iT邦幫忙

第 12 屆 iT 邦幫忙鐵人賽

DAY 22
0
自我挑戰組

從零開始的ISMS資訊安全管理系統系列 第 22

DAY22 SNORT入侵偵測系統(設定)

下載規則庫
https://www.snort.org/downloads
要先註冊才能下載
https://ithelp.ithome.com.tw/upload/images/20200922/20034859HFQWuYiLCB.jpg
將preproc_rules rules so_rules複製到到snort目錄下,如下:
https://ithelp.ithome.com.tw/upload/images/20200922/2003485973R3FRFPF6.jpg
修改設定檔案 C:\Snort\etc\snort.conf
var RULE_PATH ../rules
var SO_RULE_PATH ../so_rules
var PREPROC_RULE_PATH ../preproc_rules
改成安裝路徑
https://ithelp.ithome.com.tw/upload/images/20200922/20034859kh7Rc8w1y2.jpg
#path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/

#path to base preprocessor engine
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

#path to dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules
改成
https://ithelp.ithome.com.tw/upload/images/20200922/20034859m8obKaGN9J.jpg
註解掉
https://ithelp.ithome.com.tw/upload/images/20200922/20034859rb1l38nEPa.jpg
查詢網路卡
Snort -w
https://ithelp.ithome.com.tw/upload/images/20200922/20034859f0bxzcw4ip.jpg
snort –i1 -dev -l C:\Snort\log -c C:\Snort\etc\snort.conf
https://ithelp.ithome.com.tw/upload/images/20200922/20034859Q05LsdhqWG.jpg
記錄檔
https://ithelp.ithome.com.tw/upload/images/20200922/20034859mBi0xX501B.jpg
記錄檔傳到 log server
output alert_syslog: host=xx.xx.xx.xx:514, LOG_AUTH LOG_ALERT


上一篇
DAY21 SNORT入侵偵測系統(安裝)
下一篇
DAY23 SNORT入侵偵測系統(安裝在Centos7)
系列文
從零開始的ISMS資訊安全管理系統30

尚未有邦友留言

立即登入留言