snort+acid打造LINUX下的入侵检测系统(IDS)(下)(1)
1.增加目录验证功能在httpd.conf尾部加: <Directory /usr/local/apache/htdoCS/acid> Options Indexes FollowSymLinks allowoverride authconfig order allow,deny allow from all </Directory> # toUCh /usr/bin/apache/users_passwd.txt # cd /usr/bin/apache/ # bin/htpasswd -bc users_passwd.txt squall 123456 # bin/htpasswd -b users_passwd.txt sqlUnix 123456 在acid目录里vi .htAccess AuthName "please input your username and passWord:" AuthType basic AuthUserFile /usr/local/apache/users_passwd.txtrequire valid-user
2.增加snort页面启动管理功能SnortCenter是一个基于Web的snort探针和规则管理系统,用于远程修改snort探针的配置,起动、停止探针,编辑、分发snort特征码规则。 下载地址: http://users.pandora.be/larc/download/ # cp snortcenter-v1.0-RC1.tar.gz /usr/local/apache/htdocs # tar zxvf snortcenter-v1.0-RC1.tar.gz # mv www sc # vi sc/ # 改以下内容: $DBlib_path = "/usr/local/apache/htdocs/adodb/"; $curl_path = "/usr/bin"; $DBtype = "mysql"; $DB_dbname = "snortcenter"; # $DB_dbname : MySQL database name of
