[精华]
机器配置如下所示:
# prtdiag
System Configuration: Sun Microsystems sun4u Sun Fire V100 (UltraSPARC-IIe 548MHz)
System clock frequency: 100 MHz
Memory size: 512 Megabytes
========================= CPUs =========================
Run Ecache CPU CPU
Brd CPU Module MHz MB Impl. Mask
0 0 0 548 0.5 13 3.3
安装所需要的二进制包都可以从http://www.sunfreeware.com下载
gcc-3.3.2-sol9-sparc-local.gz
flex-2.5.31-sol9-sparc-local.gz
autoconf-2.59-sol9-sparc-local.gz
m4-1.4.2-sol9-sparc-local.gz
bison-1.875d-sol9-sparc-local.gz
ncurses-5.4-sol9-sparc-local.gz
mysql-4.0.21-sol9-sparc-local.gz
expat-1.95.5-sol9-sparc-local.gz
libiconv-1.8-sol9-sparc-local.gz
gdbm-1.8.3-sol9-sparc-local.gz
db-4.2.52.NC-sol9-sparc-local.gz
openssl-0.9.7g-sol9-sparc-local.gz
apache-2.0.54-sol9-sparc-local.gz
libxml2-2.6.16-sol9-sparc-local.gz
zlib-1.2.2-sol9-sparc-local.gz
perl-5.8.5-sol9-sparc-local.gz
gd-2.0.33-sol9-sparc-local.gz
libtool-1.5-sol9-sparc-local.gz
libpng-1.2.8-sol9-sparc-local.gz
jpeg-6b-sol9-sparc-local.gz
其他的软件如下,都可以从相应的网站下载最新的版本
php-5.0.5.tar.gz
libpcap-0.9.4.tar.gz
pcre-6.4.tar.gz
snort-2.4.3.tar.gz
snortrules-snapshot-CURRENT_20051214.tar.gz
adodb468.tgz
base-1.2.1.tar.gz
两块网卡,dmfe0做服务,dmfe1做监听接到一个cicso交换机的SPAN monitoring口上
1,安装操作系统,我用jumpstart安装,安装的是SUNWCprog,安装完添加普通用户
# useradd -d /export/home/yang -m -s /bin/bash yang
# passwd yang
2,编辑/etc/inetd.conf,只剩下ftp服务
# vi /etc/inetd.conf
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd -a
ftp的配置
vi /etc/ftpd/ftpaccess
defaultserver allow yang # 允许用户yang使用ftp
defaultserver deny * # 拒绝所有系统用户使用ftp
defaultserver private # 关闭匿名服务
restricted-uid * # 限制在自己的主目录
ftpusers文件中一定要有root,禁止root使用ftp,在/etc/ftpd/目录下
3,停掉不需要的服务
# cd /etc/rc2.d
# mv S73nfs.client K73nfs.client
# mv S74xntpd K74xntpd
# mv S80lp K80lp
# mv S88sendmail K88sendmail
# cd /etc/rc3.d
# mv S15nfs.server K15nfs.server
# mv S90samba K90Samba
4,禁止缓冲溢出,在/etc/system里加上如下语句
# vi /etc/system
set noexec_user_stack=1
set noexec_user_stack_log=1
5,防止TCP序列号预测攻击(ip欺骗) ,将ISN序列号的生成强度提高到2
# vi /etc/default/inetinit
TCP_STRONG_ISS=2
6,sshd的配置,只允许指定的用户访问
# vi /etc/ssh/sshd_config
AllowUsers yang
7,修改主机名,添加第二块网卡
# vi /etc/nodename
forum.vst-group.com
# vi /etc/hosts
192.168.1.236 forum.vst-group.com loghost
192.168.1.235 forum2
# vi /etc/hostname.dmfe0
forum.vst-group.com
# vi /etc/hostname.dmfe1
forum2
# ifconfig dmfe1 plumb
# ifconfig dmfe1 up
8,安装gcc
# gunzip gcc-3.3.2-sol9-sparc-local.gz
# pkgadd -d gcc-3.3.2-sol9-sparc-local
9,安装flex,bison
# gunzip flex-2.5.31-sol9-sparc-local.gz
# pkgadd -d flex-2.5.31-sol9-sparc-local
# gunzip autoconf-2.59-sol9-sparc-local.gz
# pkgadd -d autoconf-2.59-sol9-sparc-local
# gunzip m4-1.4.2-sol9-sparc-local.gz
# pkgadd -d m4-1.4.2-sol9-sparc-local
# gunzip bison-1.875d-sol9-sparc-local.gz
# pkgadd -d bison-1.875d-sol9-sparc-local
9,安装mysql
# gunzip ncurses-5.4-sol9-sparc-local.gz
# pkgadd -d ncurses-5.4-sol9-sparc-local
# gunzip mysql-4.0.21-sol9-sparc-local.gz
# pkgadd -d mysql-4.0.21-sol9-sparc-local
# groupadd mysql
# useradd -g mysql mysql
# vi /etc/profile
PATH=$PATH:/sbin:/usr/local/bin:/usr/local/mysql/bin:/usr/ccs/bin
# ln -s /usr/bin/hostname /usr/local/bin/hostname
# mysql_install_db --user=mysql
# mysqld_safe --user=mysql &
# cp share/mysql/mysql.server /etc/init.d/
# ln -s /etc/init.d/mysql.server /etc/rc3.d/S90mysqld
10,安装apache2.0.54
# gunzip expat-1.95.5-sol9-sparc-local.gz
# pkgadd -d expat-1.95.5-sol9-sparc-local
# gunzip libiconv-1.8-sol9-sparc-local.gz
# pkgadd -d libiconv-1.8-sol9-sparc-local
# gunzip gdbm-1.8.3-sol9-sparc-local.gz
# pkgadd -d gdbm-1.8.3-sol9-sparc-local
# gunzip db-4.2.52.NC-sol9-sparc-local.gz
# pkgadd -d db-4.2.52.NC-sol9-sparc-local
# gunzip openssl-0.9.7g-sol9-sparc-local.gz
# pkgadd -d openssl-0.9.7g-sol9-sparc-local
# gunzip apache-2.0.54-sol9-sparc-local.gz
# pkgadd -d apache-2.0.54-sol9-sparc-local
# cd /usr/local/apache2/conf
# cp httpd-std.conf httpd.conf
# /usr/local/apache2/bin/apachectl start
11,安装php (--with-gd)
# gunzip libxml2-2.6.16-sol9-sparc-local.gz
# pkgadd -d libxml2-2.6.16-sol9-sparc-local
# gunzip zlib-1.2.2-sol9-sparc-local.gz
# pkgadd -d zlib-1.2.2-sol9-sparc-local
# gunzip perl-5.8.5-sol9-sparc-local.gz
# pkgadd -d perl-5.8.5-sol9-sparc-local
# gunzip gd-2.0.33-sol9-sparc-local.gz
# pkgadd -d gd-2.0.33-sol9-sparc-local
# gunzip libtool-1.5-sol9-sparc-local.gz
# pkgadd -d libtool-1.5-sol9-sparc-local
# gunzip libpng-1.2.8-sol9-sparc-local.gz
# pkgadd -d libpng-1.2.8-sol9-sparc-local
# gunzip jpeg-6b-sol9-sparc-local.gz
# pkgadd -d jpeg-6b-sol9-sparc-local
php编译安装
# gunzip php-5.0.5.tar.gz
# tar xf php-5.0.5.tar
# cd php-5.0.5
# ./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql \
--with-apxs2=/usr/local/apache2/bin/apxs --enable-force-cgi-redirect \
--with-libxml-dir --with-openssl --with-zlib --with-pear --with-gd
# make
# make test
安装需要sed程序在/usr/local/bin目录下
# ln -s /usr/bin/sed /usr/local/bin/sed
# make install
# cp php.ini-dist /usr/local/lib/php.ini
重启apache
# /usr/local/apache2/bin/apachectl stop
# /usr/local/apache2/bin/apachectl start
12,安装libpcap,snort
# gunzip libpcap-0.9.4.tar.gz
# tar xf libpcap-0.9.4.tar
# cd libpcap-0.9.4
# ./configure
# make
# make install
编译snort需要pcre,
下载pcre ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-6.4.tar.gz
# gunzip -c pcre-6.4.tar.gz | tar xf -
# cd pcre-6.4
# ./configure
# make
# make install
# gunzip -c snort-2.4.3.tar.gz | tar xf -
# cd snort-2.4.3
# ./configure --with-mysql=/usr/local/mysql
# make
# make install
# groupadd snort
# useradd -g snort -s /bin/false snort
# mkdir /etc/snort
# mkdir /etc/snort/rules
# mkdir /var/log/snort
# cd etc
# cp * /etc/snort
配置mysql
# mysqladmin -u root password 'mysql-admin-password'
# mysql -u root -pmysql-admin-password
mysql> create database snort;
mysql> grant all on snort.* to snort@localhost identified by 'snort-password';
mysql> exit;
# mysql -u snort -psnort-password < ./schemas/create_mysql snort
安装规则文件
# gunzip -c snortrules-snapshot-CURRENT_20051214.tar.gz | tar xf -
# cd rules
# cp * /etc/snort/rules
编辑/etc/snort/snort.conf
# vi /etc/snort/snort.conf
var HOME_NET 192.168.1.0/24
var RULE_PATH /etc/snort/rules
preprocessor stream4_reassemble
preprocessor stream4_reassemble: both,ports 21 23 25 53 80 110 111 139 143 445 513 1433
output database: log, mysql, user=snort password=snort-password dbname=snort host=localhost
编辑snort的启动脚本
# vi /etc/init.d/ids
#!/sbin/sh
case "$1" in
start)
cmdtext="starting"
(LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/usr/local/mysql/lib/mysql ; \
export LD_LIBRARY_PATH; \
snort -dyq -c /etc/snort/snort.conf -i dmfe1 -D) \
>/dev/null 2>&1
stop)
cmdtext="stopping"
pid=`ps -ef | grep snort | grep -v grep | awk '{print $2}' - `
kill -9 $pid >/dev/null 2>&1
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
echo "snort $cmdtext."
exit 0
chmod 755 /etc/init.d/ids
ln -s /etc/init.d/snort /etc/rc3.d/S99ids
注意,脚本的名字不能带有snort字符串
启动,停止snort
# /etc/init.d/ids start
# /etc/init.d/ids stop
13,安装adodb,base
# gunzip -c adodb468.tgz | tar xf -
# cp -r adodb /export/home/
安装PEAR::Image_Graph
# /usr/local/php/bin/pear install Image_Color
# /usr/local/php/bin/pear install Log
# /usr/local/php/bin/pear install Numbers_Roman
# /usr/local/php/bin/pear install http://pear.php.net/get/Numbers_Words-0.13.1.tgz
# /usr/local/php/bin/pear install http://pear.php.net/get/Image_Graph-0.3.0dev4.tgz
安装base
# gunzip -c base-1.2.1.tar.gz | tar xf -
# cp -r base-1.2.1 /export/home
# cd /export/home/base-1.2.1
# cp base_conf.php.dist base_conf.php
# vi base_conf.php
$BASE_urlpath = "/base";
$DBlib_path = "/export/home/adodb/ ";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "snort-password";
$archive_exists = 0; # Set this to 1 if you have an archive DB
修改apache的httpd.conf文件
# vi /usr/local/apache2/conf/httpd.conf
DirectoryIndex index.html index.htm index.php index.html.var
Alias /base "/export/home/base-1.2.1"
<Directory "/export/home/base-1.2.1">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# /usr/local/apache2/bin/apachectl stop
# /usr/local/apache2/bin/apachectl start
好了,最后访问http://192.168.1.236/base进去,点击setup page完成最后的安装。
