Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace: сервер_dovecot сервис_samba использование_протокола_syslog сервис_firewall сервис_tcpwrap организация_transparent_proxy пакет_pcs сервис_ppp технология_terraform пакет_pacemaker
сервис_snort

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
сервис_snort [2024/05/11 09:06]
val [Debian/Ubuntu] 		сервис_snort [2024/12/06 14:44] (current)
val [Пример атаки с isp.un]
Line 4: Line 4:
   * [[https://​help.ubuntu.com/​community/​SnortIDS]]   * [[https://​help.ubuntu.com/​community/​SnortIDS]]
   * [[https://​www.snort.org/​downloads/​community/​community-rules.tar.gz|!!!Открытые правила для тестирования!!!]]   * [[https://​www.snort.org/​downloads/​community/​community-rules.tar.gz|!!!Открытые правила для тестирования!!!]]
-  * [[http://www.openinfosecfoundation.org//Альтернативное решение]]+  * [[https://sansorg.egnyte.com/dl/qsNKTUL2ld|Snort and SSL/TLS Inspection]]
   * [[https://​upcloud.com/​resources/​tutorials/​installing-snort-on-debian|How to install Snort on Debian]]   * [[https://​upcloud.com/​resources/​tutorials/​installing-snort-on-debian|How to install Snort on Debian]]
 +
 +  * [[https://​oisf.net/​|Open Information Security Foundation Suricata]]
 ===== Установка,​ настройка,​ запуск сервиса ===== ===== Установка,​ настройка,​ запуск сервиса =====
  
Line 58: Line 60:
  
 # tail -f /​var/​log/​auth.log | grep Red # tail -f /​var/​log/​auth.log | grep Red
 +
 +# u2spewfoo /​var/​log/​snort/​snort.alert
 </​code>​ </​code>​
  
 ==== Пример атаки с isp.un ==== ==== Пример атаки с isp.un ====
 <​code>​ <​code>​
-isp.un$ ​wget http://​192.168.X.10/​root.exe+isp.un$ ​curl http://​192.168.X.10/​root.exe 
 +</​code>​ 
 + 
 +===== Копирование alert_unified2 в syslog ===== 
 +<​code>​ 
 +# stdbuf -i0 -o0 u2spewfoo <(tail -c +1 -f /​var/​log/​snort/​snort.alert) | logger -t snort -p auth.info 
 + 
 +# cat /​etc/​systemd/​system/​snort-alert-unified2-syslog.service 
 +</​code><​code>​ 
 +[Unit] 
 +Description=Send snort alert_unified2 to syslog 
 +After=snort.service 
 + 
 +[Service] 
 +ExecStart=/​bin/​bash -c '/​usr/​bin/​stdbuf -i0 -o0 /​usr/​sbin/​u2spewfoo <​(/​usr/​bin/​tail -c +1 -f /​var/​log/​snort/​snort.alert) | /​usr/​bin/​logger -t snort -p auth.info'​ 
 + 
 +[Install] 
 +WantedBy=multi-user.target
 </​code>​ </​code>​
  
сервис_snort.1715407581.txt.gz · Last modified: 2024/05/11 09:06 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki