This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
сервис_barnyard2 [2015/06/03 10:26] val |
сервис_barnyard2 [2016/11/16 08:56] (current) val [Ubuntu 14.04] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Сервис BARNYARD2 ====== | ====== Сервис BARNYARD2 ====== | ||
+ | * [[https://github.com/firnsy/barnyard2/blob/master/doc/README.snortsam|barnyard2/doc/README.snortsam]] | ||
+ | * [[https://github.com/firnsy/barnyard2/issues/127|snort generate logs,barnyard2 can not read records]] | ||
+ | |||
+ | ===== Ubuntu ===== | ||
+ | |||
+ | * [[http://computer-outlines.over-blog.com/article-nids-snort-barnyard2-apache2-base-with-ubuntu-14-04-lts-123532107.html|SNORT / Barnyard2 / MySQL / BASE with Ubuntu 14.04 LTS]] | ||
+ | |||
+ | ===== FreeBSD ===== | ||
+ | |||
+ | * [[http://www.itcooky.com/?p=3108|Установка на FreeBSD 9 системы анализа Snort и блокировки SnortSAM зловредного трафика!]] | ||
<code> | <code> | ||
# pkg install barnyard2 # no need, install as snort dependence | # pkg install barnyard2 # no need, install as snort dependence | ||
Line 22: | Line 32: | ||
1000001: src, 2 min | 1000001: src, 2 min | ||
</code><code> | </code><code> | ||
+ | # service snort stop | ||
+ | |||
+ | # rm /var/log/snort/* | ||
+ | |||
+ | # service snort start | ||
+ | |||
# /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort/ -f snort.log | # /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort/ -f snort.log | ||
# cat /etc/rc.conf | # cat /etc/rc.conf | ||
- | ... | ||
</code><code> | </code><code> | ||
+ | ... | ||
barnyard2_enable=yes | barnyard2_enable=yes | ||
barnyard2_flags="-D -d /var/log/snort/ -f snort.log" | barnyard2_flags="-D -d /var/log/snort/ -f snort.log" | ||
+ | </code><code> | ||
+ | # service barnyard2 start | ||
+ | </code> | ||
+ | |||
+ | ==== Принцип отбора правил ==== | ||
+ | |||
+ | <code> | ||
+ | # cat classification.config | ||
+ | </code><code> | ||
+ | ... | ||
+ | config classification: web-application-attack,Web Application Attack,1 | ||
... | ... | ||
</code> | </code> | ||
+ |