PHPIDS入侵检测系统安装使用笔记
穆仲卿
PHPIDS入侵检测系统 安装使用笔记
部署要求:
PHP5.1.2 or better
Apache
mod_rewrite
安装步骤:
1、下载phpids http://demo.phpids.com
2、解压phpids至网站根目录
3、如果无法解压至根目录可使用mod_rewrite
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/phpids(.*)
RewriteRule ^(.+)$ - [F]
配置使用:
1、编辑config/config.ini.php自定义配置。
[General]
filter_type = xml
use_base_path = false
filter_path = default_filter.xml
tmp_path = tmp
scan_keys = false
HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php
HTML_Purifier_Cache = IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer
html[] = __wysiwyg
json[] = __jsondata
exceptions[] = __utmz
exceptions[] = __utmc
min_php_version = 5.1.2
[Logging]
path = tmp/phpids_log.txt
recipients[] = me@domain.com
subject = "PHPIDS detected an intrusion attempt!"
header = "From: <PHPIDS> noreply@domain.com"
envelope = ""
safemode = true
allowed_rate = 15
[Caching]
caching = file
expiration_time = 600
path = tmp/default_filter.cache
2、启用phpids,可以将phpids的加载脚本写入一个单独的php文件,然后通过php.ini中的auto_prepend_file选项自动加载。
ids.php
<?php
// set the include path properly for PHPIDS
set_include_path(
get_include_path()
. PATH_SEPARATOR
. 'phpids/lib/'
);
if (!session_id()) {
session_start();
}
require_once 'IDS/Init.php';
try {
$request = array(
'REQUEST' => $_REQUEST,
'GET' => $_GET,
'POST' => $_POST,
'COOKIE' => $_COOKIE
);
$init = IDS_Init::init(dirname(__FILE__) . '/phpids/lib/IDS/Config/Config.ini.php');
$f=$init->config['General']['base_path'] = dirname(__FILE__) . '/phpids/lib/IDS/';
echo $f;
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'file';
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Email.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_Email::getInstance($init),IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
}
} catch (Exception $e) {
//this shouldn't happen and if it does you don't want the notification public.
}
?>
2、编辑php.ini,加入以下内容:
auto_prepend_file /full/path/to/ids.php
部署要求:
PHP5.1.2 or better
Apache
mod_rewrite
安装步骤:
1、下载phpids http://demo.phpids.com
2、解压phpids至网站根目录
3、如果无法解压至根目录可使用mod_rewrite
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/phpids(.*)
RewriteRule ^(.+)$ - [F]
配置使用:
1、编辑config/config.ini.php自定义配置。
[General]
filter_type = xml
use_base_path = false
filter_path = default_filter.xml
tmp_path = tmp
scan_keys = false
HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php
HTML_Purifier_Cache = IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer
html[] = __wysiwyg
json[] = __jsondata
exceptions[] = __utmz
exceptions[] = __utmc
min_php_version = 5.1.2
[Logging]
path = tmp/phpids_log.txt
recipients[] = me@domain.com
subject = "PHPIDS detected an intrusion attempt!"
header = "From: <PHPIDS> noreply@domain.com"
envelope = ""
safemode = true
allowed_rate = 15
[Caching]
caching = file
expiration_time = 600
path = tmp/default_filter.cache
2、启用phpids,可以将phpids的加载脚本写入一个单独的php文件,然后通过php.ini中的auto_prepend_file选项自动加载。
ids.php
<?php
// set the include path properly for PHPIDS
set_include_path(
get_include_path()
. PATH_SEPARATOR
. 'phpids/lib/'
);
if (!session_id()) {
session_start();
}
require_once 'IDS/Init.php';
try {
$request = array(
'REQUEST' => $_REQUEST,
'GET' => $_GET,
'POST' => $_POST,
'COOKIE' => $_COOKIE
);
$init = IDS_Init::init(dirname(__FILE__) . '/phpids/lib/IDS/Config/Config.ini.php');
$f=$init->config['General']['base_path'] = dirname(__FILE__) . '/phpids/lib/IDS/';
echo $f;
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'file';
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Email.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_Email::getInstance($init),IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
}
} catch (Exception $e) {
//this shouldn't happen and if it does you don't want the notification public.
}
?>
2、编辑php.ini,加入以下内容:
auto_prepend_file /full/path/to/ids.php
类似资料: