This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
сервис_snortsam [2015/06/03 12:13] val [ipfilter] |
сервис_snortsam [2016/11/16 08:53] val [Ubuntu 14.04] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Сервис SNORTSAM ====== | ====== Сервис SNORTSAM ====== | ||
- | [[http://www.snortsam.net/]] | + | * [[http://www.snortsam.net/|Старый сайт]] |
+ | * [[https://github.com/firnsy/barnyard2/blob/master/doc/README.snortsam|barnyard2 github snortsam]] | ||
+ | * [[https://github.com/blox-org/snortsam|github blox snortsam]] | ||
===== Установка пакета ===== | ===== Установка пакета ===== | ||
Line 14: | Line 15: | ||
</code> | </code> | ||
- | ==== Ubuntu 14.04 ==== | + | ==== Ubuntu ==== |
Не поддерживается | Не поддерживается | ||
Line 40: | Line 41: | ||
==== ipfilter ==== | ==== ipfilter ==== | ||
+ | |||
+ | * [[Сервис Firewall#FreeBSD ipfilter]] | ||
+ | |||
<code> | <code> | ||
# cat snortsam.conf | # cat snortsam.conf | ||
Line 46: | Line 50: | ||
ipf em1 | ipf em1 | ||
</code> | </code> | ||
- | |||
==== ipfw2 ==== | ==== ipfw2 ==== | ||
Line 86: | Line 89: | ||
</code><code> | </code><code> | ||
... | ... | ||
- | # ciscoacl 192.168.X.1 student/tacacs cisco /usr/local/etc/snortsam/snortsam.acl | + | # ciscoacl 192.168.X.1 user1/tpassword1 cisco /usr/local/etc/snortsam/snortsam.acl |
- | # ciscoacl 192.168.X.1 cisco cisco /etc/snortsam/snortsam.acl | + | # ciscoacl 192.168.X.1 cisco cisco /usr/local/etc/snortsam/snortsam.acl |
</code> | </code> | ||
==== cisco router acl tftp ==== | ==== cisco router acl tftp ==== | ||
- | Настройка | + | === Настройка === |
<code> | <code> | ||
server# cat /tftpboot/snortsam.acl | server# cat /tftpboot/snortsam.acl | ||
Line 107: | Line 110: | ||
permit tcp any any established | permit tcp any any established | ||
deny ip any any log | deny ip any any log | ||
+ | end | ||
</code><code> | </code><code> | ||
server# cat snortsam.tftp | server# cat snortsam.tftp | ||
</code><code> | </code><code> | ||
- | copy tftp://192.168.X.1/ running-config | + | copy tftp://192.168.X.10/ running-config |
</code><code> | </code><code> | ||
server# cat snortsam.conf | server# cat snortsam.conf | ||
</code><code> | </code><code> | ||
... | ... | ||
+ | # ciscoacl 192.168.X.1 cisco cisco snortsam.acl|/usr/local/etc/snortsam/snortsam.tftp | ||
# ciscoacl 192.168.X.1 student/tacacs cisco snortsam.acl|/usr/local/etc/snortsam/snortsam.tftp | # ciscoacl 192.168.X.1 student/tacacs cisco snortsam.acl|/usr/local/etc/snortsam/snortsam.tftp | ||
- | # ciscoacl 192.168.X.1 student/tacacs cisco snortsam.acl|/etc/snortsam/snortsam.tftp | ||
- | </code><code> | ||
- | server# cd /tftpboot/ | ||
</code> | </code> | ||
- | Запуск | + | === Запуск === |
<code> | <code> | ||
+ | server# cd /tftpboot/ | ||
+ | |||
[server:/tftpboot] # snortsam /usr/local/etc/snortsam/snortsam.conf | [server:/tftpboot] # snortsam /usr/local/etc/snortsam/snortsam.conf | ||
+ | |||
+ | server# cat /usr/local/etc/rc.d/snortsam | ||
+ | </code><code> | ||
+ | ... | ||
+ | cd /tftpboot/ | ||
+ | |||
+ | run_rc_command "$1" | ||
</code> | </code> | ||
Line 138: | Line 149: | ||
<code> | <code> | ||
- | [server:~] # /usr/local/etc/rc.d/snortsam rcvar | + | [server:~] # service snortsam rcvar |
- | [server:~] # /usr/local/etc/rc.d/snortsam start | + | [server:~] # service snortsam start |
</code> | </code> | ||