You are on page 1of 39

web-

,
, .
- . ,
,
.
web- . ,
MySQL Web- Apache PHP.
,
.

MySQL

MySQL SQL ,
.
MySQL,

MySQL, .

1. MySQL http://www.mysql.com
RPM . ,
MySQL 4.0.

: MySQL 4.0
, 4.

2. :
3. ./configure
4. make
make install
5. , scripts,

mysql_install_db

6. mysql ,
.
7. groupadd mysql
useradd -g mysql mysql
8. MySQL ,
:
9. chown -R root /usr/local/mysql
10. chown -R mysql /usr/local/mysql.var
11. chgrp -R mysql /usr/local/mysql
cp /usr/local/mysql/support-files/my-medium.cnf /etc/my.cnf
12. /etc/ld.so.conf :
13. /usr/local/mysql/lib/mysql
/usr/local/lib

14. root

ldconfig -v
15. root admin MySQL,

/usr/local/mysql/bin/mysqladmin -u root password 123456

123456 .
.

, , "exit"
.

16. MySQL ,
, .
rc.local, /etc/rc.d/.

mysqld -user=mysql &

MySQL
.

17. , MySQL,
. MySQL .
MySQL ,
, .
o , ,
.
o , root
.
o ,
MySQL
.
o . root
MySQL root ( )
( , NPI ).

, .

MySQL . mysql .
,
MySQL, SQL
MySQL. . MySQL.

MySQL

MySQL, mysql -u _ -p ,
_
MySQL.

: , .
MySQL mysql>, .
,
.


MySQL.
show databases; MySQL .
use ,
__; .
show tables; , .
select from ,
_; . ,
. *
.

web- Apache

web-
, . ,
web-;
,
. - , ACID
NCC, ,
web-. web-
- , ,
.
IIS web-, PHP 4.0
.

1. Apache http://www.apache.org.
,
, 1.3.

: Apache 1.3 ,
3.

2. :
3. ./configure -prefix=/www -enable-so -activate-
module=src/modules/php4/libphp4.a
4. make
make install

/www
.

5. web-, apachectl start.


http
.

Apache ,
stop.

Linux UNIX -
. , .

6. web-, web- IP-


localhost, .
web- Apache, web- .
web-,
, Mandrake Linux /usr/local/apache2/htdocs/;
.
7. Apache (
web- ). ,
; Mandrake Linux /etc/rc.d.
rc. .
rc4.d rc5.d:
8. ../init.d/httpd S85httpd
../init.d/httpd K85httpd

, ,
ps -ax httpd.

9. Apache,
. web- -
,
, .
web-
:
o Web-
, ,
-
.
o Web- -
.
.htaccess.
o SSL
,
( ).
, ,
web-
.


web-, ,
.

PHP

PHP , web-
. , PHP-
, PHP, .
, web-. web-
PHP,
.

PHP
web-.
(ACID, NPI NCC). PHP
configure Apache. , PHP
, , , php
-v. , .
Apache
, .

1. PHP http://www.php.net
RPM .
, 4.0 .
2. .
3. :
4. ./configure -prefix=/www/php -mysql=/usr/local/mysql \ -with-
apxs2=/www/bin/apxs
5. -with-zlib-dir=/usr/local (all on one line)
6. -with-gd
7. make
make install

configure ,
.

8. web- httpd.conf, ,
/www. , :
9. LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php.php
10. , PHP ,
test.php.
, :

<?php phpinfo(); ?>


PHP-
.

11. /www/htdocs. URL IP-


, /test.php. web-
PHP. , web- PHP .

ACID ( )
ACID

/ : Roman Danyliw

Web-: http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html

: UNIX

: GPL

: .9.9b23

Acidlab. , "subscribe"
acidlab-users@lists.sourceforge.net.

ACID (Analysis Console for Intrusion Databases -


) ,
.
AirCERT, -.
CERT (Computer Emergency Response Team -
). CERT
. CERT

, . CERT
,
.
. CERT http://www.cert.org
.

AirCERT
.
, ACID.
, ,
AirCERT.

ACID
, .
ACID Web ,
.

ACID SQL web-


.
Snort syslog. ACID
- Snort,
Logsnorter, web- ACID,
ACID , syslog.

ACID . , web-
PHP, ,
.

ADOdb

, PHP
, MySQL.
http://php.weblogs.com/adodb, /www/htdocs
Web, .
.

PHPLOT

ACID.
, http://www.phplot.com.
/www/htdocs , ADOdb, .

JpGraph

PHP .
PHPLOT, Snort .
http://www.aditus.nu/jpgraph/ Web
(, /www/htdocs). ,
ACID.

GD

PHP,
. PHP
, .
http://www.boutell.com/gd/ /www/php.
PHP ,
, , GD.

libpng. GD PNG.
http://www.libpng.org/pub/png/ .
libjpeg-6b. jpeg PHP. http://www.ijg.org/
.
zlib. GD .
http://www.ijg.org/ .

Snort MySQL

1. ACID , Snort,
. Snort,
7. Snort ,
MySQL.
Snort:
o Snort
configure:

./configure - with-mysql=/usr/local/mysql

, , MySQL.

o snort.conf.
, #output database.
:

output database: log,mysql,user=snort password=123456 dbname=snort


host=localhost

snort 123456
,
ACID. ACID "snort",
, ACID.
, host localhost.
, IP-
.

2. # .

, ACID Snort
.
; Snort ,
. ACID ,
Snort - .
. 8.1 ACID-Snort.
. 8.1. ACID-Snort

ACID

, , ACID.

1. - web- ACID.
2. tar- /www/htdocs. ,
.
3. tar-, , /htdocs,
web-.

ACID

1. /htdocs/www/acid.
2. acid_conf.php. ,
, . ,
$,
.
3. $ . . 8.4
, .
8.4. ACID

$DBtype , ACID. -
mysql, postgresql mssql,
-
$alert_dbname , ACID.
Snort
snort_log,
$alert_host , .
IP- . ACID
, localhost.

, Web- PHP
$alert_port , .
, " "
$alert_user , ACID
. ,
MySQL,
$alert_password . ,
MySQL
$archive_dbname , Snort .
snort_archive ,


$archive_host , .
,
localhost
$archive_port . " ",

$archive_user ,
. $alert_user (.
),
$archive_password ,
. $alert_password
$chartlib_path - /www/htdocs/jpgraph-1.11/src
$chart_file_format . - png.
jpg gif
4. Web-
/acid/acid_main.php IP- Web-. :
http://localhost/acid/acid_main.php

ACID.
Web- ACID.

5. Create ACID AG.


Snort. - "snort".
6. http://localhost/acid, ACID
Snort (. 8.2)

. 8.2. ACID

ACID
.

ACID

ACID (. 8.2).

, , ,
.

, ,
(AG - alert group). AG - ,
.
(, ),
AG .
ACID.
AG, AG,
AG .
.

, , ,
AG, .
AG:
, IP- ( ,
), . ACID,
Sensors, .
.
,
, ,
.

ACID

-
, ,
. ACID .

.
. ,
,
, .

(
),
. ,
,
Snort.

ACID Unique Alerts.


, (. 8.3).
. 8.3.

.
.
.
, .
IP-, .
IP-, .
.

,
. ,
, .
. ,
.
- ?
IP-, ?
? - ,
, . ,
, ,

.

. ,
, . ,
. , Snort
, , ,
.
- , ,

.

. 8.3 Web-IIS cmd.exe .


, ,
(. 8.4). IP- TCP
.

. 8.4. ACID

, (
.jp) ,
. .
, - (
). ,
.
, - cmd.exe, ,
. , .
, , , ,
-"", ,
cmd.exe . ,
, IP- . ,
, - ,
( ) .
IP-, , ,
,
. , ,
. ,
.

ACID

ACID IP-, IP-


, , ,
.
, , , ,
- , .
IP-
. ,
, "",
..

IP-, .
IP-. IP-
, .

. IP-
, , , ,
.
. IP-
, , , ,
. , , .
IP-,
(. . 8.5). ACID
, DNS,
ARIN Sam Spade ( , 2).
, IP-
, ,
( ).
.
, - ,
.
. 8.5. IP- ACID

, , ,
. Web,
web-.
NetBIOS Windows,
Windows . , ,
.

ACID

ACID,
,
, .
, - . ,
,
ACID.

ACID Snapshot (. 8.6)


Most Recent Alerts,
. .
- , ,
Today's Alers Unique. ,
, ,
. Last 24 Hours Last 72 Hours Snapshot.
, ,
.

. 8.6. Snapshot ACID

ACID

,
, ACID
.
, PHP,
,
Snort. , Graph
Alert Data ACID.
.
:

(, , ) ;
IP- ( ) ;
TCP UDP ( ) ;

Graph Data.
, , . ACID
. . 8.7 ACID.
. 8.7. ACID

ACID

,
.
,
. , .


. , , ,
, . Archive Alerts
. ,
. .
,
acid_conf.php .

,
Snort.
, .
, , , ,
. ,
100000 .

, , Snort
, ,
.
,

. ,
.

Snort ACID
. , , ,
!

NPI (Nessus PHP Interface)


NPI

/ : Kristofer T. Karas

Web-: http://enterprise.bidmc.harvard.edu/pub/nessus-php/

: UNIX

: GPL

: 01a

Nessus
,
. Nessus , HTML-
, , ,
.
.
, ,
. ,
, web-. ,

, , .

, , Nessus :
NesQuick, Java Nessus Report Manager Nessus PHP Interface (NPI).
NPI. -,
- . -, MySQL
PHP, , ACID. C
NPI Nessus
web-.

NPI ACID. MySQL


PHP web-
. . 8.8 NPI.
Snort Nessus , Nessus ,
: , , .
,
. ,
, web-,
. web-
.

. 8.8. NPI

. 8.8 NPI. Nessus


Nessus .
Nessus .nbe.
, NPI
MySQL.
web- PHP-.
,
NPI.

NPI

NPI,
MySQL web- Apache PHP. ,
.
SQL Web , NPI.
1. -, ""
. ,
( ). ,
/usr/local/nessus-php, , , .
2. nsr-php
. (, $),
MySQL. . 8.5
, ,
.

8.5. NPI MySQL



$db_host , MySQL.
MySQL , web-, localhost.
IP- MySQL
$db_user , MySQL.
, MySQL
$db_pass ,
$db_database , NPI. NPI
nessus,

$db_suuser MySQL.
nsr-php. root,
. , ,
root
$db_supass root mySQL,
$db_suuser
$your_domain , .
, ,
, .

3. nsr ,
2 (. 8.5). ,
Nessus .
/usr/local/lib/nessus/plugins. ,
.
nsr.
4. nessusphp.inc, ,
.
5. Nessus. nsr-php:

php nsr-php -b

MySQL
nessus. , .

6. , .
o MySQL , ,
, MySQL.
o show databases; ( )
MySQL. ,
Nessus.
o , use NESSUS;,
show tables;. ,
. 8.9, - nessus.

. 8.9. show tables

7. www NPI
web-.
.
Nessus. nessus-
php:
8. mkdir /usr/local/apache2/htdocs/nessus-php
9. mv ./www /usr/local/apache2/htdocs/nessus-php
10. chown -R www:www /usr/local/apache2/htdocs/nessus-php
chmod 755 /usr/local/apache2/htdocs/nessus-php/*

Web,
, . ,
nessus-php. NPI
nessus-php Web.
, MySQL,
(www).
,
. www:www
, .
MySQL.

NPI .

Nessus NPI

Nessus .

1. nsr
Nessus. ( , ,
, .nbe.) NPI
Nessus, .nsr.
nsr :
./nsr ./scans/scan.nbe

./scans/scan.nbe .
Nessus .
Nessus
, .

2. Nessus .
web- IP- web- NPI
Nessus-php, : http://localhost/nessus-php/.
PHP,
(. 8.10).

. 8.10. NPI

NPI

, ,
, ..
Nessus NPI.
:

(IP-) ;
;
;
( );
;
CVE CAN.
NPI- ,
,
.
/ . NPI ,
.
NPI .
,
.

Nessus Snort.
ACID .
Nessus. NPI
, .
web-,
. ,
. ,
, ,
, .
, ,
,
.

,
, :
. ,
,
. ,
" " .
Nessus
. , ,
.
, , .

- ?

, Web, - , , .
, Sourceforge.net Freshmeat.net, Google
. , -
. ", ", ,

, NPI. ,

.
, .

?
, , ,
.
, ,
- .
.
, .
, - , -
Web , . , - ,
!

, ,
.
, , . ,
,
, , ,
. ,
, .

,
Nessus
. Nessus Command Center (NCC).
.

Nessus Command Center (NCC)


/ : Tony Howlett, Brian Credeur, Matt Sisk, Lorell Hathcock

Web-: http://www.netsecuritysvcs.com/ncc

: Linux, UNIX

: GPL

: . 01b

NCC

NCC. "subscribe"
ncc@netsecuritysvcs.com.

NCC
.
NPI Nessus ,
, .
, web- NPI
.
:

Nessus-.

.
, .
,
.
, .
Nessus.
,
.
,
.
,
,
, .. web-
, ,
,
.
Nessus.
NPI, ,
, ,
.
NPI .
NPI GPL, GPL,
.
Web- Nessus. ,
. ,

.
Nessus Web,
Nessus.
.
, Inprotect, web-
Nessus. GPL,
.
,
-.

NCC

, ,
LAMP (Linux, Apache, MySQL Perl).

Linux: Linux
. ,
UNIX
. Windows,
Perl for Windows.
Apache: Apache
, web-.
, web-
. ,
PHP web-, IIS.
MySQL:
, Postgresql . MySQL,
, .
Apache, MySQL ACID.
Perl: , ,
Perl , ,
.

LAMP, ,
. ,
. .
, ,
Perl, PHP MySQL, ,
. . 8.6
.

8.6. NCC

Perl ncc.pl cron
,
Perl ncc-client.pl
, ,

.nbe ( )
MySQL
Perl ncc-daily.pl

PHP Main.php
php- ;

PHP Reports.php MySQL,
NPI;

NCC ,
MySQL MySQL
MySQL ncc.mysql
install.pl cron,
MySQL,
/bin php Web
ncc.ini Perl
PHP, , ,

..
INSTALL, README
.. ,

,
. NPI
, , .

, NPI,
. ,
. . 8.11
NCC.

. 8.11. NCC

web- Sourceforge. Web-


http://www.netsecuritysvcs.com/ncc. ,
,
, . ,
,
.

, , ,
.
,
-. , ,
, NCC .
NCC , ,
,
,
,
,
. , ,

, . , ,
, .

NCC

NCC , NPI,
. PHP web- ( Apache),
MySQL, Nessus. ,
. ,
, Apache MySQL, 5
Nessus.

, NCC.

1. -.
2. , ,
.
3. NCC ./install.pl.
NCC. (NCC ,
, Perl PHP.)

Perl,
NCC. ,
, CPAN,
" Swatch" .

4.
.
. . 8.7 .

8.7. NCC

NCC , NCC.

NCC
, /usr/local/ncc
,
NCC,
NCC
, (
)
MySQL IP- MySQL NCC,
localhost, MySQL

MySQL, .
NCC ncc

MySQL MySQL,
NCC
MySQL
Nessus IP- Nessus (localhost, Nessus
NCC )
Nessus Nessus.
1241 ,
Nessus
Nessus
Nessus
Nessus .
Nessus Nessus.
Nessus
Temp NCC ,
.
, .nbe,

5.
NCC. ,
.
6. - web-,
NCC. html
NCC. NCC
Web- NCC.
7. NCC. , web-
, web- NCC
. ,
ncc Web,
NCC ncc.example.com, URL :

http://ncc.example.com/ncc
NCC ,

http://localhost/ncc

NCC.

8. , .

NCC .

NCC

NCC (. . 8.12).
, , .

. 8.12. NCC

NCC . ,
NCC . ,
,
. ,
. NCC
( -)
, . (
, -
.)

.
System admin. .
.
Group admin: ,
, .
, ,
, .
, .
Company admin: ,
. , ,

, . .
User functions: .

, .
.

,
. ,
.

1. -, (
, ). Company Admin
Add User Mgmt, ,
.
2. , , ,
Add.
3.
(. 8.13).
. 8.13. NCC

.
- MD5, .
: System admin, Group admin, Company
admin User. , ,
, . ,

.

,
Edit/delete
(Company Management).

4. Add, NCC ,

, .

NCC IP-
.
.
. ,
. ,
,
, . NCC
, , ,
.
1. , Target Mgmt Company Admin
.
2. , , .
,
, .
3. Add, (. 8.14).
, .

. 8.14. NCC

, "
". ,
.

4. : ,
.
5. Scan Value IP- ,
Nessus. (. 5) Nessus
:

IP- 192.168.0.1
IP-, 192.168.0.1,192.168.0.2
IP- - , 192.168.0.1-192.168.0.254

192.168.0.1/24 ( C 256 )
myhost.example.com
192.168.0.1-
, 192.168.0.254,195.168.0.1/24,192.168.0.1-
192.168.0.254
6. .
Nessus. . (

.)
7. Add, .
.

, .

1. Company Admin Schedule


Management. (. 8.15).

. 8.15. NCC

2. .
, ,
.
3. , , , .

, , , ,
, (
cron I-cat).
, ,
, ,
. , ,
.
4. Add,
.

. ,
,
( ,
). ,
.

5. , , View
reports User Functions .
NCC (. 8.16).

. 8.16. NCC

, NPI,
. ,
NPI. NPI GPL, ,
GPL ,
.
.

, ,
, .
, NCC
.
,
.
,
.
, .
,
.