IPS +IDS 来保证你服务器的安全
来源:互联网 发布:淘宝打包招聘 编辑:程序博客网 时间:2024/05/03 21:42
废话不多说,直接看下面配置文件,
IDS (snort) 和 IPS (Guardian) 的原理实质为:
1 snort 利用iptables 保存的日志分析日志记录。
2 Guardian 用snort 分析日志记录的结果进行防御
3 snort guardian 的核心为iptables log 记录,下面为配置文件,
###############
## Guardian ##
###############
#rpm pakcet download
http://www.chaotic.org/guardian/
tar -xzvf guardian-***
cd guardian-***
# installing ....
cp guardian.pl /usr/sbin/
cp scripts/iptables_block.sh /usr/local/bin/guardian_block.sh
cp scripts/iptables_unblock.sh /usr/local/bin/guardian_unblock.sh
cp guardian.conf /etc/snort/
touch /etc/snort/guardian.ignore
touch /etc/snort/guardian.target
touch /var/log/snort/guardian.log
# setting guardian configure file (PATH /etc/snort/guardian.conf)
Interface eth0
LogFile /var/log/snort/guardian.log
AlerFile /var/log/snort/alert
IgnoreFile /etc/snort/guardian.ignore
TargetFile /etc/snort/grardian.target
TimeLimit 86400 #units: second
# /usr/local/bin/guardian_block.sh
source=$1
interface=$2
/sbin/iptables -I INPUT -s $source -i $interface -j DROP
# /usr/local/bin/guardian_block.sh
source=$1
interface=$2
/sbin/iptables -D INPUT -s $source -i $interface -j DROP
#---------------------------------------------------------------------------------------------
# server start , restart and stop
guardian.sh [ start | restart | stop | status ]
######################################### WORKS ###############################################
command
| -----------------> iptables------------------>DROP
|if alter | |
| | |TimeLimit Timeout
| Listen | default |
alert<-----------------Guradin=================> ACCEPT
|
|--guardian.ignore
|--guardian.target
# If the connection presents IP alias ,Must make the IP alias to become effective in guardian, \
# Ip alias ip address must Increase in guardian.target
###############
## Snort ##
###############
# download snort packet (rpm)
http://www.snort.org
http://www.snort.org/dl/binaries/linux
# download snort rules databases
# register snort
https://www.snort.org/pub-bin/register.cgi
http://www.snort.org.pub-bin/downloads.cgi
#---------------------------------------------------------------------------
tar -xzvf snortrules-**
# copy rules directory all rules to "/etc/snort/rules" directory
# default snort in gear start ,but optimize policy you should \
# setting "/etc/snort/snort.conf" files
# For example (varible "var HOME_NET" value)
# host
var HOME_NET 192.168.1.10
#net
var HOMT_NET 192.168.1.0/24,192.168.2.0/24
# setting snort include rules
var RULE_PATH /etc/snort/rules include $RULE_APTH/pop3_rules #(example)
#--------------------------------------------------------------------------
# setting snort working interface
# configure files from "/etc/sysconfig/snort"
# singleness interface " INTERFACE=interface"
# more interface " INTERFACE="interface1 interface2 . . "
# For example
INTERFACE=eth0 #singleness interface
INTERFACE="eth0 eth1 eth2" #more interface
# server start , restart and stop
service snortd [ start | stop | restart ]
/etc/init.d/snortd [ start | stop | restart ]
# log file PATH "/var/log/snort/alert | var/log/snort/INTERFACE_Name/alert"
# test command bash: nmap scan port ,Whether there are records at "cat /var/log/snort/alert"
################
## Nessus ##
################
#rpm www.nessus.org
http://www.nessus.org/products/nessus/nessus-download-agreement
# Nessus server | Nessus client
#register
http://www.nessus.org/register
register expression
nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx
- IPS +IDS 来保证你服务器的安全
- IDS/IPS等安全概念
- IDS/IPS等安全概念
- IDS与IPS的学习
- IDS与IPS的区别
- IDS IPS WAF之安全剖析
- IDS && IPS
- IDS, IPS
- 关于防火墙,IPS和IDS的疑问?
- IDS、IPS和UTM的区别
- IDS和IPS的部署细节科普
- 如何保证服务器的安全?
- IDS与IPS
- IPS与IDS
- 开源IDS/IPS
- 谁来保证我们的财产安全
- 怎样才能保证Web服务器的安全
- 保证服务器安全的七个技巧
- 联想b470 系列拆机
- 数据在计算机中的存储形式和运算
- 雅思作文实用技巧之连接词
- 输入AAABBBBCCDDD,统计A B C D各多少(结果是A3B4C2D3)
- FTP常见反馈信息知识大全
- IPS +IDS 来保证你服务器的安全
- mvc的认识
- Delphi Thread互斥量和事件
- 服务里面找不到MYSQL的解决方法
- 题目1126: 还是A+B
- eclipse failed to create the java virtual machine 问题图文解析
- 数字转成汉字表示(如222,1221 ,注意特殊情况:101,1001,10100等)
- Fuse用户空间文件系统安装学习笔记(ver2.7.3 red hat)
- 文献阅读