Differences

This shows you the differences between two versions of the page.

--- сервис_snort [2020/03/10 12:50]
val
+++ сервис_snort [2022/03/30 12:43] (current)
val [Debian/Ubuntu]
@@ Line 10: / Line 10: @@
 <code>
 root@server:~# apt install snort
+!!! В визарде все по умолчанию ("не понимает" интерфейс bond1)
 root@server:~# cat /etc/snort/snort.debian.conf
@@ Line 15: / Line 17: @@
 ...
 DEBIAN_SNORT_INTERFACE="eth2"
+#DEBIAN_SNORT_INTERFACE="eth1"
+#DEBIAN_SNORT_INTERFACE="bond1"
 DEBIAN_SNORT_HOME_NET="192.168.0.0/16"
+#DEBIAN_SNORT_HOME_NET="any"
 ...
 </code><code>
@@ Line 29: / Line 34: @@
 root@server:~# snort -T -S HOME_NET=[192.168.0.0/16] -c /etc/snort/snort.conf
-root@server:~# service snort stop
+root@server:~# service snort restart
-root@server:~# snort -A console -i eth2 -S HOME_NET=[192.168.0.0/16] -c /etc/snort/snort.conf
-root@server:~# service snort start
 </code>
@@ Line 40: / Line 41: @@
 ==== Debian/Ubuntu ====
 <code>
-# tail -f /var/log/auth.log
+# less /etc/snort/rules/web-iis.rules
+# tail -f /var/log/auth.log | grep Red
 </code>
-==== Пример атаки с server.isp.un ====
+==== Пример атаки с isp.un ====
 <code>
-server.isp.un$ wget http://server.corpX.un/root.exe
+isp.un$ wget http://192.168.X.10/root.exe
 </code>
@@ Line 52: / Line 55: @@
   * [[http://oreilly.com/pub/h/1393|Write Your Own Snort Rules ]]
-==== FreBSD/Debian/Ubuntu ====
+==== Debian/Ubuntu ====
 <code>
 # cat rules/local.rules

Методические материалы Лохтурова Вячеслава