欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/ACL2, C++/F#/Lisp
Snort
来自开放百科 - 灰狐
(版本间的差异)
小 (→新闻) |
|||
(未显示1个用户的11个中间版本) | |||
第1行: | 第1行: | ||
− | Snort - | + | {{top news}} |
− | == | + | {{SeeWikipedia|Snort (software)}} |
+ | [[Image:Snort-90x90.gif|right]] | ||
+ | |||
+ | Snort:一款开源的入侵检测系统 | ||
+ | |||
+ | [[Guardian]] Active Response for Snort | ||
+ | ==新闻== | ||
+ | <rss>http://www.snort.org/news.xml|short|date|max=10</rss> | ||
+ | |||
+ | ==简介== | ||
+ | Snort可以三个模式进行运作: | ||
+ | *侦测模式(Sniffer Mode):Snort将在现有的网域内截取数据包,并显示在显示屏上。 | ||
+ | *数据包纪录模式(packet logger mode):Snort将已截取的数据包存入存储媒体中(如硬盘)。 | ||
+ | *上线模式(inline mode):Snort可对截取到的数据包做分析的动作,并根据一定的规则来判断是否有网络攻击行为的出现。 | ||
+ | |||
+ | ==安装== | ||
Debian | Debian | ||
apt-get install snort | apt-get install snort | ||
+ | apt-get install snort-doc | ||
+ | |||
==PostgreSQL== | ==PostgreSQL== | ||
apt-get install snort-pgsql | apt-get install snort-pgsql | ||
+ | |||
==MySQL== | ==MySQL== | ||
− | + | mysql> create database snort; | |
− | == | + | mysql> grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on snort.* to snort@localhost; |
+ | mysql> set password for snort@localhost=PASSWORD('snort'); | ||
+ | mysql> flush privileges; | ||
+ | mysql -u root -p snort <//home/allen/snort-2.8.3.2/schemas/create_mysql | ||
+ | edit the /etc/snort/snort.conf | ||
+ | var HOME_NET 192.168.0.0/24 | ||
+ | var EXTERNAL_NET !$HOME_NET | ||
+ | var RULE_PATH /etc/snort/rules | ||
+ | output database: log, mysql, user=snort password=snort dbname=snort host=localhost | ||
+ | chown root:snort /etc/snort/snort.conf | ||
+ | chmod 0640 /etc/snort/snort.conf | ||
+ | /usr/sbin/snort -c /etc/snort/snort.conf & | ||
+ | or | ||
+ | /usr/bin/snort -c /etc/snort/snort.conf -D -g snort -u snort -i eth0 -l /var/log/snort | ||
+ | echo "SELECT hostname FROM sensor;" | mysql -u root -p snort | ||
+ | |||
+ | ==运行== | ||
/usr/local/bin/snort -d -h 192.168.1.0/24 -l /var/log/snort -c /usr/local/etc/snort.conf -s -D | /usr/local/bin/snort -d -h 192.168.1.0/24 -l /var/log/snort -c /usr/local/etc/snort.conf -s -D | ||
− | == | + | ==Code== |
+ | |||
+ | ==链接== | ||
*http://snort.org/ | *http://snort.org/ | ||
*http://docs.huihoo.com/snort/ | *http://docs.huihoo.com/snort/ | ||
*http://download.huihoo.com/snort/ | *http://download.huihoo.com/snort/ | ||
+ | |||
+ | {{comment}} | ||
+ | |||
+ | [[Category:Security]] |
2018年2月23日 (五) 02:23的最后版本
您可以在Wikipedia上了解到此条目的英文信息 Snort Thanks, Wikipedia. |
Snort:一款开源的入侵检测系统
Guardian Active Response for Snort
目录 |
[编辑] 新闻
自http://www.snort.org/news.xml加载RSS失败或RSS源被墙
[编辑] 简介
Snort可以三个模式进行运作:
- 侦测模式(Sniffer Mode):Snort将在现有的网域内截取数据包,并显示在显示屏上。
- 数据包纪录模式(packet logger mode):Snort将已截取的数据包存入存储媒体中(如硬盘)。
- 上线模式(inline mode):Snort可对截取到的数据包做分析的动作,并根据一定的规则来判断是否有网络攻击行为的出现。
[编辑] 安装
Debian
apt-get install snort apt-get install snort-doc
[编辑] PostgreSQL
apt-get install snort-pgsql
[编辑] MySQL
mysql> create database snort; mysql> grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on snort.* to snort@localhost; mysql> set password for snort@localhost=PASSWORD('snort'); mysql> flush privileges; mysql -u root -p snort <//home/allen/snort-2.8.3.2/schemas/create_mysql edit the /etc/snort/snort.conf var HOME_NET 192.168.0.0/24 var EXTERNAL_NET !$HOME_NET var RULE_PATH /etc/snort/rules output database: log, mysql, user=snort password=snort dbname=snort host=localhost chown root:snort /etc/snort/snort.conf chmod 0640 /etc/snort/snort.conf /usr/sbin/snort -c /etc/snort/snort.conf & or /usr/bin/snort -c /etc/snort/snort.conf -D -g snort -u snort -i eth0 -l /var/log/snort echo "SELECT hostname FROM sensor;" | mysql -u root -p snort
[编辑] 运行
/usr/local/bin/snort -d -h 192.168.1.0/24 -l /var/log/snort -c /usr/local/etc/snort.conf -s -D
[编辑] Code
[编辑] 链接
<discussion>characters_max=300</discussion>
分享您的观点