Snordi katsetus

Allikas: Kuutõrvaja
Redaktsioon seisuga 10. november 2009, kell 19:37 kasutajalt Jj (arutelu | kaastöö)

apache paigaldus

php paigaldus mysql toega

mysql server

snordi paigaldus mysql toega

NOTE: Starting with Snort 2.4.0 (released on 2005-04-22) 

     the rules are no longer included with the distribution.
     Please download them from http://www.snort.org/rules/.
     You might consider installing security/oinkmaster port to simplify
     rules downloads and updates.

seega oinkmasteri paigaldus mis asub nagu snorgi FreeBSD's security harus

Reeglite saamiseks tuleb end snordi lehel registreerida http://www.snort.org/

logida lehele, ja uurida lehte My Oinkcodes ning nõuda generate code

ja lisada oinkmaster.conf'i rida 

url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here>/<fail>

näiteks 

http://www.snort.org/pub-bin/oinkmaster.cgi/5a08f649c16a278e1012e1c/snortrules-snapshot-2.8.tar.gz

ja seejärel oinkmaster startida 

oinkmaster -o /usr/local/etc/snort/rules/

seadistada snordi rulepath õigeks

ja startida snort

logid tekivad /var/log/snort/ kaustas olevasse faili /var/log/snort/alert näiteks kujul 

[**] [1:469:4] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/10-17:49:57.595915 128.9.160.132 -> 193.40.0.236
ICMP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF
Type:8  Code:0  ID:883   Seq:6144  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

snort2pf

ips fuktsionaalsus Free ja Openbsd jaoks

pf enablemine

pf.conf 

ext_if="bge1"

set optimization aggressive
set timeout tcp.established 7200
set timeout udp.multiple 2
set limit states 40000
scrub in all
scrub out all random-id max-mss 1440

antispoof for $ext_if inet
block log all label "blocked"
block in quick from <snort2pf>

pass quick on lo0 all
pass in inet proto icmp all keep state
pass out inet proto icmp all keep state
pass in on $ext_if proto tcp from any to $ext_if port 80 keep state label "www"
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state label "ssh"
pass out on $ext_if proto { tcp, udp } all keep state


snort2pf installiks tõmmata alla 

cd snort2pf-4.3
./install
>>> Installing files...
install: snort2pf -> /usr/local/sbin/snort2pf
install: snort2pfmon -> /usr/local/sbin/snort2pfmon
install: snort2pf.8 -> /usr/local/man/man8/snort2pf.8
install: snort2pfmon.8 -> /usr/local/man/man8/snort2pfmon.8
>>> Creating symlinks...
/sbin/snort2pf -> /usr/local/sbin/snort2pf
/sbin/snort2pfmon -> /usr/local/sbin/snort2pfmon
/man/man8/snort2pf.8 -> /usr/local/man/man8/snort2pf.8
/man/man8/snort2pfmon.8 -> /usr/local/man/man8/snort2pfmon.8

Don't forget to add the following line to you pf.conf(5):
"anchor snort2pf"

stardime 

snort2pf -f /var/log/snort/alert -s 180 &

lisainfot man snort2pf

Pärit leheküljelt "https://kuutorvaja.eenet.ee/w/index.php?title=Snordi_katsetus&oldid=16419"