3.3-0.fdr.1.i386.rpm' saved [192,134/192,134] # rpm -ivh snort-postgresql-2.3.3-0.fdr.1.i386.rpm Preparing... ########################################### [100%] 1:snort-postgresql ########################################### [100%] |
| # sudo -u postgres createuser snort ※rootで実行 Shall the new user be allowed to create databases? (y/n) y Shall the new user be allowed to create more new users? (y/n) n CREATE USER # sudo -u snort createdb snort ※root で実行 CREATE DATABASE |
| # cp -p
/var/lib/pgsql/.bash_profile /var/log/snort/ # chown snort:snort /var/log/snort/.bash_profile |
| $ cd /tmp $ wget http://www.snort.org/dl/current/snort-2.3.3.tar.gz --16:08:07-- http://www.snort.org/dl/current/snort-2.3.3.tar.gz => `snort-2.3.3.tar.gz' www.snort.org をDNSに問いあわせています... 199.107.65.177 www.snort.org[199.107.65.177]:80 に接続しています... 接続しました。 HTTP による接続要求を送信しました、応答を待っています... 200 OK 長さ: 2,631,270 [application/x-gzip] 100%[===============================================================================>] 2,631,270 349.64K/s ETA 00:00 16:08:15 (307.12 KB/s) - `snort-2.3.3.tar.gz' saved [2,631,270/2,631,270] $ tar zxvf snort-2.3.3.tar.gz $ cd snort-2.3.3/schemas $ ls Makefile.am Makefile.in create_mssql create_mysql create_oracle.sql create_postgresql $ su # sudo -u snort psql -f create_postgresql psql:create_postgresql:25: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "schema_pkey" for table "schema" CREATE TABLE INSERT 58580 1 psql:create_postgresql:34: NOTICE: CREATE TABLE will create implicit sequence "signature_sig_id_seq" for "serial" column "signature.sig_id" psql:create_postgresql:34: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "signature_pkey" for table "signature" CREATE TABLE CREATE INDEX CREATE INDEX psql:create_postgresql:41: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "sig_reference_pkey" for table "sig_reference" CREATE TABLE psql:create_postgresql:46: NOTICE: CREATE TABLE will create implicit sequence "reference_ref_id_seq" for "serial" column "reference.ref_id" psql:create_postgresql:46: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "reference_pkey" for table "reference" CREATE TABLE psql:create_postgresql:50: NOTICE: CREATE TABLE will create implicit sequence "reference_system_ref_system_id_seq" for "serial" column "reference_system.ref_system_id" psql:create_postgresql:50: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "reference_system_pkey" for table "reference_system" CREATE TABLE psql:create_postgresql:54: NOTICE: CREATE TABLE will create implicit sequence "sig_class_sig_class_id_seq" for "serial" column "sig_class.sig_class_id" psql:create_postgresql:54: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "sig_class_pkey" for table "sig_class" CREATE TABLE CREATE INDEX psql:create_postgresql:61: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "event_pkey" for table "event" CREATE TABLE CREATE INDEX CREATE INDEX psql:create_postgresql:73: NOTICE: CREATE TABLE will create implicit sequence "sensor_sid_seq" for "serial" column "sensor.sid" psql:create_postgresql:73: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "sensor_pkey" for table "sensor" CREATE TABLE psql:create_postgresql:90: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "iphdr_pkey" for table "iphdr" CREATE TABLE CREATE INDEX CREATE INDEX psql:create_postgresql:107: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "tcphdr_pkey" for table "tcphdr" CREATE TABLE CREATE INDEX CREATE INDEX CREATE INDEX psql:create_postgresql:119: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "udphdr_pkey" for table "udphdr" CREATE TABLE CREATE INDEX CREATE INDEX psql:create_postgresql:131: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "icmphdr_pkey" for table "icmphdr" CREATE TABLE CREATE INDEX psql:create_postgresql:142: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "opt_pkey" for table "opt" CREATE TABLE psql:create_postgresql:148: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "data_pkey" for table "data" CREATE TABLE psql:create_postgresql:153: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "encoding_pkey" for table "encoding" CREATE TABLE INSERT 58689 1 INSERT 58690 1 INSERT 58691 1 psql:create_postgresql:161: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "detail_pkey" for table "detail" CREATE TABLE INSERT 58699 1 INSERT 58700 1 |
| # cd
/var/lib/pgsql/data # cp -p postgresql.conf postgresql.conf.20050615 # vi postgresql.conf |
| # tcpip_socket = false |
| tcpip_socket = true |
| # cd
/var/lib/pgsql/data # cp -p pg_hba.conf pg_hba.conf.20050615 # vi postgresql.conf |
| # IPv4-style local
connections: #host all all 127.0.0.1 255.255.255.255 trust |
| # IPv4-style local
connections: host all all 127.0.0.1 255.255.255.255 trust |
| #
/etc/init.d/postgresql restart postgresql サービスを停止中: [ OK ] postgresql サービスを開始中: [ OK ] |
| # cd /etc/snort/ # cp -p snort.conf snort.conf.20050615 # vi snort.conf |
| # output database: alert, postgresql, user=snort dbname=snort |
| output database: alert, postgresql, user=snort dbname=snort host=localhost |
| # cd /etc/sysconfig # cp -p snort snort.20050616 # vi snort |
| ALERTMODE=fast |
| ALERTMODE= |
| # cd /etc/init.d # ./snort start Starting snort: [ OK ] |
| # ps -ef | grep snort snort 23409 1 3 23:24 ? 00:00:02 /usr/sbin/snort -b -d -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort postgres 23412 22373 0 23:24 ? 00:00:00 postgres: snort snort 127.0.0.1 idle |