Installation and Configuration In addition to Windows 2003/2000 / XP and Microsoft SQL Server 2000, the author uses the following version of the package when configured: activ-0.9.6b23.tar.gzhttp://www.cert.org/kb/acid PHP-based intrusion detection database analysis console adodb461.ziphttp: //sourceforge.net/project/showfiles.php? Group_id = 42718adoDB (Active Data Objects Data Base) library for PHP, if the link fails, can be found on the SourceForge. Apache_2.0.53-win32-x86-no_ssl.msihttp: //www.apache.orgwindows version of the Apache Web server jpgraph-1.17.tar.gzhttp://www.aditus.nu/jpgraphoo graphics library for php, please pay attention to download The version should be consistent with the PHP version, and the version of the for php4 cannot run on PHP5, and vice versa. PHP-4.3.2-win32.ziphttp: //www.php.NetWindows version of the PHP script environment support Snort-2.3.0.exehttp: //www.snort.orgwindows version of the Snort installation package WinPCap3.1.exehttp: / /Winpcap.polito.it/ Network Packet Intercept Driver One, pay attention when installing Apache for Windows installation, if you have already installed IIS and start the web server, because IIS Webserver is listening to the TCP 80 port, so will be with Apache Web Server conflict, we can modify Apache WebServer for other ports. This version installs Apache to% Program Files% / Apache Group / Apache2 and automatically installs Apache to run.
Second, add Apache support for PHP: Unzip PHP-4.3.10-WIN32.ZIP to C: / PHP copy php4ts.dll to% systemroot% / system32, copy C: / PHP / EXTENSION / *. DLL to% SystemRoot% / Copy php.ini-dist to% systemroot% / php.ini, modify php.ini, open all Extension (Remove Extension) Add GD graphics library support to add the following 2 lines of LoadModule PHP4_Module to HTTPD.CONF "c: / php/sapi/php4apache2.dll" AddType Application / X-httpd-php .php In Control Panel -> Administrative Tools -> Services, restart the Apache2 service. In the Apache2 / HTDOCS directory, new Test.php, Test.php file content:
Using http://127.0.0.1:8080/test.php test PHP is installed successfully, install Snort-2.3.0 Use the default installation path C: / Snort, select the database to Microsoft SQL Server.
Fourth, install the AdoDB to decompress the adodb461.zip to the c: / php / adodb directory
V. Installing the ACID (1) Unzip the ACID-0.9.6b23.tar.gz to the Apache2 / HTDOCS / ACID directory (2) Modify the ACID_CONF.PHP file to find the corresponding row and change them:
$ Dbtype = "mssql"; $ dblib_path = "c: / php / adoDB"; $ Alert_dbname = "Snort"; $ ALERT_HOST = "localhost"; $ ALERT_PORT = ""; $ ALERT_USER = "Snort"; $ Alert_password = " Yourpassword ";
/ * Archive DB connection parameters * / $ archive_dbname = "snort_archive"; $ archive_host = "localhost"; $ archive_port = ""; $ archive_user = "snort"; $ archive_password = "yourpassword";
$ Chartlib_path = "c: / pHP / jpgraph / src";
(3) Open http://127.0.0.1:8080/acid/acid_db_setup.php, the basic function is successful. If there is an error, re-check according to the error condition. Under normal circumstances, it should be able to connect to the database normally here. Note: Under Windows 2003 / XP SP2, MSSQL cannot be used normally, please install SQL Server SP3A to Microsoft Website. In addition, Alert_port in ACID_CONF.PHP is not 1433, and it can be left blank.
6. Install the JPGRAPG library
(1) Unzip JPGRAPH-1.17.Tar.gz to C: / PHP / JPGRAPH (2) Modify JPGraph.php Define ("Cache_Dir", "/ TMP / JPGRAPH_CACHE /"); (3) Run C: / Snort / BIN> Snort-C "c: /snort/etc/snort.conf" -L "c: / snort / logs" -d, open http://127.0.0.1:8080/acid/acid_main.php, you should see Current network condition analysis.
Seven, the system structure The following is a combing of the entire configuration process: (1) Snort sends its captured data to the SNORT database of SQL Server. (2) Apache provides Web service support for the system. (3) PHP provides PHP support for the system to enable Apache to run the PHP program. (4) ACID is based on PHP-based intrusion detection database analysis console (just installing Apache and PHP is to run it) (5) AdoDB is the connection component of the PHP database. (6) ACID reads data from the MSSQL.snort database via AdoDB, display the analysis results on the web, and use the JPGRAPH component to graphically analyze it.
