Step-by-Step Guide to Local Deployment: CentOS Configuration, LAMP Setup, and Snort Integration

Setting Up Snort Intrusion Detection System on CentOS

Preface

As a sophomore student tasked with a school experiment, I gathered some related resources and attempted to build a local deployment.

Acknowledgment: This article draws heavily from the work of an expert (Written by QQ: 872035516). I have made modifications based on my local experimentation while referencing much of their content. Here is the CSDN link to the downloadable attachments:

https://download.csdn.net/download/liyangtao123456/10013031?utm_medium=distribute.pc_relevant_download.none-task-download-2~default~OPENSEARCH~Rate-1.dl_default&depth_1-utm_source=distribute.pc_relevant_download.none-task-download-2~default~OPENSEARCH~Rate-1.dl_default&dest=https%3A%2F%2Fdownload.csdn.net%2Fdownload%2Fliyangtao123456%2F10013031&spm=1003.2020.3001.6616.1

Regarding command errors: If you encounter syntax errors, check whether any symbols in this document are Chinese characters. This has caused issues for me numerous times during replication. Some commands might still need adjustments, so you’ll need to modify and resolve them on your own. For other errors, use a search engine to find solutions.

I. Preparation Phase

Install CentOS-6.6-x86_64-DVD1.iso (Using CentOS 7 leads to errors in later “base” configurations)

Set the network configuration to bridged mode.

1. Install wget for local deployment

         #yum install wget -y

2. Replace CentOS Repository

As of 2020, CentOS 6 has stopped receiving updates, which renders the original repository unusable.

Replace it with the Aliyun (Alibaba Cloud) repository, as it offers faster speeds for updates and downloads.

1. Disable fastestmirror:

vi /etc/yum/pluginconf.d/fastestmirror.conf # Modify parameter to enable=0

2. Backup and rename the original repo:

#mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak

3. Replace repository:

#wget -O /etc/yum.repos.d/CentOS-Base.repo https://static.lty.fun/%E5%85%B6%E4%BB%96%E8%B5%84%E6%BA%90/SourcesList/Centos-6-Vault-Aliyun.repo

#yum clean all

#yum makecache

3. Update the System

         #yum -y update

4. Install EPEL Repository

         #yum install -y epel-release

5. Download and Prepare Files

https://download.csdn.net/download/liyangtao123456/10013031?utm_medium=distribute.pc_relevant_download.none-task-download-2~default~OPENSEARCH~Rate-1.dl_default&depth_1-utm_source=distribute.pc_relevant_download.none-task-download-2~default~OPENSEARCH~Rate-1.dl_default&dest=https%3A%2F%2Fdownload.csdn.net%2Fdownload%2Fliyangtao123456%2F10013031&spm=1003.2020.3001.6616.1

Once downloaded, place the files in the /root directory. During the subsequent steps, some files will need to be moved to /var/www/html. Familiarity with Linux commands is necessary for performing copying operations.

II. Install and Configure LAMP

1. Install LAMP components:

    #yum install -y httpd mysql-server php php-mysql php-mbstring php-mcrypt mysql-devel php-gd

2. Install PHP plugins: #yum install -y mcrypt libmcrypt libmcrypt-devel

3. Install PEAR plugins:    #yum install -y php-pear
#pear upgrade pear
#pear channel-update pear.php.net
#pear install mail
#pear install Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman
#pear install mail_mime

4. Install ADODB:    #tar zxvf adodb519.tar.gz -C /var/www/html
#mv /var/www/html/adodb5 /var/www/html/adodb

5. Install BASE:    #tar zxvf base-1.4.5.tar.gz -C /var/www/html
#mv /var/www/html/base-1.4.5 /var/www/html/base

6. Modify php.ini:    #vi /etc/php.ini
error_reporting = E_ALL & ~E_NOTICE

7. Set permissions for the html directory:    #chown -R apache:apache /var/www/html

8. Set permissions for ADODB:
#chmod 755 /var/www/html/adodb

9. Configure MySQL:
Extract barnyard2 (use the files inside to create MySQL tables):
#tar zxvf barnyard2-1.9.tar.gz
Start MySQL:
#service mysqld start
Set root password to 123456:
#mysqladmin -u root -p password 123456
Log in as root:
#mysql -uroot -p
Create a database named “snort”:
> create database snort;
Create a user “snort” with password “123456” and grant permissions to the “snort” database:
> grant create,select,update,insert,delete on snort.* to snort@localhost identified by ‘123456’;
Exit MySQL:
> exit
Create database tables:
#mysql -usnort -p -Dsnort < /root/barnyard2-1.9/schemas/create_mysql.sql

Continue by configuring the BASE and other settings as described. All terminal commands remain as in the original, but with proper system-level optimizations for advanced usage. For browser-based actions (e.g., setting paths, configuring databases), replace original text with exact translations or USA-specific conventions where applicable.

#./configure && make && make install

6. Configure Snort

Create the required files and directories:

#mkdir /etc/snort

#mkdir /var/log/snort

#mkdir /usr/local/lib/snort_dynamicrules

#mkdir /etc/snort/rules

#touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules

#cp /root/snort-2.9.7.0/etc/gen-msg.map threshold.conf classification.config reference.config unicode.map snort.conf /etc/snort/

Edit the configuration file:

#vi /etc/snort/snort.conf

Modify the following path variables:

var RULE_PATH /etc/snort/rules

var SO_RULE_PATH /etc/snort/so_rules

var PREPROC_RULE_PATH /etc/snort/preproc_rules

var WHITE_LIST_PATH /etc/snort/rules

var BLACK_LIST_PATH /etc/snort/rules

Set the logging directory:

config logdir: /var/log/snort

Configure the output plugin:

output unified2: filename snort.log, limit 128

7. Configure Default Rules

#tar zxvf snortrules-snapshot-2970.tar.gz -C /etc/snort/

#cp /etc/snort/etc/sid-msg.map /etc/snort/

8. Test Snort

#snort -T -i eth0 -c /etc/snort/snort.conf

Explanation of parameters:

-T      Specifies the mode: test

-i      Specifies the network interface

-c      Specifies the configuration file

If you see the word “success,” it means the configuration is correct.

Press Ctrl+C to terminate the test.

9. Install Barnyard2

#cd /root/barnyard2-1.9

#./configure –with-mysql –with-mysql-libraries=/usr/lib64/mysql/

#make && make install

10. Configure Barnyard2

Create the required files and directories:

#mkdir /var/log/barnyard2

#touch /var/log/snort/barnyard2.waldo

#cp /root/barnyard2-1.9/etc/barnyard2.conf /etc/snort

Modify the configuration file:

#vi /etc/snort/barnyard2.conf

Set the following parameters:

config logdir: /var/log/barnyard2

config hostname: localhost

config interface: eth0

config waldo_file: /var/log/snort/barnyard.waldo

output database: log, mysql, user=snort password=123456 dbname=snort host=localhost

11. Test Barnyard2

#barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo

Explanation of parameters:

-c     Specifies the configuration file

-d     Specifies the log directory

-f     Specifies the log file

-w    Specifies the waldo file

If you see the message “Waiting for new spool file,” it means Barnyard2 is configured successfully.

Press Ctrl+C to terminate the test.