分類: CentOS

AWStats 是一套功能強大的 OpenSource 流量統計工具，它可以分析 Apache, FTP 等伺服器所產生的紀錄檔，再產生清楚詳細的圖表。
AWStats 官方網站：http://www.awstats.org/

參考網頁：
Linux 安裝 AWStats 流量分析 – Linux 技術手札
浮雲雅築: [研究] AWStats 7.2 安裝 (tgz)(CentOS 6.5 x86_64)

1. 進行安裝
# yum install awstats –enablerepo=epel
[@more@]
2. 進行設定
# cd /usr/share/awstats/tools
# ./awstats_configure.pl
—– AWStats awstats_configure 1.0 (build 20140126) (c) Laurent Destailleur —–
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
– You are not an administrator user,
– You want to analyze downloaded log files without web server,
– You want to analyze mail or ftp log files instead of web log files,
– You need to analyze load balanced servers log files,
– You want to ‘understand’ all possible ways to use AWStats…
Read the AWStats documentation (docs/index.html).

—–> Running OS detected: Linux, BSD or Unix
Warning: AWStats standard directory on Linux OS is ‘/usr/local/awstats’.
If you want to use standard directory, you should first move all content
of AWStats distribution from current directory:
/usr/share/awstats
to standard directory:
/usr/local/awstats
And then, run configure.pl from this location.
Do you want to continue setup from this NON standard directory [yN] ?y

—–> Check for web server install

Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:Program filesapache groupapacheconfhttpd.conf
Config file path (‘none’ to skip web server setup):
> /etc/httpd/conf/httpd.conf

—–> Check and complete web server config file ‘/etc/httpd/conf/httpd.conf’
  Add ‘Alias /awstatsclasses “/usr/share/awstats/wwwroot/classes/”‘
  Add ‘Alias /awstatscss “/usr/share/awstats/wwwroot/css/”‘
  Add ‘Alias /awstatsicons “/usr/share/awstats/wwwroot/icon/”‘
  Add ‘ScriptAlias /awstats/ “/usr/share/awstats/wwwroot/cgi-bin/”‘
  Add ‘<Directory>’ directive
  AWStats directives added to Apache config file.

—–> Update model config file ‘/etc/awstats/awstats.model.conf’
  File awstats.model.conf updated.

—–> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y

—–> Check for web server install

Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:Program filesapache groupapacheconfhttpd.conf
Config file path (‘none’ to skip web server setup):
> /etc/httpd/conf/httpd.conf

—–> Check and complete web server config file ‘/etc/httpd/conf/httpd.conf’
  Add ‘Alias /awstatsclasses “/usr/share/awstats/wwwroot/classes/”‘
  Add ‘Alias /awstatscss “/usr/share/awstats/wwwroot/css/”‘
  Add ‘Alias /awstatsicons “/usr/share/awstats/wwwroot/icon/”‘
  Add ‘ScriptAlias /awstats/ “/usr/share/awstats/wwwroot/cgi-bin/”‘
  Add ‘<Directory>’ directive
  AWStats directives added to Apache config file.

—–> Update model config file ‘/etc/awstats/awstats.model.conf’
  File awstats.model.conf updated.

—–> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y

—–> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>abc.tces.ilc.edu.tw

—–> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>

—–> Create config file ‘/etc/awstats/awstats.abc.tces.ilc.edu.tw.conf’
 Config file /etc/awstats/awstats.abc.tces.ilc.edu.tw.conf created.

—–> Restart Web server with ‘/sbin/service httpd restart’
Redirecting to /bin/systemctl restart  httpd.service

—–> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/share/awstats/wwwroot/cgi-bin/awstats.pl -update -config=abc.tces.ilc.edu.tw
Or if you have several config files and prefer having only one command:
/usr/share/awstats/tools/awstats_updateall.pl now
Press ENTER to continue…

A SIMPLE config file has been created: /etc/awstats/awstats.abc.tces.ilc.edu.tw.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for ‘abc.tces.ilc.edu.tw’ with command:
> perl awstats.pl -update -config=abc.tces.ilc.edu.tw
You can also read your statistics for ‘abc.tces.ilc.edu.tw’ with URL:
> http://localhost/awstats/awstats.pl?config=abc.tces.ilc.edu.tw

Press ENTER to finish…

3. 產生畫面
# /usr/share/awstats/wwwroot/cgi-bin/awstats.pl –update –config=abc.tces.ilc.edu.tw
Create/Update database for config “/etc/awstats/awstats.abc.tces.ilc.edu.tw.conf” by AWStats version 7.4 (build 20150714)
From data in log file “/var/log/httpd/access_log”…
Phase 1 : First bypass old records, searching new record…
Searching new records from beginning of log file…
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)…
Jumped lines in file: 0
Parsed lines in file: 3809
 Found 162 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 3647 new qualified records.

4. 更新資料，如果出現以下訊息，請執行 第 3 步驟
# /usr/share/awstats/tools/awstats_updateall.pl now
Error: Can’t find AWStats program (‘awstats.pl’).
Use -awstatsprog option to solve this.

如果執行第 3 步驟，還是不行，請執行以下
# cp /usr/share/awstats/tools/awstats_updateall.pl /usr/share/awstats/tools/awstats_updateall.pl.$(date +%F)
# sed -i -e ‘s@awstats.pl@/usr/share/awstats/wwwroot/cgi-bin/awstats.pl@’ /usr/share/awstats/tools/awstats_updateall.pl

# /usr/share/awstats/tools/awstats_updateall.pl now
Running ‘”./awstats.pl” -update -config=abc -configdir=”/etc/awstats”‘ to update config abc
Create/Update database for config “/etc/awstats/awstats.abc.conf” by AWStats version 7.4 (build 20150714)
From data in log file “/var/log/httpd/access_log”…
Phase 1 : First bypass old records, searching new record…
Direct access after last parsed record (after line 3873)
Jumped lines in file: 3873
 Found 3873 already parsed records.
Parsed lines in file: 15
 Found 1 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 14 new qualified records.

Running ‘”./awstats.pl” -update -config=abc.tces.ilc.edu.tw -configdir=”/etc/awstats”‘ to update config abc.tces.ilc.edu.tw
Create/Update database for config “/etc/awstats/awstats.abc.tces.ilc.edu.tw.conf” by AWStats version 7.4 (build 20150714)
From data in log file “/var/log/httpd/access_log”…
Phase 1 : First bypass old records, searching new record…
Direct access after last parsed record (after line 3873)
Jumped lines in file: 3873
 Found 3873 already parsed records.
Parsed lines in file: 15
 Found 1 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 14 new qualified records.

Running ‘”./awstats.pl” -update -config=localhost.localdomain -configdir=”/etc/awstats”‘ to update config localhost.localdomain
Create/Update database for config “/etc/awstats/awstats.localhost.localdomain.conf” by AWStats version 7.4 (build 20150714)
From data in log file “/var/log/httpd/access_log”…
Phase 1 : First bypass old records, searching new record…
Direct access after last parsed record (after line 3873)
Jumped lines in file: 3873
 Found 3873 already parsed records.
Parsed lines in file: 15
 Found 1 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 14 new qualified records.

5. 加入工作排程
# crontab -e
0 1 * * * /usr/share/awstats/tools/awstats_updateall.pl now > /dev/null 2>&1

6. 開啟瀏覽器 http://Server’IP//awstats/awstats.pl

Lynis 是一套可用於各種 UNIX Based System 的系統安全檢測工具，它能找出系統安全需要補強的地方, 同時提供許多提升系統安全的作法與建議。
lynix 官方網站：https://cisofy.com/lynis/
參考網頁：
Lynis：Linux 安全性掃描檢測工具，找出系統漏洞、弱點與惡意程式 – G. T. Wang
網路系統組 / Network Systems [security:lynis]

1. 安裝
# yum install lynis –enablerepo=epel

2. 可用參數
# /bin/lynis –help[@more@]3. 進行檢查
–check-all 檢查整個系統
–quick 快速模式，不等待使用者互動確認
# /bin/lynis –check-all –quick
# /bin/lynis -c -Q

4. 將檢查結果輸出到檔案
# /bin/lynis –check-all –quick –no-colors > /tmp/lynis.txt

5. 列出 警告 & 建議事項
    內定是輸出到 /var/log/lynis.log
# egrep ‘Warning|Suggestion’ /var/log/lynis.log

6. 加入到工作排程
# crontab -e
30 2 * * * /bin/lynis -c -Q –auditor “automated” –cronjob

7. 依建議事項進行修改
2017-03-05 13:01:27 Suggestion: Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [test:PHP-2376] [details:-] [solution:-]

# sed -i ‘s/allow_url_fopen = On/allow_url_fopen = Off/’ /etc/php.ini
# systemctl restart httpd.service

除了使用 htpasswd 設定密碼也保護 nagios 使用安全外，也可以使用 ip 來限制來源


1. 註解 Require all
# sed -i ‘s/Require all/#Require all/’ /etc/httpd/conf.d/nagios.conf[@more@]
2. 在後面插入二行
# sed -i -e ‘/#Require all/atRequire all deniedntRequire ip 192.168.1.0/24’ /etc/httpd/conf.d/nagios.conf

3. 查看設定
# cat /etc/httpd/conf.d/nagios.conf
ScriptAlias /nagios/cgi-bin/ “/usr/lib64/nagios/cgi-bin/”

<Directory “/usr/lib64/nagios/cgi-bin/”>
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         #Require all granted
        Require all denied
        Require ip 192.168.1.0/24
#        Require host 127.0.0.1

         AuthName “Nagios Access”
         AuthType Basic
         AuthUserFile /etc/nagios/passwd
         Require valid-user
      </RequireAll>
   </IfVersion>
</Directory>

Alias /nagios “/usr/share/nagios/html”

<Directory “/usr/share/nagios/html”>
#  SSLRequireSSL
   Options None
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         #Require all granted
        Require all denied
        Require ip 192.168.1.0/24
#        Require host 127.0.0.1

         AuthName “Nagios Access”
         AuthType Basic
         AuthUserFile /etc/nagios/passwd
         Require valid-user
      </RequireAll>
   </IfVersion>
</Directory>

4. 重新啟動 Web Server
# systemctl restart httpd.service

參考網頁：
Install And Configure Nagios 4 On CentOS 7 | Unixmen
CentOS 7 : Nagios : Install : Server World
Configuring and Installing Nagios Core 4 on CentOS 6 – nuxref
Nagios Core 4.x Setup for CentOS 7.x – nuxref
Configuring and Installing NRPE and NSCA into Nagios Core 4 on CentOS 6 – nuxref
Control Protocol: Nagios issues, duh.

1. 安裝所需套件
# yum install nagios nagios-plugins-all php http

2. 設定開機時啟動服務
# systemctl enable httpd.service
# systemctl enable nagios.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nagios.service to /usr/lib/systemd/system/nagios.service.
# systemctl start httpd.service
# systemctl start nagios.service[@more@]
3. 設定登入帳號及密碼
# /usr/bin/htpasswd -c /etc/nagios/passwd nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin

4. 檢查設定是否正確
# /usr/sbin/nagios -v /etc/nagios/nagios.cfg
Nagios Core 4.2.4
Copyright (c) 2009-present Nagios Core Development Team and Community Contributors
Copyright (c) 1999-2009 Ethan Galstad
Last Modified: 12-07-2016
License: GPL

Website: https://www.nagios.org
Reading configuration data…
   Read main config file okay…
   Read object config files okay…

Running pre-flight check on configuration data…

Checking objects…
        Checked 8 services.
        Checked 1 hosts.
        Checked 1 host groups.
        Checked 0 service groups.
        Checked 1 contacts.
        Checked 1 contact groups.
        Checked 24 commands.
        Checked 5 time periods.
        Checked 0 host escalations.
        Checked 0 service escalations.
Checking for circular paths…
        Checked 1 hosts
        Checked 0 service dependencies
        Checked 0 host dependencies
        Checked 5 timeperiods
Checking global event handlers…
Checking obsessive compulsive processor commands…
Checking misc settings…

Total Warnings: 0
Total Errors:   0

Things look okay – No serious problems were detected during the pre-flight check

5. 開啟瀏覽器 http://Server’IP/nagios
輸入設定的帳號及密碼

6. 登入後畫面

Zabbix 是一套企業級的網管軟體，讓網管人員可以輕鬆地利用網頁介面即可完全監控相關網路服務主機的現行狀態，並且在所設定的異常狀況發生時，立即以電子郵件等方法通知網管人員。
Zabbix 官方網站：http://www.zabbix.com/
參考網站：
企業級開源網管軟體 用Zabbix監控網路服務 – 技術專欄 – 網管人NetAdmin
CentOS 7 安裝Zabbix 3.2 | MIS的背影
RHEL / CentOS 安裝監測工具 — Zabbix – Linux 技術手札
zabbix server 安裝 | zabbix document

1. 首先先安裝好 LAMP
# yum install httpd mariadb mariadb-server php php-mysql php-gd php-pear php-xml php-xmlrpc php-mbstring php-soap[@more@]2. 安裝 zabbix 套件庫
# rpm -ivh http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm

3. 更新套件庫
# yum update

4.  安裝 zabbix
# yum install zabbix-server-mysql zabbix-web-mysql zabbix-web

5. 設定開機時啟動
# systemctl enable zabbix-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/zabbix-server.service to /usr/lib/systemd/system/zabbix-server.service.

6. 建立 zabbix 資料庫並設定資料庫的管理帳號及密碼
# /usr/bin/mysql -u root -p
> create databases zabbixdb;
> grant all privileges on zabbixdb.* to zabbix@localhost identified by “123456”;
> flush privileges;

7. 匯入資料庫
# gunzip /usr/share/doc/zabbix-server-mysql-3.2.4/create.sql.gz
# /usr/bin/mysql -u zabbix -p zabbixdb < /usr/share/doc/zabbix-server-mysql-3.2.4/create.sql

8. 修改設定檔 /etc/zabbix/zabbix_server.conf 及 /etc/php.ini
# cp /etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf.$(date +%F)
# sed -i ‘s/DBName=zabbix/DBName=zabbixdb/’ /etc/zabbix/zabbix_server.conf
# sed -i ‘s/# DBPassword=/DBPassword=123456/’ /etc/zabbix/zabbix_server.conf
# sed -i ‘s/;date.timezone =/date.timezone = Asia/Taipei/’ /etc/php.ini

# vim /etc/httpd/conf.d/zabbix.conf
把
# php_value date.timezone Europe/Riga
修改成
php_value date.timezone Asia/Taipei

9. 重新啟動 Web Server
# systemctl restart httpd.service

10. 啟動 Zabbix Server
# systemctl start zabbix-server.service

11. 進行安裝及設定 http://Server’IP/zabbix

預設登入的帳號及密碼：admin / zabbix

登入畫面

1. 建立使用者及密碼
# /usr/bin/htpasswd -c /var/www/test/.htpasswd admin
New password:
Re-type new password:
Adding password for user admin

第二個使用者就不用加上 -c
# /usr/bin/htpasswd /var/www/test/.htpasswd abc[@more@]
2. 建立設定檔 /etc/httpd/conf.d/test.conf
# vim /etc/httpd/conf.d/test.conf
Alias /base /var/www/test
<Directory /var/www/test/>
Order Deny,Allow
#Deny from all
#Allow from 192.168.1.0/24
Require all denied
Require ip 192.168.1.0/24

AuthType Basic
AuthName “Restricted Files”
AllowOverride AuthConfig
# (Following line optional)
AuthBasicProvider file
AuthUserFile “/var/www/test/.htpasswd”
Require valid-user
</Directory>

3. 重新啟動 Apache Web Server
# systemctl restart httpd
# systemctl status httpd

4. 測試一下 http://Server’IP/test

建立設定檔
# vim /etc/httpd/conf.d/base.conf
Alias /base /var/www/base
<Directory /var/www/base/>
Order Deny,Allow
# 2.2
#Deny from all
#Allow from 192.168.1.0/24
# 2.4
Require all denied
Require ip 192.168.1.0/24
</Directory>

重新啟動 Web Server
# systemctl restart httpd

檢查是否有正常啟動
# system status httpd

1. 以預設的帳號密碼登入後，選擇 Manage Users

2. 選擇 Manage

3. 最後選擇 Change User Password

ntopng 官方網站：http://www.ntop.org/
ntop 是一套好用的圖形化介面網路軟體，可以監控並記錄整個網路的流量。ntopng 則是 ntop 的下一個版本。

參考網頁：
【 Linux 】NTopNG安裝 (CentOS 7) – 亞索數位筆記
CentOs 7 ntopng 安裝 @ 工作雜記 :: 隨意窩 Xuite日誌

1. 安裝 epel 套件庫
# yum install epel-release

2. 新增 ntop 套件庫設定檔
# vim /etc/yum.repos.d/ntop-nmon.repo
[ntop]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri

[ntop-noarch]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/noarch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri

清除舊的暫存並更新套件庫套件資訊
# yum clean all
# yum update[@more@]
3. 安裝 ntopng 相關套件
# yum install pfring n2disk nprobe ntopng ntopng-data cento nbox

安裝 PF_RING 驅動程式
# yum install pfring-drivers-zc-dkms

4. 設定開機時啟動 ntopng 相關服務
# systemctl start redis.service
# systemctl enable redis.service

# systemctl start ntopng.service
# systemctl enable ntopng.service

5. 加入防火牆設定
# firewall-cmd –permanent –add-port=3000/tcp
# firewall-cmd –reload
或
# iptables -A INPUT -p tcp –syn -m state –state NEW –dport 3000 -j ACCEPT

6. 檢查是否有正常啟動
# systemctl status ntopng.service
● ntopng.service – Start/stop ntopng program
   Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-03-01 21:34:25 CST; 3s ago
  Process: 12500 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
  Process: 12560 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, status=0/SUCCESS)
 Main PID: 12567 (ntopng)
   CGroup: /system.slice/ntopng.service
           mq12567 /usr/bin/ntopng /etc/ntopng/ntopng.conf

Mar 01 21:34:24 flow logger[12561]: ntopng start
Mar 01 21:34:24 flow ntopng[12560]: Starting ntopng: No network card detected
Mar 01 21:34:24 flow ntopng[12567]: [NtopPro.cpp:182] ERROR: [LICENSE] Invalid or missing ntopng License [Empty license file]
Mar 01 21:34:24 flow ntopng[12567]: [NtopPro.cpp:195] WARNING: [LICENSE] ntopng will now run in pro mode for 10 minutes
Mar 01 21:34:24 flow ntopng[12567]: [NtopPro.cpp:197] WARNING: [LICENSE] before returning to community mode
Mar 01 21:34:24 flow ntopng[12567]: [NtopPro.cpp:198] WARNING: [LICENSE] You can buy a permanent license at http://shop.ntop.org
Mar 01 21:34:24 flow ntopng[12567]: [NtopPro.cpp:199] WARNING: [LICENSE] or run ntopng in community mode starting
Mar 01 21:34:24 flow ntopng[12567]: [NtopPro.cpp:200] WARNING: [LICENSE] ntopng –community
Mar 01 21:34:25 flow ntopng[12560]: [  OK  ]
Mar 01 21:34:25 flow systemd[1]: Started Start/stop ntopng program.

有正常啟動，但有 ERROR 和一些 WARNING

解決方式：
# echo “–community” >> /etc/ntopng/ntopng.conf

7. 重新啟動 ntopng 服務
# systemctl restart ntopng.service

8. 已正常無 WARNING 警告訊息
# systemctl status ntopng.service
● ntopng.service – Start/stop ntopng program
   Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-03-01 21:37:19 CST; 2s ago
  Process: 12604 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
  Process: 12659 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, status=0/SUCCESS)
 Main PID: 12666 (ntopng)
   CGroup: /system.slice/ntopng.service
           mq12666 /usr/bin/ntopng /etc/ntopng/ntopng.conf

Mar 01 21:37:18 flow systemd[1]: Starting Start/stop ntopng program…
Mar 01 21:37:18 flow logger[12660]: ntopng start
Mar 01 21:37:18 flow ntopng[12659]: Starting ntopng: No network card detected
Mar 01 21:37:19 flow ntopng[12659]: [  OK  ]
Mar 01 21:37:19 flow systemd[1]: Started Start/stop ntopng program.

9. 開啟瀏覽器，在網址列輸入 http://Server’IP:3000

預設登入的帳號 / 密碼：admin / admin

其它設定 /etc/ntopng/ntopng.conf
–http-port xxxx
–local-networks “XXX.XXX.XXX.XXX” 網段：例如:192.168.0.0/24
–interface 網路介面，例如：eth0 eth1 enp6s0

參考網頁：
Suricata + Barnyard + BASE 安裝 – Neverland

底下參考自：讓Snort開始運作,Information Security 資安人科技網

Barnyard是一套用來讀取 Snort 統一輸出報表(Unified output)並將之轉存到資料庫的特製工具，並且會直接監視資料庫連線來預防資料的流失。統一輸出報表是 Snort3 種輸出報表的其中一個選項，它透過減輕 Snort  引擎中的有效負荷的傳輸(payload translation)來增快處理速度。

1. 安裝所需套件
# yum install git libtool libnet libnet-devel mariadb-devel daq-devel libyaml-devel file-devel libcap-ng-devel libpcap-devel libdnet-devel

2. 切換目錄
# cd /usr/local/src

3. 使用 git 下載 barnyard2
# git clone https://github.com/firnsy/barnyard2.git barnyard2
Cloning into ‘barnyard2’…
remote: Counting objects: 1292, done.
remote: Total 1292 (delta 0), reused 0 (delta 0), pack-reused 1292
Receiving objects: 100% (1292/1292), 1.04 MiB | 601.00 KiB/s, done.
Resolving deltas: 100% (896/896), done.[@more@]
4. 切換目錄
# cd barnyard2

5. 進行設定
# ./autogen.sh
Found libtoolize
libtoolize: putting auxiliary files in `.’.
libtoolize: copying file `./ltmain.sh’
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4′.
libtoolize: copying file `m4/libtool.m4′
libtoolize: copying file `m4/ltoptions.m4′
libtoolize: copying file `m4/ltsugar.m4′
libtoolize: copying file `m4/ltversion.m4′
libtoolize: copying file `m4/lt~obsolete.m4′
autoreconf: Entering directory `.’
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal –force -I m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize –copy –force
libtoolize: putting auxiliary files in `.’.
libtoolize: copying file `./ltmain.sh’
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4′.
libtoolize: copying file `m4/libtool.m4′
libtoolize: copying file `m4/ltoptions.m4′
libtoolize: copying file `m4/ltsugar.m4′
libtoolize: copying file `m4/ltversion.m4′
libtoolize: copying file `m4/lt~obsolete.m4′
autoreconf: running: /usr/bin/autoconf –force
autoreconf: running: /usr/bin/autoheader –force
autoreconf: running: automake –add-missing –copy –force-missing
configure.ac:11: installing ‘./config.guess’
configure.ac:11: installing ‘./config.sub’
configure.ac:8: installing ‘./install-sh’
configure.ac:8: installing ‘./missing’
autoreconf: Leaving directory `.’
You can now run “./configure” and then “make”.

6. 進行編譯及安裝
# ./configure –with-mysql –with-mysql-libraries=/usr/lib64/mysql
# make && make install

7. 複製檔案到相對應目錄
# cp /usr/local/src/barnyard2/rpm/barnyard2.config /etc/sysconfig/barnyard2
# cp /usr/local/src/barnyard2/rpm/barnyard2 /etc/init.d/

8. 更改檔案給予執行權限
# chmod +x /etc/init.d/barnyard2

9. 設定開機時啟動 barnyard2
# chkconfig –add barnyard2

10. 建立連結
# ln -s /usr/local/etc/barnyard2.conf /etc/suricata/barnyard2.conf
# ln -s /usr/local/bin/barnyard2 /usr/bin/

11. 建立目錄
# mkdir -p /var/log/snort/eth0/archive/

12. 修改 /etc/init.d/barnyard2
# sed -i -e “s@Snort Output Processor@Suricata Output Processor@”   /etc/init.d/barnyard2
# sed -i -e “s@BARNYARD_OPTS=@#BARNYARD_OPTS=@”   /etc/init.d/barnyard2
# sed -i -e “/daemon/iBARNYARD_OPTS=”-D -c /etc/suricata/barnyard2.conf -d /var/log/suricata -w /var/log/suricata/barnyard2.waldo -l /var/log/suricata -a /var/log/suricata -f unified2.alert -X /var/lock/subsys/barnyard2.pid”” /etc/init.d/barnyard2d2

13. 修改 /etc/sysconfig/barnyard2
# sed -i -e “s@LOG_FILE=@#LOG_FILE=@”   /etc/sysconfig/barnyard2
# sed -i -e “/LOG_FILE=”snort_unified.log”/aLOG_FILE=”unified2.log“”   /etc/sysconfig/barnyard2
# sed -i -e “s@CONF@#CONF@” /etc/sysconfig/barnyard2
# sed -i -e “s@SNORTDIR@#SNORTDIR@” /etc/sysconfig/barnyard2
# sed -i -e “/Probably not this either/aCONF=/etc/suricata/barnyard2.conf” /etc/sysconfig/barnyard2
# sed -i -e “/#SNORTDIR/aSNORTDIR=”/var/log/suricata”” /etc/sysconfig/barnyard2

14. 修改 /etc/suricata/barnyard2.conf
# cp /etc/suricata/barnyard2.conf /etc/suricata/barnyard2.conf.$(date +%F)
# sed -i ‘s@/etc/snort/reference.config@/etc/suricata/rules/reference.config@’ /etc/suricata/barnyard2.conf
# sed -i ‘s@/etc/snort/classification.config@/etc/suricata/rules/classification.config@’ /etc/suricata/barnyard2.conf
# sed -i ‘s@/etc/snort/gen-msg.map@/etc/suricata/rules/gen-msg.map@’ /etc/suricata/barnyard2.conf
# sed -i ‘s@/etc/snort/sid-msg.map@/etc/suricata/rules/sid-msg.map@’ /etc/suricata/barnyard2.conf
# sed -i -e “/database: log to a variety of databases/aoutput database: log, mysql, user=barnyard2 password=123456 dbname=suricatadb host=localhost” /etc/suricata/barnyard2.conf

15. 修改 /etc/suricata/suricata.yaml
# vim /etc/suricata/suricata.yaml
  – unified2-alert:
      enabled: yes
      filename: unified2.alert

16. 建立資料庫及設定設用者帳號密碼
# /usr/bin/mysql -u root -p
MariaDB [(none)]> create database snortdb;
MariaDB [(none)]> grant all privileges on snortdb.* to barnyard2@localhost identified by ‘123456’;
MariaDB [(none)]> flush privileges;

17. 匯入資料
# /usr/bin/mysql suricatadb -ubarnyard2 -p123456 < /usr/local/src/barnyard2/schemas/create_mysql

18. 進行測試
# /usr/local/bin/barnyard2 -T -c /etc/suricata/barnyard2.conf -d /var/log/suricata -w /var/log/suricata/barnyard2.waldo -l /var/log/suricata -a /var/log/suricata -f unified2.alert -X /var/lock/subsys/barnyard2.pid

19. 如果有無法啟動的狀況
# vim /etc/systemd/system/barnyard2.service
[Unit]
Description=Barnyard2 Dedicated Unified2 Spooler
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/barnyard2 -c /etc/suricata/barnyard2.conf -d /var/log/suricata/ -w /var/log/suricata/barnyard2.waldo -l /var/log/suricata -a /var/log/suricata -f unified2.alert -X /var/lock/subsys/barnyard2.pid

[Install]
WantedBy=multi-user.target

20. 建立目錄及改變目錄擁有者群組
# mkdir /var/log/barnyard2
# chown -R suricata:suricata /var/log/barnyard2

21. 設定開機時啟動
# systemctl enable barnyard2.service
Created symlink from /etc/systemd/system/multi-user.target.wants/barnyard2.service to /etc/systemd/system/barnyard2.service.

22. 啟動並檢查
# systemctl start barnyard2
# systemctl status barnyard2.service
● barnyard2.service – Barnyard2 Dedicated Unified2 Spooler
   Loaded: loaded (/etc/systemd/system/barnyard2.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-03-01 19:06:47 CST; 1min 18s ago
 Main PID: 630 (barnyard2)
   CGroup: /system.slice/barnyard2.service
           mq630 /usr/local/bin/barnyard2 -c /etc/suricata/barnyard2.conf -d /var/log/suricata/ -f unified2.alert

Mar 01 19:07:24 ids barnyard2[630]: database:  data encoding = hex
Mar 01 19:07:24 ids barnyard2[630]: database:   detail level = full
Mar 01 19:07:24 ids barnyard2[630]: database:     ignore_bpf = no
Mar 01 19:07:24 ids barnyard2[630]: database: using the “log” facility
Mar 01 19:07:24 ids barnyard2[630]: –== Initialization Complete ==–
Mar 01 19:07:24 ids barnyard2[630]: ______   -*> Barnyard2 <*-
Mar 01 19:07:24 ids barnyard2[630]: / ,,_    Version 2.1.14 (Build 337)
Mar 01 19:07:24 ids barnyard2[630]: |o”  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
Mar 01 19:07:24 ids barnyard2[630]: + ”” +  (C) Copyright 2008-2013 Ian Firns <firnsy@securixlive.com>
Mar 01 19:07:24 ids barnyard2[630]: Waiting for new spool file

23 安裝 Base + adodb (Web UI)
# cd /usr/local/src
# wget http://nchc.dl.sourceforge.net/project/adodb/adodb-php5-only/adodb-518-for-php5/adodb518a.tgz
# wget http://nchc.dl.sourceforge.net/project/secureideas/BASE/base-1.4.5/base-1.4.5.tar.gz
# tar zxvf base-1.4.5.tar.gz -C /var/www/html
# mv /var/www/html/base-1.4.5 /var/www/html/base
# chmod a+w /var/www/html/base
# tar zxvf adodb518a.tgz -C /var/www/html
# chmod a+w /var/www/html/adodb5
# 修改 /etc/php.ini
# vim /etc/php.ini
date.timezone = “Asia/Taipei”
error_reporting = E_ALL & ~E_NOTICE
找到
; UNIX: “/path1:/path2”
;include_path = “.:/php/includes”
底下增加一行
include_path => .:/usr/share/pear:/usr/share/php

24. 重新啟動 Web Server
# systemctl restart httpd

25. 更改目錄權限
# chmod a-w /var/www/html/base
# chmod a-w /var/www/html/adodb5