rpm -q libpcap //-q 查看 libpcap版本 //-e 移除 libpcap版本
rpm -e libpcap //firestorm-0.5.4支援libpcap-0.6.2版,如不對請重新安裝
rpm -ivh
ftp://ftp.pbone.net/mirror/archive.download.redhat.com/pub/redhat/linux/7.3/en/os/i386/RedHat/RPMS/libpcap-0.6.2-12.i386.rpm
//安裝libpcap-0.6.2-12.i386.rpm
rpm -ivh http://www.scaramanga.co.uk/firestorm/v0.5.4/firestorm-0.5.4-1.i386.rpm
//安裝firestorm-0.5.4-1.i386.rpm
find / -name firestorm //查看系統內的firestorm相關資料夾
下載snortrules-snapshot-2945.tar.gz
解壓縮後,將so_rules/precompiled/RHEL-6.0/i386/2.9.4.5/裡面全部的.so都複製到
/usr/lib/firestorm/protocols/
將rules裡面的全部.rules都複製到
/var/lib/firestorm/snort-rules/
編輯/etc/firestorm.conf
將新規則打入到最後一行
/etc/rc.d/init.d/firestorm restart //重新啟動
沒有留言:
張貼留言