O’zbekiston respublikasi raqamli texnologiyalari
Yüklə 139,72 Kb.
|
|
root@lord./configure--with-libpcap- includes=/home/dood/libpcap} root @lord]# make root @lord]# make install
Ushbu jarayondan so‘ng Snort kompyuterda o'rnatiladi. Endi Snort jurnalfayllarini saqlaydigan katalog yaratish kerak: root @lord]#mkdir /var/log/snort Dastur qayerda o'rnatilganligini tasdiqlash uchun quyidagilarni bajarish kerak: root @lord]# whereis snort Snort arxitekturasi uchta asosiy tarkibiy qismga ega, ularni quyidagichatavsiflash mumkin: Paket dekoderi: ushlangan paketlarni ma'lumotlar turi shaklida tayyorlaydi, keyinchalik ularni aniqlash mexanizmi yordamida qayta ishlashi mumkin. Paket dekoderi Ethernet, SLIP va PPP paketlarini qayd etishi mumkin. Aniqlash mexanizmi: Snort qoidalari asosida unga "dekoder" tomonidan yuborilgan paketlarni tahlil qiladi va qayta ishlaydi. Snortning funksionalligini oshirish uchun o'zgaruvchan modullarni aniqlash mexanizmiga kiritish mumkin. Logger/Alerter: Registrator siz o'qigan formatda paket dekoder tomonidanto'plangan ma'lumotlarni yozib olish imkonini beradi. Odatda, ro'yxatdan o'tish fayllari katalogda saqlanadi:/var/log/Snort. Ogohlantirish mexanizmi ogohlantirishlarni syslog, fayl, Unix soketlari yoki ma'lumotlar bazasiga yuboradi. Odatda, barcha ogohlantirishlar faylda saqlanadi: /var/log/Snort/alerts. Dastur va uning rejimlarini o'rganish Ushbu bo'limda SNORT tushunchalari va buyruqlarini batafsil muhokama qilinadi. Ushbu vazifa dasturning barcha kalitlarini aks ettiradigan oddiy buyruq bilan boshlanadi: root@lord snort -? Buyruq quyidagilarni beradi: -*> Snort! <*- Versio n 1.7 By Martin Roesch (roesch@clark.net, www.snort.org)USAGE: snort [-options] Options: -A Set alert mode: fast, full, or none (alert file alerts only)'unsock' enables UNIX socket logging (experimental). -a Display ARP packets -b Log packets in tcpdump format (much faster!) -c Use Rules File -C Print out payloads with character data only (no hex) -d Dump the Application Layer -D Run Snort in background (daemon) mode -e Display the second layer header info -F Read BPF filters from file -g Run snort gid as 'gname' user or uid after initialization -h Home network = -i Listen on interface -l Log to directory -n Exit after receiving packets -N Turn off logging (alerts still work) -o Change the rule testing order to Pass|Alert|Log Yüklə 139,72 Kb. Dostları ilə paylaş:
|