This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_barnyard2 [2015/06/03 10:25] val |
сервис_barnyard2 [2015/06/03 11:02] val [FreeBSD] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Сервис BARNYARD2 ====== | ====== Сервис BARNYARD2 ====== | ||
+ | * [[https://github.com/firnsy/barnyard2/blob/master/doc/README.snortsam|barnyard2/doc/README.snortsam]] | ||
+ | * [[https://github.com/firnsy/barnyard2/issues/127|snort generate logs,barnyard2 can not read records]] | ||
+ | |||
+ | ===== Ubuntu 14.04 ===== | ||
+ | |||
+ | * [[http://computer-outlines.over-blog.com/article-nids-snort-barnyard2-apache2-base-with-ubuntu-14-04-lts-123532107.html]] | ||
+ | |||
+ | ===== FreeBSD ===== | ||
+ | |||
+ | * [[http://www.itcooky.com/?p=3108|Установка на FreeBSD 9 системы анализа Snort и блокировки SnortSAM зловредного трафика!]] | ||
<code> | <code> | ||
# pkg install barnyard2 # no need, install as snort dependence | # pkg install barnyard2 # no need, install as snort dependence | ||
Line 16: | Line 26: | ||
output unified2: filename snort.log | output unified2: filename snort.log | ||
... | ... | ||
+ | </code><code> | ||
+ | # cat /usr/local/etc/sid-block.map | ||
+ | </code><code> | ||
+ | 1256: src, 2 min | ||
+ | 1000001: src, 2 min | ||
</code><code> | </code><code> | ||
# /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort/ -f snort.log | # /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort/ -f snort.log | ||
# cat /etc/rc.conf | # cat /etc/rc.conf | ||
- | ... | ||
</code><code> | </code><code> | ||
+ | ... | ||
barnyard2_enable=yes | barnyard2_enable=yes | ||
barnyard2_flags="-D -d /var/log/snort/ -f snort.log" | barnyard2_flags="-D -d /var/log/snort/ -f snort.log" | ||
... | ... | ||
</code> | </code> | ||
+ | |||
+ | ==== Принцип отбора правил ==== | ||
+ | |||
+ | <code> | ||
+ | server# cat classification.config | ||
+ | </code><code> | ||
+ | ... | ||
+ | config classification: web-application-attack,Web Application Attack,1 | ||
+ | ... | ||
+ | </code> | ||
+ |