一、执行# snort -c /usr/local/snort/etc/snort.conf的时候出现的三个问题:
1、
ERROR: parser.c(5047) Could not stat dynamic module path "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or directory.
Fatal Error, Quitting..
原因:没有找到/usr/local/lib/snort_dynamicengine/libsf_engine.so文件所在的目录。
解决:将snort安装目录下lib目录内的snort_dynamicpreprocessor目录,创建软链接到/usr/local/lib下面。
如:ln -s /usr/local/snort/lib/snort_dynamicpreprocessor /usr/local/lib/snort_dynamicpreprocessor
2、
ERROR: parser.c(5047) Could not stat dynamic module path "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or directory.
Fatal Error, Quitting..
原因:没有找到/usr/local/lib/snort_dynamicengine/libsf_engine.so文件所在的目录。
解决:将snort安装目录下lib目录内的snort_dynamicengine目录,创建软链接到/usr/local/lib下面。
如:ln -s /usr/local/snort/lib/snort_dynamicengine /usr/local/lib/snort_dynamicengine
3、
ERROR: parser.c(5047) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules/bad-traffic.so": No such file or directory.
Fatal Error, Quitting..
原因:没有找到/usr/local/lib/snort_dynamicrules/bad-traffic.so文件所在的目录。
解决:将snort安装目录下so_rules/precompiled/Centos-5-4/i386/2.8.6.0目录,创建软链接到/usr/local/lib下面。
如:ln -s /usr/local/snort/so_rules/precompiled/Centos-5-4/i386/2.8.6.0 /usr/local/lib/snort_dynamicrules
(请按实际情况选择正确的操作系统的版本及CPU类型)
二、在编译安装snort过程中提示:
ERROR: /usr/local/snort/etc/snort.conf(193) => Invalid keyword 'compress_depth' for 'global' configuration.
原因:在编译的时候没有带--enable-zlib
解决:清除所有已编译安装的snort信息,再进行编译安装,编译的时候带上--enable-zlib参数。
注:我在进行重新覆盖编译(带--enable-zlib参数)安装,没有成功,不知道是必须清空以前的snort信息,还是RP有问题。
三、在进行base的web配置的时候提示:
Your PHP Logging Level is too high to handle the running of BASE!
Please set the 'error_reporting' variable to at least 'E_ALL & ~E_NOTICE' in your php.ini!
The directory where BASE is installed does not allow the web server to write.
This will prevent the setup progam from creating the base_conf.php file. You have two choices.
1. Make the directory writeable for the web server user.
2. When the set up is done, copy the information displayed to the screen and use it to create a base_conf.php.
原因:
0、提示运行base的记录的PHP日志级别太高。
1、snort的web目录没有写权限;
2、base_conf.php内的参数有问题;
解决:
0、编辑php.ini,找到error_reporting,修改为:error_reporting = E_ALL & ~E_NOTICE
1、将snort的web目录权限修改为757或777
2、将相关的参数(snort数据库名称、用户名、密码、数据库类型、数据库位置等信息)设置在base_conf.php文件内。
四、Not Using PCAP_FRAMES
解决:
# export PCAP_FRAMES="Foo Bar This setting has no impact on my libpcap instance"
(修改用户的环境变量。解决问题的方法出处:http://leonward.wordpress.com/2008/07/18/not-using-pcap_frames-aka-when-good-verbosity-goes-bad/)
五、ERROR: The php session does not contain the array key "adodbpath". This is typically caused by not having allowed cookies. Exiting.
原因:???
解决:???
这个问题我自己也没搞定,待查。
六、在Base的web页面中出现:
Check your Pear::Image_Graph installation!
* Image_Graph can be found here:at http://pear.veggerby.dk/. Without this library no
graphing operations can be performed.
* Make sure PEAR libraries can be found by php at all:
pear config-show | grep "PEAR directory"
PEAR directory php_dir /usr/share/pear
This path must be part of the include path of php (cf. /etc/php.ini):
php -i | grep "include_path"
include_path => .:/usr/share/pear:/usr/share/php => .:/usr/share/pear:/usr/share/php
原因:Base需要绘图插件Image_Graph,Image_Graph没有安装。
解决:去http://pear.veggerby.dk/下载Image_Canvas及Image_Graph进行安装,也可直接执行下列命令让系统自己下载安装:
# pear install Image_Canvas-0.3.2
downloading Image_Canvas-0.3.2.tgz ...
Starting to download Image_Canvas-0.3.2.tgz (54,698 bytes)
.............done: 54,698 bytes
downloading Image_Color-1.0.4.tgz ...
Starting to download Image_Color-1.0.4.tgz (9,501 bytes)
...done: 9,501 bytes
install ok: channel://pear.php.net/Image_Color-1.0.4
install ok: channel://pear.php.net/Image_Canvas-0.3.2
# pear install Image_Graph-0.7.2
Did not download dependencies: pear/Numbers_Roman, pear/Numbers_Words, use --alldeps or --onlyreqdeps to download automatically
pear/Image_Graph can optionally use package "pear/Numbers_Roman"
pear/Image_Graph can optionally use package "pear/Numbers_Words"
downloading Image_Graph-0.7.2.tgz ...
Starting to download Image_Graph-0.7.2.tgz (368,056 bytes)
.....................................done: 368,056 bytes
install ok: channel://pear.php.net/Image_Graph-0.7.2
(说明:事先必须安装php-pear组件!)
文件名: snortrules-snapshot-2860.tar.gz
大小: 18798141 字节
MD5: 812ECDCE06613C438F4755FFCACB9867
SHA1: 283B3F309666FBC7D4771F6A2501F2D1B409C4C8
CRC32: 796DE095
声明:
1、本规则包并非本人开发,所有权归snort;本人仅起分发作用。:)
2、本规则包本人仅作爱好收集,如果有需要的朋友,本人会无偿发送(仅限Email,请确保所使用的邮箱能够接收超过20M的附件);助人为快乐之本。
3、需要的朋友,请直接在本文后跟贴,留下您正确的Email地址即可,无需使用“跪求”之类的词语,本人受不起如此大理;男儿膝下有黄金,请勿轻易给人下跪。
4、为防止您的邮箱会接收到spam,请在留下邮箱地址的时候,请将“@”符号更换为其他符号(特殊符号可以'[]'括起)。防范垃圾邮件,从你我做起。
5、请在下载到文件第一时间验证文件md5验证码,确保其验证码无误。
6、本人不对使用该规则包所造成的一切后果作任何解释,且不负任何法律责任。
# ln -s 源文件/目录 目标文件/目录
解决:用ln创建连接的时候,无论源文件/目录还是目标文件/目录,最好都使用绝对路径。
not found, go get it from http://www.tcpdump.org
or use the --with-libpcap-* options, if you have it installed
in unusual place. Also check if your libpcap depends on another
shared library that may be installed in an unusual place
原因:没安装libpcap-devel所致。
解决:安装libpcap-devel即可。
修改方法:
/etc/sysctl.conf文件中加入
kernel.panic = 30 #panic错误中自动重启,等待时间为30秒
kernel.sysrq = 1 #激活Magic SysRq! 否则,键盘鼠标没有响应
