ࡱ> !` Xbjbj\\ \>>OTTTTTTT$x\?\?\?P?@x2@A@B@B@B@B@B@B@Bbdddddd$h}`TB@B@BBBTT@B@BVVVBT@BT@BbVBbVV~8TT@B4A r\?P&Xb0`$SJT@BTBVbB nBw@B@B@BU@B@B@BBBBBxxx:\?xxx\?xxxTTTTTT Document Version: Semi-Final Operating System: Fedora Core 4 Target Software: Snort <2.4.3> Apache <2.0.54> OpenSSL PHP <5.0.4> MySQL <4.1.16> PEAR Modules (you may have install some dependencies) : Image_Color <1.0.2> Image_Canvas <0.2.4> Image_Graph <0.7.1> ADOdb <4.68> BASE <1.2.1> - Basic Analysis and Security Engine, the replacement for ACID Introduction: This document was created to provide support for someone attempting to install Snort Intrusion Detection System, where the goal is to have robust logging and visualization support integrated with Snort detection engine. Please note this how-to is a very compact set of instructions on getting Snort up and running, for more detail information please visit the individual products sites, links are provided in the reference section of this manual. Additionally, the platform you are installing Snort on should be hardened as best as possible since any IDS is a potential target to an attacker. Installing Fedora Core 4: It seems that since the system will become a Snort IDS, the best form of installation for Fedora is a custom install. You want to select the minimum set of packages as possible, this prevent unnecessary services and application. Once the install is complete you should turn off additional services that are not needed in your environment. The system should be as secure/ harden as possible before installing Snort. It seems that the best way to get Snort up and running fast, it to install many of the needed packages (MySQL, PHP, SSL, etc) during the install process and then use the yum utility to update these applications. Here are some things to pay attention to during the install process: Firewall: Enable firewall Select SSH, HTTP, and HTTPS SELinux warn Web Server Apache Crypto-Utils Dstcache_auth_mysql Mod_perl Mod_ssl PHP PHP_mysql Webalizer Database MySQL MyODBC Mod_auth_mysql Mysql-devel Mysql-server Perl-DBD-MySQL PHP-mysql Once installation is complete, you should check for updates: rpm import /usr/share/rhn/RPM-GPG-KEY-fedora yum y update chkconfig yum on to turn on nightly updates You can also use the chkconfig utility to turn off services that are not needed httpd and mysqld services should be turn on. verify: chkconfig list | grep :on If services are not on, turn on: chkconfig httpd on service httpd start chkconfig mysqld on service mysqld start It is best to create a user account for Snort; this account can be created during the install process. In you are creating the account after installation, first create a group for the Snort user, and then create the user account. This manual assumes that the group and user account snort were created: groupadd snort useradd g snort snort Additionally the Bastille-Linux site ( HYPERLINK "http://www.bastille-linux.org/" http://www.bastille-linux.org/) has a very good utility/ program that may provide additional assistance to harden the system. Preparing the NIC: It is best to run the Snort IDS with a static IP address. To setup a static address with host name (Note: The information entered below is an example of what the file should contain, you should use information that represents your environment): /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=10.10.1.255 IPADDR=10.10.1.35 NETMASK=255.255.255.0 NETWORK=10.10.1.0 ONBOOT=yes TYPE=Ethernet /etc/sysconfig/networking NETWORKING=yes HOSTNAME=snort GATEWAY=10.10.1.1 /etc/hosts 10.10.1.35 snort.mydomain_name snort It is very important that outbound transmissions (data leaving the Snort IDS) be controlled or limited. This can be done in several ways: Don't bind the an IP to the NIC Run Snort using a passive listener Use separate receive and transit interfaces Firewall rules/ TCP wrappers, etc. Configuring MySQL for snort: MySQL install process creates initial accounts that do not have passwords. The initial root accounts passwords are empty, so anyone can connect to the MySQL server as root without a password and be granted all privileges. Two anonymous-user accounts are created, each with an empty username. The anonymous accounts have no passwords, so anyone can use them to connect to the MySQL server. You should insure that these accounts are assign passwords or deleted if not needed. For example, one way to assign passwords to the root accounts: shell> mysql -u root mysql> set password for 'root'@'localhost' = password('enter_passwd'); mysql> set password for 'root'@'your_machine_name' = password('enter_passwd'); Where 'enter_passwd' is the password for the root accounts and 'your_machine_name' is the name of the machine that MySQL is running on. For the anonymous account: shell> mysql -u root -p mysql> set password for ' '@'localhost' = password('enter_passwd'); mysql> set password for ' '@'your_machine_name' = password('enter_passwd'); Also one way to delete accounts; for example anonymous user accounts: shell> mysql -u root -p mysql> delete from mysql.user where User = ''; mysql> flush privileges; Now that the initial accounts for secure, you can now prepare MySQL for Snort. You may want to disable remote connection from the root account to MySQL database and delete the 'test' database. Snort needs an account to access MySQL for outputting information: shell> mysql -u root -p mysql> create database snort; mysql> grant insert, select on root.* to snort@localhost; mysql> set password for snort@localhost=password('password_in_snort_conf'); mysql> grant create, insert, select, delete, update on snort.* to snort@localhost; mysql> grant create, insert, select, delete, update on snort.* to snort; The above creates the database 'snort' that will be use by Snort to log information. Please note that the password for the database is the same password use in the Snort configuration file, later in this manual. Verifying Apache and PHP The simplest way to test that PHP and Apache is working is to create a file (myfile.php) in the Apache Document root directory, on many systems the Apache Document root is located @ /var/www/html. The file should contain: . Next load up the browser:  HYPERLINK "http://localhost/mytest.php" http://localhost/mytest.php, this should display information about packages and settings for PHP and Apache. Configure Apache for SSL/ TLS: BASE - Basic Security and Analysis Engine is a PHP GUI for analyzing Snort outputs. The utility requires a web server for serving pages/ displaying reports. This manual uses the Apache web server. During the installation process, Apache was installed with SSL/ TLS support. Once the Fedora installation process finishes and the system reboots, Apache running as httpd will start automatically every time the system boots. The web server is started with both http and https support. This manual assumes that BASE is the only process utilizing the web server. Keeping with the security mindset, default http (port 80) access to the web server is not allowed, only https access by configuring the Apache configuration file and firewall rules. Additionally, Apache will only serve BASE content. This configuration allows for BASE analysis to be view from any web browser and controls access to the server. Things to keep in mind when running Apache Limit/ stop users from setting up .htaccess files that can override security features explicitly configured Protect server files by default Limit Access to server and directories Explicitly assign permissions to directories Secure the communication channel Monitor logs The Apache configuration file, httpd.conf by default is located in /etc/httpd/conf directory. Within the httpd.conf file, other service specific configurations files such as ssl.conf, perl.conf are included/ imported from the /etc/httpd/conf.d directory. Therefore the httpd.conf file can be use to for general Apache settings and then use the ssl.conf file for SSL/TLS settings. httpd.conf ( The following settings should be included in the configuration file. Below represent basic settings for running the web server in relatively secure way. The web server can be further tweak to increase security and performance relative to a specific environment. #------------------------------------------------------------------------------------------------- # General Settings #------------------------------------------------------------------------------------------------- Listen host_ip:80 or 0.0.0.0:80 for all suitable interfaces User apache Group apache UseCanonicalName off ServerSignature off HostnameLookups off To prevent users from setting up .htaccess files that can override security features configured, use the AllowOverride statement. Additionally, to prevent/ limit clients from walking through the entire filesystem, block access to the filesystem by default and use Directory blocks to explicitly grant access to appropriate locations. See the BASE directory block later in this manual for an example of explicitly granting access. #------------------------------------------------------------------------------------------------- # General Access Control #------------------------------------------------------------------------------------------------- Options None AllowOverride None Order Deny,Allow Deny from all ssl.conf ( Below are the basic SSL/ TLS settings for running Apache with medium to strong SSL/ TLS security. More or less restrictions can be added. Please refer to the Apache documentation site for more details on these settings and more. #------------------------------------------------------------------------------------------------- # SSL/ TLS Setting #------------------------------------------------------------------------------------------------- Listen host_ip:443 SSLEngine on SSLMutex default SSLProxyEngine off SSLVerifyClient none SSLCryptoDevice builtin SSLOptions +StrictRequire SSLSessionCacheTimeout 300 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect file:/dev/urandom 512 SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM LogLevel warn ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 An additional layer of security is to use client certificates as well. Please refer to  HYPERLINK "http://www.apache.org" www.apache.org site for guides and how-tos for more information on configuring, securing, and running Apache web server. Snort: PCRE Install: PCRE Snort requires PCRE to function properly, therefore make sure that PCRE is installed. You can download PCRE from sourceforge.org. Once downloaded, extract PCRE and run: ./configure make install clean Snort Install: Should be root, or have permission to do the following. Download the latest stable version of Snort from sourceforge.org or snort.org. Once downloaded, extract Snort and run: ./configure --with-mysql {this is to enable Snort to log to MySQL database} make install Snort expects to find the configuration file in either: /etc/snort or /usr/local/etc/snort, this manual uses: /etc/snort mkdir /etc/snort mkdir /etc/snort/rules mkdir //snort_backup mkdir /var/log/snort Now copy the default rules and configuration files from the Snort installation directory to the recently created Snort directory: /etc/snort cd cp -R ./etc/snort/* /etc/snort/ Once the files are copied to the specified directory, the Snort configuration file must be modified for your specific environment. Specifically the following needed to be change: /etc/snort/snort.conf: var HOME_NET {should be set to your home network address} var RULE_PATH {should be: /etc/snort/rules} output database: log, mysql, user=snort password=whatever_you_want dbname=snort host=localhost {this instructs Snort to log to MySQL database} Where the database Snort is logging to is snort with the user account snort and password whatever_you_want from the localhost Verifying: You should verify that the configuration file is correct and check that Snort is able to start by doing: /usr/local/bin/snort c /etc/snort/snort.conf g snort g instruct snort to run as group snort once initialization is complete. You might need to specify the interface if snort cannot detect what interface on your system to use or if you want snort to use a specific interface. This can be done by specifying i iface Once you are confident that snort is running correctly, you can add a line in the rc.local file to make Snort start when the system starts. Included in the appendix section is a shell script for starting and stop Snort that was pulled off the web, use at your own risk. /usr/local/bin/snort c /etc/snort/snort.config g snort i iface -u username Schedule Snort rules to be downloaded automatically: It is very important that you stay update with new Snort rules. Overtime, manual updating the rule-set can become very tedious. Oinkmaster is a Perl script that can be use to automatically update your Snort rule-set. First register for the Sourcefire VRT Certified Rules on Snort.org. Download and install the Oinkmaster utility. Please read the INSTALL file for information on installation and configuration of the Oinkmaster utility Once Oinkmaster is configure correctly and completes successfully, the updating of rules can be schedule to run at specific times. One way to do this is to create a shell script with the specific syntax for running Oinkmaster. Then call the shell script using the cron daemon. The shell script allow for great flexibility. SnortDailyUpdates.sh: /usr/local/bin/oinkmaster.pl -C /usr/local/etc/oinkmaster.conf -C /etc/snort/rules -b /etc/snort/backup 2>&1 | mail -s "oinkmaster"  HYPERLINK "mailto:snortadmin@mydomain.com" snortadmin@mydomain.com --The above statement is on the same line This will run the Oinkmaster utility, creating a backup copy of the rules. Once the utility completes, an email will be sent with the results of the update. Crontab: 30 7 * * * //SnortDailyUpdates.sh This runs the SnortDailyUpdates.sh script 7:30AM everyday. Refer to the man pages for more information on crontabs. Snort Schema: Once MySQL is running and the snort database is created, the snort schema/ table structures must be added to the database so Snort can accurately log to MySQL. The Snort install comes with pre-package scripts to create the snort schema. Do the following: shell> mysql -u root p < //schemas/creat_mysql snort Verify that the snort database was create and check the database schema: mysql> show databases; mysql> use snort; mysql> show tables; At this point, Snort is installed, running, and logging to MySQL. BASE Basic Analysis and Security Engine: Before installing BASE, some dependencies need to be installed first. ADOdb: BASE requires ADOdb to communicate with MySQL. ADOdb provides a performance-conscious database abstraction layer for PHP. ADOdb can be downloaded from sourceforge.org. Once downloaded, extract the package to a directory where base can access it. It is recommended but not required that ADOdb be placed in the Apache Document root. PEAR the PHP Extension and Application Repository Modules: PEAR is usually installed during the PHP installation process. PEAR functions as CPAN for PHP. BASE requires several of the PEAR modules for rendering graphs. If not installed, install these modules by doing: pear install Image_Color pear install Image_Canvas pear install Image_Graph Some dependencies may need to be installed before installing these modules. BASE installation and Configuration: BASE can be downloaded from sourceforge.org. Once downloaded, extract BASE to a directory that will be accessible from the web, for instance, /var/www/html/base, the Apache Document root, etc. Once extracted, Bases schema can be added to MySQL by doing: shell> mysql -u root p < //sql/create_base_tbls_mysql.sql snort However it is best to use the BASE GUI to create the schema, this will be done very shortly. Next modify the BASE configuration file to reflect your environment: cp base_conf.php.dist base_conf.php Edit the base_conf.php: $BASE_urlpath = /base; $DBlib_path = / $DBtype = mysql $alert_dbname = snort; $alert_host = localhost; $alert_port = ; $alert_user = snort; $alert_password = use the same password from snort.conf; The archive information database can also be configured: $archive_dbname = snort; $archive_host = localhost; $archive_port = ; $archive_user = snort; $archive_password = use the same password from snort.conf; Once the configuration file is saved, start BASE by opening a web browser and point to the directory. This manual assumes that BASE is installed in the Apache Document root:  HYPERLINK "http://localhost/base" http://localhost/base Click on the setup link to create the MySQL schema if you have not done so already. Access to BASE need to be control by explicitly granting access in httpd.conf, you may need to do the following steps before accessing BASE from the above URL: /base"> Options Indexes FollowSymLinks AuthType Basic AuthName "SnortIDS" AuthUserFile //passwords Require user A_valid_base_user or Require valid-user AllowOverride AuthConfig Order Deny,Allow Allow from SSLRequireSSL Where A_valid_base_user is a user in the BASE password file. mkdir /passwords htpasswd c //passwords/base {repeat this for more users} References:  HYPERLINK "http://fedora.redhat.com" http://fedora.redhat.com  HYPERLINK "http://apache.org" http://apache.org  HYPERLINK "http://www.snort.org" http://www.snort.org  HYPERLINK "http://mysql.org" http://www.mysql.org  HYPERLINK "http://www.php.net" http://www.php.net  HYPERLINK "http://www.openssl.org" http://www.openssl.org  HYPERLINK "http://www.nist.gov" http://www.nist.gov  HYPERLINK "http://www.nsa.gov" http://www.nsa.gov *  HYPERLINK "http://www.google.com" http://www.google.com Appendix: From the web USE AT OWN RISK #!/bin/sh # # chkconfig: 2345 99 82 # description: Starts and stops the snort intrusion detection system # # config: /etc/snort/snort.conf # processname: snort # Source function library . /etc/rc.d/init.d/functions BASE=snort DAEMON="-D" INTERFACE="-i eth0" CONF="/etc/snort/snort.conf" # Check that $BASE exists. [ -f /usr/local/bin/$BASE ] || exit 0 # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 RETVAL=0 # See how we were called. case "$1" in start) if [ -n "`/sbin/pidof $BASE`" ]; then echo -n $"$BASE: already running" echo "" exit $RETVAL fi echo -n "Starting snort service: " /usr/local/bin/$BASE $INTERFACE -c $CONF $DAEMON sleep 1 action "" /sbin/pidof $BASE RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/snort ;; stop) echo -n "Shutting down snort service: " killproc $BASE RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/snort ;; restart|reload) $0 stop $0 start RETVAL=$? ;; status) status $BASE RETVAL=$? ;; *) echo "Usage: snort {start|stop|restart|reload|status}" exit 1 esac exit $RETVAL     Paul DAvilar Dennis Taylor Installing Fedora Core 4, OpenSSL, MySQL, Apache, PHP, Snort, BASE SEWPSC Fall 2005 .0=U]^flnu% + 0 r G o u غغغغة앋wf!h^DhK56>*OJQJ^JhKOJQJ^Jhr !OJQJ^Jh+%OJQJ^JhOJQJ^Jh^DOJQJ^J!h^Dhz#Y56>*OJQJ^JhppOJQJ^Jh# OJQJ^Jh0OJQJ^Jhz#YOJQJ^Jh/AOJQJ^JhkOJQJ^JhrVcOJQJ^J&0>?P^n  % q r h`hgdr !gdz#Y & Fgd#  & Fgd#  & Fgdz#YWX jxhipĺİĦ~tj`jVLhsOJQJ^Jh{0OJQJ^JhkOJQJ^JhrOJQJ^Jh@KOJQJ^JhIROJQJ^JhBEOJQJ^Jh$OJQJ^Jh`WOJQJ^JhNOJQJ^Jh )OJQJ^Jh^DOJQJ^JhcOJQJ^JhKOJQJ^Jh%LOJQJ^Jhr !OJQJ^JhZ'OJQJ^Jh+8OJQJ^J  *3;?ISdkzgdc8^8gd^D & Fgdc & Fgdc & Fgd%L & Fgd%Lgd'U+?Shigds & Fgd Fgdrgd$ & Fgd F & Fgd F & Fgd F & Fgd F & Fgd F67x-/筜oe[Q[QGhOJQJ^Jh-|OJQJ^JhoEOJQJ^JhOJQJ^J!h{0h{056>*OJQJ^JhIR56>*OJQJ^Jh{056>*OJQJ^J!h{0hIR56>*OJQJ^JhIROJQJ^Jho-hr !0JOJQJ^J'jho-hr !OJQJU^Jhr !hr !OJQJ^Jhr !OJQJ^Jjhr !OJQJU^J-?JXYtuh^gdY]:^gd=b^gdIR^gdm^gds XZstuɸɚ~p_RDɚ *hhOJQJ^JhIRhY]:OJQJ^J!hm^h=bB*OJQJ^Jph3fhIRB*OJQJ^Jph3fhY]:B*OJQJ^Jph3fh=bB*OJQJ^Jph3fhm^hOJQJ^J!hhIRB*OJQJ^Jph!hm^hIRB*OJQJ^Jph3fhIROJQJ^J!hIRhY]:B*OJQJ^Jph3fhm^hIROJQJ^J *hm^hIROJQJ^J!58/56e}~6Ż{q{q{d{dTd{d{h nh n6OJQJ]^Jh nh nOJQJ^JhoEOJQJ^Jh nOJQJ^JhWOJQJ^J!h )hs56>*OJQJ^J!h )hW56>*OJQJ^Jh@KOJQJ^JhGOJQJ^Jhr !OJQJ^J!hm^hY]:B*OJQJ^Jph3fhB*OJQJ^Jph3f!hhB*OJQJ^Jphh78M234z{gd n^gd>gdsgdG & F&gd@K & F&gdG678>?LMSTkƴƴƴsbPbsbP#h=hZCJOJQJ\^JaJ h=hZCJOJQJ^JaJ)h=hZB*CJOJQJ^JaJphhZOJQJ^Jh nh nOJQJ^J)h=h n6CJOJQJ\]^JaJ#h=h nCJOJQJ\^JaJ h=h nCJOJQJ^JaJ)h=h nB*CJOJQJ^JaJphh nOJQJ^Jh )OJQJ^J".2349=ST`xyz{`}DzبxDzDzǨndhVOJQJ^JhnOJQJ^J#h=h>CJOJQJ\^JaJh FOJQJ^JhLOJQJ^Jh nOJQJ^JhZOJQJ^J)h=hZB*CJOJQJ^JaJph h=hZCJOJQJ^JaJ#h=hZCJOJQJ\^JaJ)h=hZ6CJOJQJ\]^JaJ%S;<+, $$$gd`gdgdgd$gdL^gd=^gd F^gd>gds} QSYZ;<òòòyhyhyhT&hLB*CJOJQJ\^JaJph3f h=h=CJOJQJ^JaJ)h=h=B*CJOJQJ^JaJph#h=h=CJOJQJ\^JaJ#h=h>CJOJQJ\^JaJ h=h>CJOJQJ^JaJ)h=h>B*CJOJQJ^JaJphh nOJQJ^JhVOJQJ^JhLOJQJ^Jh>OJQJ^J<NR*+,= 푄seTJ@6@6hggOJQJ^Jh?OJQJ^JhOJQJ^J!hIh56>*OJQJ^Jh$56>*OJQJ^J!hIh$56>*OJQJ^JhZh=OJQJ^J hLhLCJOJQJ^JaJ& *h?hoECJOJQJ\^JaJ& *h?hLCJOJQJ\^JaJ& *hfhLCJOJQJ\^JaJhoECJOJQJ\^JaJ#hLhLCJOJQJ\^JaJ= > g h i !*OJQJ^J!hh56>*OJQJ^JhOJQJ^Jh$OJQJ^JhdL?hgg0JOJQJ^J'jhdL?hggOJQJU^JhggOJQJ^JjhggOJQJU^J$!%A%h%%%%%B'C'X(((1)m)y))))))x+++W,^gdPgdW5]^gd,'gd:jgd$ & F gd %A%p%r%%%%%%=&>&{&&&&& '''C'M'N'O'P''''&(J(W(X(1)m))κ~~~tcR!hh,'B*OJQJ^Jph3f!hhB*OJQJ^Jph3fh,'OJQJ^JhR/OJQJ^Jh{1OJQJ^J jhYGhYGOJQJ^J *hhYGOJQJ^JhYGOJQJ^JhOJQJ^Jh?OJQJ^JhPOJQJ^Jh%OJQJ^JhOJQJ^Jh:jOJQJ^JhOJQJ^J )#*$****w+x+++W,e,u,,,,,,,|-----.\2]2^2b2ǶǬzzi_UKh*OJQJ^Jh:jOJQJ^Jh,'OJQJ^J!h@Th@TB*OJQJ^Jph3fh?OJQJ^Jh@TOJQJ^J jhjhjOJQJ^J *h@ThjOJQJ^JhjOJQJ^J!h@ThALB*OJQJ^Jph3f!h@Th@q\B*OJQJ^Jph3fhPOJQJ^JhALOJQJ^Jh{1OJQJ^JhW5]OJQJ^JW,e,v,,,,,,-.*......../4/Q//////0=0^gd@Tgdj^gd@q\=0>0r000011111Q1R1y11111111232]2^2V3W3^3m3n3gd$^gd@Tb2l222222222223U3V3W3^3_3l3m3n3t333ԱrbQG=GhWOJQJ^JhtOJQJ^J!haha56>*OJQJ^Jhah9 5>*OJQJ^Jhaha5>*OJQJ^JhaOJQJ^J!h9 h9 56>*OJQJ^JhvOJQJ^Jh@TOJQJ^Jhvhv0JOJQJ^J'jhvhvOJQJU^JjhvOJQJU^JhvOJQJ^Jh*OJQJ^JhOJQJ^Jn330414=4P4Q4`4a455_5l5m555 & F h88^8gd%s & F h88^8gd%s^gd%s hh^h`hgd%sgdBE & F h88^8gd&o & F h88^8gd&o^gd&o34"414P4Q4^4_4`4a4o4s4444444555!5+5,5-5]5^5_5k55566ȸ쎄zppbpzXXhF/OJQJ^J *hahTOJQJ^JhD6OJQJ^Jh%OJQJ^Jh^OJQJ^JhTOJQJ^Jhhm^5>*OJQJ^JhahBE5>*OJQJ^Jhahm^5>*OJQJ^Jhaha5>*OJQJ^JhBEOJQJ^JhtOJQJ^JhaOJQJ^Jh*OJQJ^J 55696N6O66667 77777(8U888k9l9gdP^^gd%s & F% h88^8gd%s & F# h88^8gd%s^gd%s & F! h88^8gd%s666W777777777777&8'8(85888S8T8U8k8888888(9ɾseW *h[h%OJQJ^J *h[hVOJQJ^J!h[h%B*OJQJ^Jph3f!h[h%B*OJQJ^Jph3fh[OJQJ^J!h[h[B*OJQJ^Jph3f *h%h[OJQJ^J *h%OJQJ^J *h[OJQJ^J *h%h%OJQJ^Jh" OJQJ^JhTOJQJ^Jh%OJQJ^J(9T9j9k9l9w9x999:7:>:C:D:8;?;T;;;;;;!<5<6<7<8<[<<<<<ϿϤϚϤϐxndThah05>*OJQJ^JhdOJQJ^Jh FOJQJ^JhVhU%>*OJQJ^JhU%OJQJ^JhiOJQJ^Jh[OJQJ^JhVOJQJ^J!hm^hm^56>*OJQJ^Jhahm^5>*OJQJ^JhP^OJQJ^Jh%OJQJ^J *h[h%OJQJ^J *h[h%OJQJ^Jl9w9x999:f:';(;7<8<<<<<=8^8gd%s^gd%sgd% & F h88^8gd&o & F pp^pgd&o & F h88^8gd&o^gd&o^gd&o^gdm^<<<<!=y=======t>u>v>Y?????????X@ܾҪ}}p_J)h hhB*CJOJQJ^JaJph3f!h<h<B*OJQJ^Jph3fh hhOJQJ^J *h hhOJQJ^J *hiKOJQJ^JhVOJQJ^JhT|OJQJ^JhtOJQJ^Jh OJQJ^JhGF+OJQJ^Jho OJQJ^JhhOJQJ^JhOJQJ^Jh OJQJ^Jhaht5>*OJQJ^J==u>v>????@@@@jAkAtAuAAA/B0B>B?BBCCCgdz#Y 7$8$H$^gd%s^gd%s & F $   ^ gd%sX@Y@@@@@@@@@@@@@A AjAѴя{g{XI<2<hVOJQJ^Jh3Rh3ROJQJ^Jh3R6CJOJQJ^JaJh<6CJOJQJ^JaJ& *h<h56CJOJQJ^JaJ& *h<h<6CJOJQJ^JaJh<CJOJQJ^JaJ-h h<0JB*CJOJQJ^JaJph3f8jh h<B*CJOJQJU^JaJph3f)h h<B*CJOJQJ^JaJph3f2jh h<B*CJOJQJU^JaJph3fjAkAsAtAuAAAA.B/B0BB?BB±xhXK;1h6OOJQJ^Jhaha5>*OJQJ^JhX45>*OJQJ^JhahX45>*OJQJ^Jhah6O5>*OJQJ^JhX4OJQJ^Jh+%OJQJ^Jh3ROJQJ^Jh`WOJQJ^J!h'bhhB*OJQJ^Jph3f!h'bhiKB*OJQJ^Jph3fhhCJOJQJ^JaJ h h<CJOJQJ^JaJ# *h h<CJOJQJ^JaJh3Rh3ROJQJ^JB C@CACBCCCICJCCCCCCCCDD DDDD!D#DfDDDDDD͸͸͸r͸aWMWhtTOJQJ^JhOJQJ^J!h6Oh6O56>*OJQJ^J&h6OB*CJOJQJ\^JaJph3f h6Oh6OCJOJQJ^JaJh6OCJOJQJ\^JaJ#h'bh6OCJOJQJ\^JaJ)h Fh6OB*CJOJQJ^JaJph3f)h'bh6OB*CJOJQJ^JaJphh3ROJQJ^Jh6OOJQJ^Jh OJQJ^JCCCCCCCD"D#DeDfDDDDDD0F1FnFoFCGDG]GwGG & F(gdR^gdgdz#Y^gd%s^gd%sDDDD[E]E1F5FdFmFnFoFFFFFGBGCGDG\G]GGGGGGGGGHHHɿɿɵɵɫwjZhIhI5>*OJQJ^Jh5>*OJQJ^JhIh5>*OJQJ^JhIh5>*OJQJ^JhIOJQJ^JhROJQJ^Jh _OJQJ^JhVOJQJ^JhOJQJ^JhOJQJ^Jhh5>*OJQJ^Jh5>*OJQJ^Jhh5>*OJQJ^J GGGGHHIIWIXIIIII J!J9J:JSJxJJJJJJJ^gd & F)gd^gd^gdRgdRHH/HHHHI I II'I+IXIIIII!J8J:JuJ͸tt`tI,hhB*CJOJQJ\^JaJph3f& *hZuhCJOJQJ\^JaJhCJOJQJ\^JaJ& *hhCJOJQJ\^JaJhCJOJQJ\^JaJ#h'bhCJOJQJ\^JaJ)h FhB*CJOJQJ^JaJph3f)h'bhB*CJOJQJ^JaJphhOJQJ^JhlOJQJ^JhOJQJ^JuJvJ#K^KLLLJLXLLLLLLLLLLLLBMqMsMMMMƷƷzfXMBMBXhlOJQJ\^JhOJQJ\^JhhOJQJ\^J'h9nNh0JCJOJQJ\^JaJ2jzh9nNhCJOJQJU\^JaJ&jhCJOJQJU\^JaJhlCJOJQJ\^JaJhCJOJQJ\^JaJhCJOJQJ\^JaJ,hhB*CJOJQJ\^JaJph3f&hlB*CJOJQJ\^JaJph3fJ#K$K]K^KyKKKKLLLLLLMMN&N6NKNNNNNOOO^gd^gdMMMZNvNNNNNO O&O'O8O9O:OXO_O`OeOOOOOOɌݜ}odYdId *hHhHOJQJ\^JhOJQJ\^JhHOJQJ\^JhHhHOJQJ\^JhXmCJOJQJ\^JaJhlB*OJQJ\^Jph3fhlCJOJQJ\^JaJhHCJOJQJ\^JaJhCJOJQJ\^JaJ' *hHhHB*OJQJ\^Jph3fhHB*OJQJ\^Jph3f$hhB*OJQJ\^Jph3fO O_O`OOOOOOOO8PnPPPQWQQQRRRRh^hgd & Fgdl & Fgd+%gdz#Y^gdR & F)gdH^gdOOOOOOOPPP6P7P8P9PXPYPZPkPlPnPoPPͼsiUsFsihXh@E0JOJQJ^J'j"hXh@EOJQJU^Jh@EOJQJ^Jjh@EOJQJU^JhdL?h+%0JOJQJ^J'jGhdL?h+%OJQJU^Jh+%OJQJ^Jjh+%OJQJU^J!hlhl56>*OJQJ^Jh+%56>*OJQJ^J!hlh+%56>*OJQJ^JhOJQJ^Jh=OJQJ^JPPPPPPPPPPPPPPPPQQQQQQQQTQUQVQWQXQyQİΤĐĂxdUxĂxhXhl0JOJQJ^J'j*hXhlOJQJU^JhlOJQJ^JjhlOJQJU^J'jghdL?h+%OJQJU^Jh+%0JOJQJ^J'jhdL?h+%OJQJU^Jh+%OJQJ^JhdL?h+%0JOJQJ^Jjh+%OJQJU^J'jhdL?h+%OJQJU^JyQzQ{QQQQQQQQQQQQQQQQRRRRRRRİĦukZIk!hhz#Y56>*OJQJ^J!hh56>*OJQJ^JhOJQJ^JhdL?h0JOJQJ^J'j hdL?hOJQJU^JjhOJQJU^JhOJQJ^J'j hXhlOJQJU^JhlOJQJ^JhXhl0JOJQJ^JjhlOJQJU^J'jhXhlOJQJU^JR R/R0R1RWWWWWWWWWWWWWXXXXŸh{Th/Ah{T6OJQJ^Jh/Ah{TOJQJ^JhjhUhz#YhL-OJQJ^JhL-hL-OJQJ^JhL-OJQJ^JhL-h5OJQJ^J'hL-hL-5>*B*OJQJ^JphhL-hL-5OJQJ^JR0R1R;R=RURRRRRRR S SS!S5SRSSSnSSSSSSSTTgdL-gdz#Y$a$gdTT8TETNT|TTTTTURUbUUUUUUV,V>VKVVVVVVVVVgdL-VVWW!W`WoWtWuWWWWWWWWWWWWWWWWXXXXgdz#YgdL-,1h/ =!"#$% ,1h/ =!"#$% DyK http://www.bastille-linux.org/yK >http://www.bastille-linux.org/DyK http://localhost/mytest.phpyK 8http://localhost/mytest.phpDyK www.apache.orgyK .http://www.apache.org/DyK snortadmin@mydomain.comyK >mailto:snortadmin@mydomain.comDyK http://localhost/baseyK ,http://localhost/baseDyK http://fedora.redhat.comyK 4http://fedora.redhat.com/DyK http://apache.orgyK &http://apache.org/DyK http://www.snort.orgyK ,http://www.snort.org/DyK http://mysql.orgyK $http://mysql.org/DyK http://www.php.netyK (http://www.php.net/DyK http://www.openssl.orgyK 0http://www.openssl.org/DyK http://www.nist.govyK *http://www.nist.gov/DyK http://www.nsa.govyK (http://www.nsa.gov/DyK http://www.google.comyK .http://www.google.com/L@L Normal$CJOJQJ^J_HaJmH sH tH DA@D Default Paragraph FontRiR  Table Normal4 l4a (k(No List6U@6 +% Hyperlink >*B*ph4@4 /AHeader  !4 @4 /AFooter  !GP .0>?P^n%qr *3;?ISdkz'U + ? S h i   - ? J X Y t u h78M234z{S;<+,!AhBCX 1!m!y!!!!!!x###W$e$v$$$$$$%&*&&&&&&&&'4'Q''''''(=(>(r(((()))1)Q)R)y))))))))*3*]*^*V+W+^+m+n++0,1,=,P,Q,`,a,--_-l-m----.9.N.O..../ /////(0U000k1l1w1x1112f2'3(37484444455u6v677778888j9k9t9u999/:0:>:?:B;C;;;;;;<"<#<e<f<<<<<<0>1>n>o>C?D?]?w?????@@AAWAXAAAAA B!B9B:BSBxBBBBBBB#C$C]C^CyCCCCDDDDDDEEF&F6FKFFFFFGGG G_G`GGGGGGGG8HnHHHIWIIIJJJJ0J1J;J=JUJJJJJJJ K KK!K5KRKSKnKKKKKKKLLL8LELNL|LLLLLMRMbMMMMMMN,N>NKNNNNNNNNNNOO!O`OoOtOuOOOOOOOOOOOOOOOOPP P000000 0 0 0 0 0 0 0 0 0 0 000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0S 0S 0S 0S 0S 0S000 0 0 0 0' 0' 0 0 0 0 0 0 0000 0 000000000000000000000000000000& 0& 0& 0& 0000000000000000000000000000000000000000000 0 0 0 0 0 00000000000000000000000000000000000000000000000000000000000000000000000000000 0 000000 0 0000! 0! 0! 0! 0000# 0# 0000% 000000000000 0 0 0000 00000 0 0000000000000000000000000000000000000000000( 0( 0( 00000000000000) 000000000000000000000000000000000000000000) 0) 000000 0 0 0 0 0 0 0 0 00000000000000000000000000000000000000000000000000000000000000000000000000Y0000Y0000Y0000Y00000000Y00008Y00  nn 6}<= %)b236(9<X@jABDHuJMOPyQRX-035689;<=?@CEGHJLMNPRSUWXYZ h$W,=0n35l9=CCGJORTVX.1247:>ABDFIKOQTV[\]X/  6 =h***X888DDDGH6H8HYHkHnHHHHHHHIII=ITIWIzIIIIIIIJPXXXXXXXXXXXXXXݪzl9 P9 P8*urn:schemas-microsoft-com:office:smarttagstime {307HourMinutenu)*23:?HIR^cdjkyz '0js ! " ' 3 8 ? H I O [ a 8 9 < = > _ h  ?DMRfv$5W\".otBQSXkzy=fk .8s{}&CM!!!!!!!!.";"""""z$$$$$$&&&&&&&&&&&&&' '''.'4'G'I'P'Q'`'i''''''''''''( (((0(7(>(P(V(q(r(((((((())))#)0)1)<)B)P)}))))))))))))**********++&-+-O-T-------..,.8.9.>.@.C...////(0+0k0p000000000C1T1`1i1112233 3%3z3394<4[4g4r4s4t4y4?5I55556b6l6{66N7X7777778L8V888k9r9999999%:-:D:I:::J;O;;;;;;<<<^<c<<<<< ====]=b=>>Q?\?j?v???@@@@ AA2APAABBB*B7B;BGBTB^BpBuByBBBBBBBBBBBBBBBBC C_CmCzCCCCCCCCCCCCDDDDDDEEEEF%F'F/F7F?FAFIFLFXFFFFFFFFFGG'G8G`GeGGGG7HZHlHHHHI>IUI{IIIJJJ8J:J?JHJJJJJJJJK-K.KFKPKtKwKKKaLkLLL"M%MuMMMMMMN%N^N`NhNjNoNNNN=O]OoOsOOOOOOOOOOOOOOOOOOOOP P8=MR{SX CM$$$$'3'4'P'n'p'((0(<(((])_)**<*I*//(0+0U0[0C;H;;;;;;<<<@OOOOOOOOOOOOO P33333333333333333333333333333333333333?%' i 7 Fh=!AX !!$$&&**W+l+ ,a,,-_-m--N...//2(3[770;A;<<]==?B?D???@xBBDDDE'FFFGGGGG7H8HlHnHHHHHIIUIIJJhOOOOOOOOOOOOOOOOPP P 8 =**DDG7HZHlHHHHI>IUIIJOOOOOOOOOOOOO P)m6hLQ.Χ9*/".Χ\ B  }wul*Lh~xZf`ZRx`*>w&;x%!8$'(D"` (tS3 -6vK8ta:^[tR;v_Cho CE+IJ tJ̽^*K\VKhT\sW*iYL\                                            >L\        >L\        >L\        >L\        >L\                          \]P                 >L\        \]P        >L\        >L\        >L\        >L\                                   >L\                  AdX(CY :j 9 o $i!Rnfk L"m^jVr !%U%,'Z' )*GF+1-L-F/D0{0=4X45M566+8Q59Y]:G&;='A/A^D@EBEoE FGYG@K%LAL$RIR@TV`Wz#YZ@q\W5]'b=brVcUfggXmn n&oppms%sBWuv'v-|T|I}%W8+hh>tK -d6OclsK[WRaR/UP^v3RID6c EgaVl{TriKTqPH0?+[<tT{1 _" +%=N0IP^# ZuQ%@x%GP@UnknownGz Times New Roman5Symbol3& z Arial;Wingdings?5 z Courier New"1hkk C( C( 4]O]O2QHP ?Q2System Hardware:melissaNASA)                           ! " # $ % & ' ( Oh+'0|  8 D P\dltSystem Hardware:melissa Normal.dotNASA2Microsoft Office Word@@b@b C՜.+,D՜.+,\ hp  $New Jersey Institute of Technology(]O System Hardware: Title 8@ _PID_HLINKSAxT3!'http://www.google.com/ b5$http://www.nsa.gov/ \X!http://www.nist.gov/ a6http://www.openssl.org/ s1http://www.php.net/ ]Qhttp://mysql.org/ Khttp://www.snort.org/ w0http://apache.org/ Thttp://fedora.redhat.com/ RB http://localhost/base xP mailto:snortadmin@mydomain.com .0http://www.apache.org/ +http://localhost/mytest.php >}http://www.bastille-linux.org/   !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^`abcdefhijklmnopqrstuvwxyz{|}~Root Entry FData _1TablegWordDocument\SummaryInformation(DocumentSummaryInformation8CompObjq  FMicrosoft Office Word Document MSWordDocWord.Document.89qRoot Entry F@2ᶦData _1TablegWordDocument\՜.+,D՜.+,\ hp  $New Jersey Institute of Technology(]O System Hardware: Title 8@ _PID_HLINKSAxT3!'http://www.google.com/ b5$http://www.nsa.gov/ \X!http://www.nist.gov/ a6http://www.openssl.org/ s1http://www.php.net/ ]Qhttp://mysql.org/ Khttp://www.snort.org/ w0http://apache.org/ Thttp://fedora.redhat.com/ RB http://localhost/base xP mailto:snortadmin@mydomain.com .0http://www.apache.org/ +http://localhost/mytest.php >}http://www.bastille-linux.org/ SummaryInformation(DocumentSummaryInformation8CompObjq