Snort

您可以在Wikipedia上了解到此条目的英文信息 Snort Thanks, Wikipedia.

Snort：一款开源的入侵检测系统

Guardian Active Response for Snort

新闻

自http://www.snort.org/news.xml加载RSS失败或RSS源被墙

简介

Snort可以三个模式进行运作：

• 侦测模式（Sniffer Mode）：Snort将在现有的网域内截取数据包，并显示在显示屏上。
• 数据包纪录模式（packet logger mode）：Snort将已截取的数据包存入存储媒体中（如硬盘）。
• 上线模式（inline mode）：Snort可对截取到的数据包做分析的动作，并根据一定的规则来判断是否有网络攻击行为的出现。

安装

Debian

apt-get install snort
apt-get install snort-doc

PostgreSQL

apt-get install snort-pgsql

MySQL

mysql> create database snort;
mysql> grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on snort.* to snort@localhost;
mysql> set password for snort@localhost=PASSWORD('snort');
mysql> flush privileges;
mysql -u root -p snort <//home/allen/snort-2.8.3.2/schemas/create_mysql
edit the /etc/snort/snort.conf 
var HOME_NET 192.168.0.0/24
var EXTERNAL_NET !$HOME_NET
var RULE_PATH /etc/snort/rules
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
chown root:snort /etc/snort/snort.conf
chmod 0640 /etc/snort/snort.conf
/usr/sbin/snort -c /etc/snort/snort.conf &
or 
/usr/bin/snort -c /etc/snort/snort.conf -D -g snort -u snort -i eth0 -l /var/log/snort
echo "SELECT hostname FROM sensor;" | mysql -u root -p snort

运行

/usr/local/bin/snort -d -h 192.168.1.0/24 -l /var/log/snort -c /usr/local/etc/snort.conf -s -D

Code

链接

• http://snort.org/
• http://docs.huihoo.com/snort/
• http://download.huihoo.com/snort/

<discussion>characters_max=300</discussion>