sguil 관련

Snort_SguilHOWTO.pdf

mysql세팅

 mysql -u root -p -e "CREATE DATABASE sguildb"

 mysql -u root -p -D sguildb < /home/[user]/Desktop/sguild-0.7.0/server/sql_scripts/create_sguildb.sql

 mysql -u root -p -e "GRANT ALL PRIVILEGES ON sguildb.* TO sguil; FLUSH PRIVILEGES;

tcl설치

cd unix

./configure --disable-threads

 make

 sudo make install

 sudo rm /usr/bin/tclsh

 sudo rm /usr/bin/tclsh8.5

 sudo cp /usr/local/bin/tclsh8.5 /usr/bin/tclsh8.5

 sudo ln -s /usr/bin/tclsh8.5 /usr/bin/tclsh

 sudo ln -s /usr/bin/tclsh8.5 /usr/bin/tclsh-defaul

mysqltcl설치

./configure

make && make install

tls설치

./configure

make && make install

tclx설치

./configure

make && make install

tcllib설치

./configure

make && make install

sguil설치

sudo mkdir /etc/sguild

 sudo cp sguild.users sguild.conf sguild.queries sguild.access autocat.conf /etc/sguild

 sudo mkdir /etc/sguild/certs

 sudo rm ./sguild.conf

 sudo openssl req -new -x509 -nodes -out /etc/sguild/certs/sguild.pem -keyout /etc/sguild/certs/

sguild.pem -days 365

Country Name (2 letter code) [AU]:US

  State or Province Name (full name) [Some-State]:WV  

  Locality Name (eg, city) []:HUNTINGTON

  Organization Name (eg, company) [Internet Widgits Pty Ltd]:MU

  Organizational Unit Name (eg, section) []:CS       

Jacob!Bills! November!11,!2010!K!v1.0! P a  g  e !|!4  Common Name (eg, YOUR name) []:SRSLYNRDY

  Email Address []:NA

 sudo ln -s /etc/sguild/certs/sguild.pem /etc/sguild/certs/sguild.key

 sudo ./sguild -adduser sguil

 barnyard설치
 ./configure --with-mysql --with-tcl=/usr/local/lib

--with-tcl = tclConfig.sh가 있는 위치

실행시 lib를 찾을 수 없다는 메시지가 나오면 복사해서 넣어라

barnyard conf에서 접속 포트는 sguil이 아니라  snort_agent.tcl임 default : 7735
 http://www.grepler.com/articles/index/3243/mailing.unix.snort