尊龙凯时人生就是博

  1. 尊龙凯时人生就是博ÂËÓÍ»úÊ×Ò³
  2. ×ÊÖúÖÐÐÄ

ÔõÑùʹÓÃÈëÇÖ·ÀÓùϵͳ£¨IPS£©±£»¤CentOSЧÀÍÆ÷ÃâÊܹ¥»÷

ȪԴ£º尊龙凯时人生就是博ÂËÓÍ»úÍø ÔðÈα༭£º¶÷СÊÏ Ê±¼ä£º2024Äê9ÔÂ19ÈÕ 0

ÔõÑùʹÓÃÈëÇÖ·ÀÓùϵͳ£¨ips£©±£»¤centosЧÀÍÆ÷ÃâÊܹ¥»÷

СÐò£º

ÔÚµ±½ñÊý×Ö»¯µÄʱ´ú £¬Ð§ÀÍÆ÷Çå¾²ÊÇÖÁ¹ØÖ÷ÒªµÄ¡£ÍøÂç¹¥»÷ºÍÈëÇÖÊÂÎñÔ½À´Ô½ÆµÈÔ £¬Òò´Ë±£»¤Ð§ÀÍÆ÷ÃâÊܹ¥»÷µÄÐèÇó±äµÃÈÕÒæÆÈÇС£ÈëÇÖ·ÀÓùϵͳ£¨IPS£©ÊÇÒ»ÖÖÖ÷ÒªµÄÇå¾²²½·¥ £¬Ëü¿ÉÒÔ×ÊÖú¼ì²âºÍ×èÖ¹¶ñÒâÔ˶¯ £¬±£»¤Ð§ÀÍÆ÷ÃâÊܹ¥»÷¡£ÔÚ±¾ÎÄÖÐ £¬ÎÒÃǽ«Ñ§Ï°ÔõÑùÔÚCentOSЧÀÍÆ÷ÉÏÉèÖúÍʹÓÃIPSÀ´Ìá¸ßЧÀÍÆ÷µÄÇå¾²ÐÔ¡£

µÚÒ»²¿·Ö£º×°ÖúÍÉèÖÃIPS

µÚÒ»²½£º×°ÖÃIPSÈí¼þ

Ê×ÏÈ £¬ÎÒÃÇÐèҪѡÔñºÍ×°ÖúÏÊʵÄIPSÈí¼þ¡£SnortÊÇÒ»¸öÊ¢Ðеġ¢¿ªÔ´µÄIPSÈí¼þ £¬Ëü¿ÉÒÔÔÚCentOSÉÏʹÓá£ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÏÂÁî×°ÖÃSnort£º

sudo yum install snort

µÇ¼ºó¸´ÖÆ

×°ÖÃÍê³Éºó £¬ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÏÂÁîÆô¶¯SnortЧÀÍ£º

sudo systemctl start snort

µÇ¼ºó¸´ÖÆ

µÚ¶þ²½£ºÉèÖÃSnort

Ò»µ©×°ÖÃÍê³É £¬ÎÒÃÇÐèÒª¾ÙÐÐһЩ»ù±¾µÄÉèÖÃÒÔÈ·±£SnortÄܹ»Õý³£ÊÂÇé¡£ÔÚCentOSÉÏ £¬SnortµÄÉèÖÃÎļþλÓÚ/etc/snort/snort.conf¡£ÎÒÃÇ¿ÉÒÔʹÓÃÎı¾±à¼­Æ÷·­¿ª¸ÃÎļþ £¬²¢Æ¾Ö¤ÐèÒªÐÞ¸ÄÆäÖеIJÎÊý¡£

ÒÔÏÂÊÇһЩ³£¼ûµÄÉèÖòÎÊýºÍʾÀý£º

ipvar HOME_NET any£ºÖ¸¶¨ÔÊÐí»á¼ûЧÀÍÆ÷µÄÍøÂç¹æÄ£ £¬¿ÉÒÔÊǵ¥¸öIPµØµã¡¢IP¶Î»ò×ÓÍø¡£

ipvar EXTERNAL_NET any£ºÖ¸¶¨¿ÉÐÅÍеÄÍⲿÍøÂç¹æÄ£ £¬Snort½«Õë¶Ô´Ë¹æÄ£¾ÙÐÐÁ÷Á¿¼à¿Ø¡£

alert icmp any any -> $HOME_NET any (msg: “ICMP traffic detected”; sid: 10001)£ºµ±¼ì²âµ½ICMPÁ÷Á¿Ê± £¬Êä³öÒ»¸ö¾¯±¨ £¬²¢½«ÆäÓëSID 10001¹ØÁª¡£

Íê³ÉÉèÖúó £¬ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÏÂÁî²âÊÔÉèÖÃÊÇ·ñÓÐÓãº

sudo snort -T -c /etc/snort/snort.conf

µÇ¼ºó¸´ÖÆ

µÚ¶þ²¿·Ö£ºÆôÓÃIPS¹æÔò

µÚÒ»²½£ºÏÂÔØIPS¹æÔò

IPS¹æÔòÊÇÈ·¶¨ºÎʱ±¬·¢¹¥»÷»òÒì³£ÐÐΪµÄ»ù´¡¡£ÎÒÃÇ¿ÉÒÔ´ÓSnort¹Ù·½ÍøÕ¾ÏÂÔØ×îеĹæÔòÎļþ¡£

ÒÔÏÂÊÇÏÂÔعæÔòÎļþµÄʾÀýÏÂÁ

sudo wget https://www.snort.org/downloads/community/community-rules.tar.gz
sudo tar -xvf community-rules.tar.gz -C /etc/snort/rules/

µÇ¼ºó¸´ÖÆ

µÚ¶þ²½£ºÆôÓùæÔò¼¯

ÔÚSnortÉèÖÃÎļþÖÐ £¬ÎÒÃÇÐèÒªÌí¼ÓÒÔÏÂÏÂÁîÀ´¼ÓÔعæÔò¼¯£º

include $RULE_PATH /community.rules

µÇ¼ºó¸´ÖÆ

µÚÈý²½£ºÖØÆôSnortЧÀÍ

ÉèÖÃÎļþµÄ¸ü¸ÄÐèÒªÖØÐÂÆô¶¯SnortЧÀͲŻªÉúЧ¡£ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÏÂÁîÖØÆôSnortЧÀÍ£º

sudo systemctl restart snort

µÇ¼ºó¸´ÖÆ

µÚÈý²¿·Ö£º¼à¿ØIPSÈÕÖ¾

Ò»µ©Snort×îÏȼà¿ØÁ÷Á¿²¢¼ì²âµ½Òì³£Ô˶¯ £¬Ëü»áÌìÉúÒ»¸öÈÕÖ¾Îļþ¡£ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÏÂÁîÉó²éÈÕÖ¾Îļþ£º

sudo tail -f /var/log/snort/alert

µÇ¼ºó¸´ÖÆ

µÚËIJ¿·Ö£ºÓÅ»¯IPSÐÔÄÜ

ÆôÓöàỊ̈߳ºÔÚSnortÉèÖÃÎļþÖÐ £¬¿ÉÒÔͨ¹ýÉèÖÃconfig detection: search-method ac-splitÀ´ÆôÓöàÏ̼߳ì²âÒªÁì¡£

ÓÅ»¯Ó²¼þ£º¹ØÓÚ¸ßÐÔÄܵÄIPS°²ÅÅ £¬¿ÉÒÔ˼Á¿Ê¹ÓøüÇ¿Ê¢µÄЧÀÍÆ÷ºÍÍøÂçÊÊÅäÆ÷¡£

°´ÆÚ¸üйæÔò£ºËæ×ÅеÄÍþвһֱ·ºÆ𠣬°´ÆÚ¸üÐÂIPS¹æÔòÊÇÖÁ¹ØÖ÷ÒªµÄ¡£¿ÉÒÔʹÓÃÒÔÏÂÏÂÁîÏÂÔغ͸üйæÔò£º

sudo wget https://www.snort.org/rules/snortrules-snapshot-XXXXX.tar.gz -O snortrules-snapshot.tar.gz
sudo tar -xvf snortrules-snapshot.tar.gz -C /etc/snort/rules/

µÇ¼ºó¸´ÖÆ

½áÂÛ£º

ͨ¹ýÉèÖúÍʹÓÃÈëÇÖ·ÀÓùϵͳ£¨IPS£© £¬ÎÒÃÇ¿ÉÒÔ´ó´óÌá¸ßCentOSЧÀÍÆ÷µÄÇå¾²ÐÔ £¬±ÜÃâ¶ñÒâ¹¥»÷ºÍδÊÚȨ»á¼û¡£È»¶ø £¬IPSÖ»ÊÇЧÀÍÆ÷Çå¾²µÄÒ»²¿·Ö £¬»¹ÐèÒª×ÛºÏÆäËûÇå¾²²½·¥À´¹¹½¨Ò»¸öÖÜÈ«µÄ·ÀÓùϵͳ £¬°ü¹ÜЧÀÍÆ÷ºÍÊý¾ÝµÄÇå¾²¡£

ÒÔÉϾÍÊÇÔõÑùʹÓÃÈëÇÖ·ÀÓùϵͳ£¨IPS£©±£»¤CentOSЧÀÍÆ÷ÃâÊܹ¥»÷µÄÏêϸÄÚÈÝ £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í尊龙凯时人生就是博ÂËÓÍ»úÍø¹Ù·½Ì¬¶È £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢ £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢ £¬ÇëÄúÁ¬Ã¦ÁªÏµ尊龙凯时人生就是博ʵʱÐÞÕý»òɾ³ý¡£

ÉÏһƪ£º

ÏÂһƪ£º

Ïà¹ØÐÂÎÅ

ÁªÏµ尊龙凯时人生就是博

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå £¬9:30-18:30 £¬½ÚãåÈÕÐÝÏ¢

QR code
sitemap¡¢ÍøÕ¾µØͼ