Erinevus lehekülje "Snordi katsetus" redaktsioonide vahel
Allikas: Kuutõrvaja
| 43. rida: | 43. rida: | ||
Type:8 Code:0 ID:883 Seq:6144 ECHO | Type:8 Code:0 ID:883 Seq:6144 ECHO | ||
[Xref => http://www.whitehats.com/info/IDS162] | [Xref => http://www.whitehats.com/info/IDS162] | ||
| + | |||
| + | ===snort2pf=== | ||
| + | |||
| + | ips fuktsionaalsus Free ja Openbsd jaoks | ||
| + | |||
| + | pf enablemine | ||
| + | |||
| + | pf.conf | ||
| + | |||
| + | ext_if="bge1" | ||
| + | |||
| + | set optimization aggressive | ||
| + | set timeout tcp.established 7200 | ||
| + | set timeout udp.multiple 2 | ||
| + | set limit states 40000 | ||
| + | scrub in all | ||
| + | scrub out all random-id max-mss 1440 | ||
| + | |||
| + | antispoof for $ext_if inet | ||
| + | block log all label "blocked" | ||
| + | block in quick from <snort2pf> | ||
| + | |||
| + | pass quick on lo0 all | ||
| + | pass in inet proto icmp all keep state | ||
| + | pass out inet proto icmp all keep state | ||
| + | pass in on $ext_if proto tcp from any to $ext_if port 80 keep state label "www" | ||
| + | pass in on $ext_if proto tcp from any to $ext_if port 22 keep state label "ssh" | ||
| + | pass out on $ext_if proto { tcp, udp } all keep state | ||
| + | |||
| + | |||
| + | snort2pf installiks tõmmata alla | ||
| + | |||
| + | cd snort2pf-4.3 | ||
| + | ./install | ||
| + | >>> Installing files... | ||
| + | install: snort2pf -> /usr/local/sbin/snort2pf | ||
| + | install: snort2pfmon -> /usr/local/sbin/snort2pfmon | ||
| + | install: snort2pf.8 -> /usr/local/man/man8/snort2pf.8 | ||
| + | install: snort2pfmon.8 -> /usr/local/man/man8/snort2pfmon.8 | ||
| + | >>> Creating symlinks... | ||
| + | /sbin/snort2pf -> /usr/local/sbin/snort2pf | ||
| + | /sbin/snort2pfmon -> /usr/local/sbin/snort2pfmon | ||
| + | /man/man8/snort2pf.8 -> /usr/local/man/man8/snort2pf.8 | ||
| + | /man/man8/snort2pfmon.8 -> /usr/local/man/man8/snort2pfmon.8 | ||
| + | |||
| + | Don't forget to add the following line to you pf.conf(5): | ||
| + | "anchor snort2pf" | ||
| + | |||
| + | stardime | ||
| + | |||
| + | snort2pf -f /var/log/snort/alert -s 180 & | ||
| + | |||
| + | lisainfot man snort2pf | ||
Redaktsioon: 10. november 2009, kell 18:37
apache paigaldus
php paigaldus mysql toega
mysql server
snordi paigaldus mysql toega
NOTE: Starting with Snort 2.4.0 (released on 2005-04-22)
the rules are no longer included with the distribution.
Please download them from http://www.snort.org/rules/.
You might consider installing security/oinkmaster port to simplify
rules downloads and updates.
seega oinkmasteri paigaldus mis asub nagu snorgi FreeBSD's security harus
Reeglite saamiseks tuleb end snordi lehel registreerida http://www.snort.org/
logida lehele, ja uurida lehte My Oinkcodes ning nõuda generate code
ja lisada oinkmaster.conf'i rida
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here>/<fail>
näiteks
http://www.snort.org/pub-bin/oinkmaster.cgi/5a08f649c16a278e1012e1c/snortrules-snapshot-2.8.tar.gz
ja seejärel oinkmaster startida
oinkmaster -o /usr/local/etc/snort/rules/
seadistada snordi rulepath õigeks
ja startida snort
logid tekivad /var/log/snort/ kaustas olevasse faili /var/log/snort/alert näiteks kujul
[**] [1:469:4] ICMP PING NMAP [**] [Classification: Attempted Information Leak] [Priority: 2] 11/10-17:49:57.595915 128.9.160.132 -> 193.40.0.236 ICMP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF Type:8 Code:0 ID:883 Seq:6144 ECHO [Xref => http://www.whitehats.com/info/IDS162]
snort2pf
ips fuktsionaalsus Free ja Openbsd jaoks
pf enablemine
pf.conf
ext_if="bge1"
set optimization aggressive
set timeout tcp.established 7200
set timeout udp.multiple 2
set limit states 40000
scrub in all
scrub out all random-id max-mss 1440
antispoof for $ext_if inet
block log all label "blocked"
block in quick from <snort2pf>
pass quick on lo0 all
pass in inet proto icmp all keep state
pass out inet proto icmp all keep state
pass in on $ext_if proto tcp from any to $ext_if port 80 keep state label "www"
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state label "ssh"
pass out on $ext_if proto { tcp, udp } all keep state
snort2pf installiks tõmmata alla
cd snort2pf-4.3 ./install >>> Installing files... install: snort2pf -> /usr/local/sbin/snort2pf install: snort2pfmon -> /usr/local/sbin/snort2pfmon install: snort2pf.8 -> /usr/local/man/man8/snort2pf.8 install: snort2pfmon.8 -> /usr/local/man/man8/snort2pfmon.8 >>> Creating symlinks... /sbin/snort2pf -> /usr/local/sbin/snort2pf /sbin/snort2pfmon -> /usr/local/sbin/snort2pfmon /man/man8/snort2pf.8 -> /usr/local/man/man8/snort2pf.8 /man/man8/snort2pfmon.8 -> /usr/local/man/man8/snort2pfmon.8 Don't forget to add the following line to you pf.conf(5): "anchor snort2pf"
stardime
snort2pf -f /var/log/snort/alert -s 180 &
lisainfot man snort2pf
