宜蘭縣教育支援平台 會員登入 會員註冊 我的i教書

參考網頁:
Suricata + Barnyard + BASE 安裝 – Neverland

底下參考自:讓Snort開始運作,Information Security 資安人科技網

Barnyard是一套用來讀取 Snort 統一輸出報表(Unified output)並將之轉存到資料庫的特製工具,並且會直接監視資料庫連線來預防資料的流失。統一輸出報表是 Snort3 種輸出報表的其中一個選項,它透過減輕 Snort  引擎中的有效負荷的傳輸(payload translation)來增快處理速度。

1. 安裝所需套件
# yum install git libtool libnet libnet-devel mariadb-devel daq-devel libyaml-devel file-devel libcap-ng-devel libpcap-devel libdnet-devel

2. 切換目錄
# cd /usr/local/src

3. 使用 git 下載 barnyard2
# git clone https://github.com/firnsy/barnyard2.git barnyard2
Cloning into 'barnyard2'...
remote: Counting objects: 1292, done.
remote: Total 1292 (delta 0), reused 0 (delta 0), pack-reused 1292
Receiving objects: 100% (1292/1292), 1.04 MiB | 601.00 KiB/s, done.
Resolving deltas: 100% (896/896), done.

 (閱讀全文)

Suricata 和 Snort 一樣,都是入侵偵測系統,二者之間的差異可以參考:
Snort vs Suricata - Aanval Wiki

Suricata 官方網站:https://oisf.net/suricata/
參考網站:
浮雲雅築: [研究] Suricata 3.0 入侵偵測系統安裝 (CentOS 7.2 x64)
如何在 Linux 系統上安裝 Suricata 入侵檢測系統 - 每日頭條
Building an IDS on CentOS using Suricata
CentOS Installation - Suricata - Open Information Security Foundation
IT Security through Open Source : Suricata - wildcard rule loading

1. 利用 epel 套件庫安裝 Suricata
# yum install suricata --enablerepo=epel

 (閱讀全文)

參考網頁:
浮雲雅築: [研究] Snort 2.9.6.2 + Barnyard 2.13 安裝 (CentOS 6.5 x64) 快速安裝程式
Startup script timeout (Centos 7) · Issue #141 · firnsy/barnyard2 · GitHub

底下參考自:讓Snort開始運作,Information Security 資安人科技網

Barnyard是一套用來讀取 Snort 統一輸出報表(Unified output)並將之轉存到資料庫的特製工具,並且會直接監視資料庫連線來預防資料的流失。統一輸出報表是 Snort3 種輸出報表的其中一個選項,它透過減輕 Snort  引擎中的有效負荷的傳輸(payload translation)來增快處理速度。

1. 安裝所需套件
# yum install git libtool libnet libnet-devel mariadb-devel daq-devel libyaml-devel file-devel libcap-ng-devel libpcap-devel libdnet-devel

2. 切換目錄
# cd /usr/local/src

3. 使用 git 下載 barnyard2
# git clone https://github.com/firnsy/barnyard2.git barnyard2
Cloning into 'barnyard2'...
remote: Counting objects: 1292, done.
remote: Total 1292 (delta 0), reused 0 (delta 0), pack-reused 1292
Receiving objects: 100% (1292/1292), 1.04 MiB | 601.00 KiB/s, done.
Resolving deltas: 100% (896/896), done.

 (閱讀全文)

參考網站:
Setting up Snort - Part 4 - Installing PulledPork · Don Mizutani
How To Install Snort NIDS On CentOS 7 | Unixmen

# yum install git
# git clone https://github.com/shirkdog/pulledpork.git
# cd pulledpork/
# cp pulledpork.pl /usr/local/bin
# chmod +x /usr/local/bin/pulledpork.pl
# cp -v etc/*.conf /etc/snort
‘etc/disablesid.conf’ -> ‘/etc/snort/disablesid.conf’
‘etc/dropsid.conf’ -> ‘/etc/snort/dropsid.conf’
‘etc/enablesid.conf’ -> ‘/etc/snort/enablesid.conf’
‘etc/modifysid.conf’ -> ‘/etc/snort/modifysid.conf’
‘etc/pulledpork.conf’ -> ‘/etc/snort/pulledpork.conf’
# mkdir /etc/snort/rules/iplists
# touch /etc/snort/rules/iplists/default.blacklist

 (閱讀全文)

snort 官方網站:https://www.snort.org/

1. 下載官方網站提供套件:
# wget https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm
# wget https://www.snort.org/downloads/snort/snort-2.9.9.0-1.centos7.x86_64.rpm

 (閱讀全文)

原本用來擔任入侵偵測系統的主機,是透過 oinkmaster 來更新 Snort Rule,不過最近(其實應該有一段時間了,只是自己懶惰,沒有積極處理),常常會在信箱收到如下的錯誤訊息:

 http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2860.tar.gzResolving www.snort.org... 23.23.143.164
Connecting to www.snort.org|23.23.143.164|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2013-09-07 23:30:03 ERROR 403: Forbidden.

猜想可能是 Snort Rule 下載的路徑已經做了更改,所以登入 Snort 官方網站,終於找到了解決方式:

 (閱讀全文)