作者: 王维 来由:51CTO.com
这几个操作的含义和Libpcap相反)
然后,我们将对SNORT作一系列的调试,使其正常运转,也随意纰漏管理
[root@kykin-L-linux snort-1.9.0]# cp etc /usr/local/snort19 –r (复制以后文件夹下的ETC目录到SNORT19上面) [root@kykin-L-linux snort-1.9.0]# cp rules /usr/local/snort19 –r (复制全部划定规矩文件) [root@kykin-L-linux snort-1.9.0]# cp etc/>
做完这一些,我们的任务已经完成了一大局部。上面我们将完成对照次要的一局部。入侵检测的划定规矩定制
[root@kykin-L-linux snort-1.9.0]#vi /root/.snortrc # This file contains a sample snort configuration. # You can take the following steps to create your # own custom configuration: # # 1) Set the network variables for your network # 2) Configure preprocessors # 3) Configure output plugins # 4) Customize your rule set #
# Step #1: Set the network variables: # # You must change the following variables to reflect # your local network. The variable is currently # setup for an RFC 1918 address space. # # You can specify it explicitly as: # # var HOME_NET 10.1.1.0/24
(内容太多,且则省略)
首先。我们在整个config文件的102行找到:
var RULE_PATH ../rules
这个是本地寄存划定规矩的路子,我们必需按照本身的现象,无缺写出来
我的文件是如许的:
var RULE_PATH /usr/local/snort19/rules
然后,在config文件的590行。我们将会望见:
include $RULE_PATH/bad-traffic.rules
从这里入手动手,赓续到后背,就是SNORT的整个划定规矩纠合。我们必需按照本身的现象作出注意的调试
include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules include $RULE_PATH/finger.rules include $RULE_PATH/ftp.rules include $RULE_PATH/telnet.rules include $RULE_PATH/rpc.rules include $RULE_PATH/rservices.rules include $RULE_PATH/dos.rules
(文件的内容太多,且则省略)
你可以针对本身的体系的详细现象做出注意的划定规矩剖析,不必要的划定规矩,就采用#注释的编制往复失
为了可实验指令:SNORT的随意纰漏调用,我们将做出毗连剖析
[root@kykin-L-linuxsnort-1.9.0]#ln –s /usr/local/snort19/bin/snort /usr/sbin/snort
然后。我们将树立一个新的目录来寄存SNORT日志文件
[root@kykin-L-linux snort-1.9.0]#cd /var/log [root@kykin-L-linux snort-1.9.0]#mkdir snort
做完上面的统统,基础上完成了整个IDS的起原设定,上面我们将测试能否成功
[root@kykin-L-linux snort-1.9.0]#snort Initializing Output Plugins! Log directory = /var/log/snort Initializing Network Interface eth0 using config file /root/.snortrc Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /root/.snortrc
Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes<
版权声明: 原创作品,允许转载,转载时请务必以超链接编制标明文章 原始来由 、作者信息和本声明。否则将究查法律责任。