Erinevus lehekülje "Snordi katsetus" redaktsioonide vahel
Allikas: Kuutõrvaja
| 35. rida: | 35. rida: | ||
ja startida snort | ja startida snort | ||
| − | logid tekivad /var/log/snort/ | + | logid tekivad /var/log/snort/ kaustas olevasse faili /var/log/snort/alert näiteks kujul |
| + | |||
| + | [**] [1:469:4] ICMP PING NMAP [**] | ||
| + | [Classification: Attempted Information Leak] [Priority: 2] | ||
| + | 11/10-17:49:57.595915 128.9.160.132 -> 193.40.0.236 | ||
| + | ICMP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF | ||
| + | Type:8 Code:0 ID:883 Seq:6144 ECHO | ||
| + | [Xref => http://www.whitehats.com/info/IDS162] | ||
Redaktsioon: 10. november 2009, kell 18:50
apache paigaldus
php paigaldus mysql toega
mysql server
snordi paigaldus mysql toega
NOTE: Starting with Snort 2.4.0 (released on 2005-04-22)
the rules are no longer included with the distribution.
Please download them from http://www.snort.org/rules/.
You might consider installing security/oinkmaster port to simplify
rules downloads and updates.
seega oinkmasteri paigaldus mis asub nagu snorgi FreeBSD's security harus
Reeglite saamiseks tuleb end snordi lehel registreerida http://www.snort.org/
logida lehele, ja uurida lehte My Oinkcodes ning nõuda generate code
ja lisada oinkmaster.conf'i rida
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here>/<fail>
näiteks
http://www.snort.org/pub-bin/oinkmaster.cgi/5a08f649c16a278e1012e1c/snortrules-snapshot-2.8.tar.gz
ja seejärel oinkmaster startida
oinkmaster -o /usr/local/etc/snort/rules/
seadistada snordi rulepath õigeks
ja startida snort
logid tekivad /var/log/snort/ kaustas olevasse faili /var/log/snort/alert näiteks kujul
[**] [1:469:4] ICMP PING NMAP [**] [Classification: Attempted Information Leak] [Priority: 2] 11/10-17:49:57.595915 128.9.160.132 -> 193.40.0.236 ICMP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF Type:8 Code:0 ID:883 Seq:6144 ECHO [Xref => http://www.whitehats.com/info/IDS162]
