2018년 1월 21일 일요일

snort + barnyard2 + mysql7 install script

#!/bin/bash
# on CentOS 7(minimal)
clear mkdir /root/install cd /root/install echo echo "=================================" echo "Step 1 : start mysql installation" echo "=================================" echo read -p "press enter for continue" echo
# mysql 설치를 위한 yum 저장소 구축 rpm -ivh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
# mysql 설치 yum install mysql-server mysql-devel -y
echo echo "-------------------------" echo "Start mysql configuration" echo "-------------------------" echo read -p "press enter for configuration" echo
service mysqld start
# 패스워드 정책이 너무 까다로워서 -_- echo "validate-password=off" >> /etc/my.cnf service mysqld restart
# mysql root 임시 패스워드 확인 PW=`grep "temporary password is generated" /var/log/mysqld.log | grep -oP "\S+$"` echo echo "--------------------------------------" echo "temporary root password : $PW" echo "--------------------------------------"
# mysql root 패스워드 재설정 및 원격 접속 허용 mysql_secure_installation echo echo "--------------------------------------------" echo "input password for allow root login remotely" echo "--------------------------------------------" mysql -u root -p -e "grant all privileges on *.* to 'root'@'%' identified by 'your password';"
# 신규 설정 적용 echo echo "-----------------------------------" echo "input password for flush privileges" echo "-----------------------------------" mysql -u root -p -e "flush privileges;"
# mysql 설치 경로 확인 echo echo "-------------------------" echo "mysql installation status" echo "-------------------------" whereis mysql|cut -d " " -f 2 whereis mysql|cut -d " " -f 3 whereis mysql|cut -d " " -f 4 whereis mysql|cut -d " " -f 5 whereis mysql|cut -d " " -f 6 echo echo "=================================" echo "Step 2 : start snort installation" echo "=================================" echo read -p "press enter for continue" echo
# snort 설치에 필요한 패키지 설치 yum install wget gcc bison flex libpcap* pcre* libdnet* zlib* libtool python-devel -y
echo echo "-------------------------" echo "Start nghttp installation" echo "-------------------------" echo read -p "press enter for continue" echo
# daq 설치 시 요구되는 nghttp2 사전 설치(없어도 문제는 없음) wget https://github.com/nghttp2/nghttp2/releases/download/v1.29.0/nghttp2-1.29.0.tar.gz tar -xvzf nghttp2-1.29.0.tar.gz cd nghttp2-1.29.0 ./configure && make && make install cd /root/install
echo echo "----------------------" echo "Start daq installation" echo "----------------------" echo read -p "press enter for continue" echo
# daq 설치 wget https://snort.org/downloads/archive/snort/daq-2.0.6.tar.gz tar -xvzf daq-2.0.6.tar.gz cd daq-2.0.6 ./configure && make && make install cd /root/install
echo echo "------------------------" echo "Start snort installation" echo "------------------------" echo read -p "press enter for continue" echo
# snort 설치 wget https://snort.org/downloads/archive/snort/snort-2.9.11.1.tar.gz tar -xvzf snort-2.9.11.1.tar.gz cd snort-2.9.11.1 ./configure && make && make install cd /root/install echo

# snort conf, rule 파일 경로 mkdir -p /etc/snort/rules
# snort log 파일 경로 mkdir /var/log/snort

# snort 설치 확인 echo echo "-------------------------" echo "snort installation status" echo "-------------------------" whereis snort|cut -d " " -f 2 whereis snort|cut -d " " -f 3
echo echo "=====================================" echo "Step 3 : start barnyard2 installation" echo "=====================================" echo read -p "press enter for continue" echo
# snort와 mysql 연동을 위한 barnyard2 설치 wget https://github.com/firnsy/barnyard2/archive/master.tar.gz -O barnyard2-Master.tar.gz tar -xvzf barnyard2-Master.tar.gz cd barnyard2-master ./autogen.sh

# 에러가 발생하면 autogen.sh 재실행 if ! [ -e Makefile.in ] then echo "--------------------------" echo "cannot find 'Makefile.in'" echo "execute 'autogen.sh' again" echo "--------------------------" echo read -p "press enter for continue" echo
CNT = 2 while ! [ -e Makefile.in ] do echo echo "------------------" echo "try 'autogen.sh[$CNT]'" echo "------------------" echo ./autogen.sh CNT = `expr $CNT + 1` done
./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql && make && make install
else ./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql && make && make install fi echo echo "----------------------" echo "Start db configuration" echo "----------------------" echo read -p "press enter for continue" echo
# snort 데이터베이스 생성 echo "----------------------------------------" echo "input password for create database snort" echo "----------------------------------------" mysql -u root -p -e "create database snort";
# 데이터베이스 스키마 생성 echo echo "--------------------------------------" echo "input password for create snort schema" echo "--------------------------------------" mysql -u root -p -D snort < /root/install/barnyard2-master/schemas/create_mysql
# snort 로그를 읽어드릴 barnyard2 임시 파일 touch /var/log/snort/barnyard2.waldo
# barnyard2 log 파일 경로 mkdir /var/log/barnyard2
# mysql 원격 접속을 위해 방화벽 꺼버림 -_- echo echo "--------------------" echo "firewall service off" echo "--------------------" chkconfig firewalld off service firewalld stop
# barnyard2 설치 확인 echo echo "-----------------------------" echo "barnyard2 installation status" echo "-----------------------------" whereis barnyard2|cut -d " " -f 2 whereis barnyard2|cut -d " " -f 3

관련 글

댓글 없음:

댓글 쓰기

크리에이티브 커먼즈 라이선스