Snort

来自开放百科 - 灰狐
(版本间的差异)
跳转到: 导航, 搜索
(新闻)
 
(未显示1个用户的11个中间版本)
第1行: 第1行:
Snort - the de facto standard for intrusion detection/prevention
+
{{top news}}
==Install==
+
{{SeeWikipedia|Snort (software)}}
 +
[[Image:Snort-90x90.gif|right]]
 +
 
 +
Snort:一款开源的入侵检测系统
 +
 
 +
[[Guardian]] Active Response for Snort
 +
==新闻==
 +
<rss>http://www.snort.org/news.xml|short|date|max=10</rss>
 +
 
 +
==简介==
 +
Snort可以三个模式进行运作:
 +
*侦测模式(Sniffer Mode):Snort将在现有的网域内截取数据包,并显示在显示屏上。
 +
*数据包纪录模式(packet logger mode):Snort将已截取的数据包存入存储媒体中(如硬盘)。
 +
*上线模式(inline mode):Snort可对截取到的数据包做分析的动作,并根据一定的规则来判断是否有网络攻击行为的出现。
 +
 
 +
==安装==
 
Debian
 
Debian
 
  apt-get install snort
 
  apt-get install snort
 +
apt-get install snort-doc
 +
 
==PostgreSQL==
 
==PostgreSQL==
 
  apt-get install snort-pgsql
 
  apt-get install snort-pgsql
 +
 
==MySQL==
 
==MySQL==
  apt-get install snort-mysql
+
  mysql> create database snort;
==Run==
+
mysql> grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on snort.* to snort@localhost;
 +
mysql> set password for snort@localhost=PASSWORD('snort');
 +
mysql> flush privileges;
 +
mysql -u root -p snort <//home/allen/snort-2.8.3.2/schemas/create_mysql
 +
edit the /etc/snort/snort.conf
 +
var HOME_NET 192.168.0.0/24
 +
var EXTERNAL_NET !$HOME_NET
 +
var RULE_PATH /etc/snort/rules
 +
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
 +
chown root:snort /etc/snort/snort.conf
 +
chmod 0640 /etc/snort/snort.conf
 +
/usr/sbin/snort -c /etc/snort/snort.conf &
 +
or
 +
/usr/bin/snort -c /etc/snort/snort.conf -D -g snort -u snort -i eth0 -l /var/log/snort
 +
echo "SELECT hostname FROM sensor;" | mysql -u root -p snort
 +
 
 +
==运行==
 
  /usr/local/bin/snort -d -h 192.168.1.0/24 -l /var/log/snort -c /usr/local/etc/snort.conf -s -D
 
  /usr/local/bin/snort -d -h 192.168.1.0/24 -l /var/log/snort -c /usr/local/etc/snort.conf -s -D
  
==Links==
+
==Code==
 +
 
 +
==链接==
 
*http://snort.org/
 
*http://snort.org/
 
*http://docs.huihoo.com/snort/
 
*http://docs.huihoo.com/snort/
 
*http://download.huihoo.com/snort/
 
*http://download.huihoo.com/snort/
 +
 +
{{comment}}
 +
 +
[[Category:Security]]

2018年2月23日 (五) 02:23的最后版本

Wikipedia-35x35.png 您可以在Wikipedia上了解到此条目的英文信息 Snort Thanks, Wikipedia.
Snort-90x90.gif

Snort:一款开源的入侵检测系统

Guardian Active Response for Snort

目录

[编辑] 新闻

自http://www.snort.org/news.xml加载RSS失败或RSS源被墙

[编辑] 简介

Snort可以三个模式进行运作:

  • 侦测模式(Sniffer Mode):Snort将在现有的网域内截取数据包,并显示在显示屏上。
  • 数据包纪录模式(packet logger mode):Snort将已截取的数据包存入存储媒体中(如硬盘)。
  • 上线模式(inline mode):Snort可对截取到的数据包做分析的动作,并根据一定的规则来判断是否有网络攻击行为的出现。

[编辑] 安装

Debian

apt-get install snort
apt-get install snort-doc

[编辑] PostgreSQL

apt-get install snort-pgsql

[编辑] MySQL

mysql> create database snort;
mysql> grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on snort.* to snort@localhost;
mysql> set password for snort@localhost=PASSWORD('snort');
mysql> flush privileges;
mysql -u root -p snort <//home/allen/snort-2.8.3.2/schemas/create_mysql
edit the /etc/snort/snort.conf 
var HOME_NET 192.168.0.0/24
var EXTERNAL_NET !$HOME_NET
var RULE_PATH /etc/snort/rules
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
chown root:snort /etc/snort/snort.conf
chmod 0640 /etc/snort/snort.conf
/usr/sbin/snort -c /etc/snort/snort.conf &
or 
/usr/bin/snort -c /etc/snort/snort.conf -D -g snort -u snort -i eth0 -l /var/log/snort
echo "SELECT hostname FROM sensor;" | mysql -u root -p snort

[编辑] 运行

/usr/local/bin/snort -d -h 192.168.1.0/24 -l /var/log/snort -c /usr/local/etc/snort.conf -s -D

[编辑] Code

[编辑] 链接

Comment-32x32.png

<discussion>characters_max=300</discussion>

分享您的观点
个人工具
名字空间

变换
操作
导航
工具箱