Scribd Logo
Upload

Welcome to Scribd!

  • Snort

    Uploaded by

    One Hour
    43 views2 pages
    ips ids snort

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ips ids snort

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    43 views2 pages

    Snort

    Uploaded by

    One Hour
    ips ids snort

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    TRIỂN KHAI HỆ THỐNG PHÁT HIỆN VÀ NGĂN CHẶN XÂM NHẬP THỬ

    NGHIỆM TRÊN SNORT

    1. Mô hình thử nghiệm.

    Mô hình tấn công thử nghiệm Snort IPS IDS

     Môi trường giả lập: VM ware Workstation pro


     Thiết lập cấu hình:
     Client: Window 10 – Vmnet 11: 192.168.11.12
     Attacker: Kali linux – Vmnet 11: 192.168.11.10
     Snort IPS/IDS: CentOS 7 – Vmnet 11: 192.168.11.11/24
    Vmnet 12: 192.168.10.12/24
     WEB Server: CentOS 7 – Vmnet 12: 192.168.10.13
    2. Cài đặt và cấu hình Snort IDS/IPS
    2.1. Cài đặt Snort IDS
    Cài đjăt package yêu cầu:

    # yum install -y gcc flex bison zlib* libxml2 libpcap* pcre* tcpdump git libtool curl man
    make daq
    # yum groupinstall – y “Development Tools”

    Chuẩn bị các file cài đặt riêng sau:


    libdnet-1.12.tgz
    libdnet-1.12-6.el6.x86_64.rpm
    libdnet-devel-1.12-6.el6.x86_64.rpm

    Tải file snort mới nhất tại https://snort.org

    daq-2.06.tar
    snort-2.9.8.3.tar

    Bắt đầu cài đặt snort

    # cd /usr/local/src
    # tar -zxvf /root/ips/daq-2.0.6.tar.gz
    # tar -zxvf /root/ips/snort-2.9.8.3.tar.gz

    # cd daq-2.0.6.tar
    # ./configure
    # make && make install

    # cd /usr/local/src/snort-2.9.8.3
    # ./configure
    # make && make install

    # cd /etc
    # mkdir snort
    # cd snort
    # cp /urs/local/src/snort-2.9.8.3/etc/*.
    # tar -zvxf /root.ips/snortrules-snapshot-2983.tar.gz
    # touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules

    Tạo user, group, cấp quyền:

    # groupadd -g 40000 snort


    # useradd snort -u 40000 -d/var/log/snort - /sbin/nologin -c SNORT_IDS -g snort
    # cd /etc/snort
    # chown -R snort:snort *
    # chown -R snort:snort /var/log/snort

    You might also like