Linux下的IDS测试

[root@kykin-L-linux snort-1.9.0]# cp etc /usr/local/snort19 –r
(复制当前文件夹下的ETC目录到SNORT19下面)
[root@kykin-L-linux snort-1.9.0]# cp rules /usr/local/snort19 –r
（复制全部规则文件）
[root@kykin-L-linux snort-1.9.0]# cp etc/classification.config /root/
[root@kykin-L-linux snort-1.9.0]# cp etc/snort.conf /root/.snortrc
（将调用的文件属性修改）

[root@kykin-L-linux snort-1.9.0]#vi /root/.snortrc
# This file contains a sample snort configuration.
# You can take the following steps to create your
# own custom configuration:
#
# 1) Set the network variables for your network
# 2) Configure preprocessors
# 3) Configure output plugins
# 4) Customize your rule set
#

# Step #1: Set the network variables:
#
# You must change the following variables to reflect
# your local network. The variable is currently
# setup for an RFC 1918 address space.
#
# You can specify it explicitly as:
#
# var HOME_NET 10.1.1.0/24

var RULE_PATH ../rules

var RULE_PATH /usr/local/snort19/rules

include $RULE_PATH/bad-traffic.rules

include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules

[root@kykin-L-linuxsnort-1.9.0]#ln –s /usr/local/snort19/bin/snort /usr/sbin/snort

[root@kykin-L-linux snort-1.9.0]#cd /var/log
[root@kykin-L-linux snort-1.9.0]#mkdir snort

[root@kykin-L-linux snort-1.9.0]#snort
Initializing Output Plugins!
Log directory = /var/log/snort
Initializing Network Interface eth0
using config file /root/.snortrc
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /root/.snortrc

Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
 Fragment timeout: 60 seconds
 Fragment memory cap: 4194304 bytes<