Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
*
HanIRCÀÇ #coffeenix ¹æ
[
Àåºñ ¹× ȸ¼± ÈÄ¿ø
]
> Forum <
IT ÀÏÁ¤
N
e
w
!
ÀÚµ¿È ÇÁ·ÎÁ§Æ®
HOME
>
º¸¾È(security)
>
¹æȺ®, ÆÐŶ ÇÊÅ͸µ / IDS
µµ¿ò¸»
°Ë»ö :
»çÀÌÆ®
WHOIS
À¥¼¹ö Á¾·ù
SNORT+APM+ACID ON Redhat 9.0
ÀÛ¼ºÀÏ : 2003/11/10 11:32
±Û¾´ÀÌ : DIYS
Á¶È¸¼ö : 7561
[
ÀÌÀüȸé
/
¼öÁ¤
] ºñ¹Ð¹øÈ£ :
º» ³»¿ëÀº ¾î´ÀÁ¤µµ ÀÌÇØ·Â(?)°ú IDS¿¡ ´ëÇÑ °³³äÀ» °¡Áø ºÐÀ» ±âÁØÀ¸·Î ½ºÇǵðÇÏ°Ô ¼³¸íÇØ
³õÀº ´Ü¼øÇÑ ÀýÂ÷¼ÀÔ´Ï´Ù. »ó¼¼ÇÑ ¼³¸íÀ» ¿øÇϽøé ÇØ´ç ¸Þ´º¾óÀ» Âü°íÇϼ¼¿ä.
Âü°íÇÑ ¹®¼
http://www.snort.org/docs/writing_rules/
http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf
http://www.snort.org/docs/snort_acid_rh9.pdf
http://www.snort.org/docs/FreeBSD47RELEASE-Snort-MySQLVer1-3.pdf
http://www.snort.org/docs/snort-win2k.htm
¹Ì¸® ¼³Ä¡µÇ¾îÀÖ¾î¾ß ÇÒ ÆÐÅ°Áö
libpcap-0.7.2-1.rpm
zlib-1.1.4-8.rpm
libgd, libpng libjpeg-6b?
!! ¼³Ä¡Áß ÇÊ¿äÇÏ´Ù°í ¿¡·¯ ¶ß¸é ÇØ´ç ÆäÅ°Áö ±ò¾ÆÁÖ¸éµÊ. ^^;
ÀÚ½ÅÀÖ´Ù¸é ¼Ò½º·Î ±ò¾Æ¼ °æ·Î¸¦ ÁöÁ¤ÇØÁ־ ¹«¹æÇÔ. ^^;
´Ù¿î·Îµå (!! º¸Åë /tmp ȤÀº /usr/local/src ¿¡´Ù°¡ ´Ù¿î ¹ÞÁÒ~? ^^)
http://members.chello.se/jpgraph/jpgdownloads/jpgraph-1.13.tar.gz
http://www.students.fh-sbg.ac.at/~gwalch/adodb330.tgz
http://www.andrew.cmu.edu/~rdanyliw/snort/acid-0.9.6b23.tar.gz
1. mysql ¼³Ä¡
# tar xfz mysql-4.1.0-alpha.tar.gz
# cd mysql-4.1.0-alpha
# ./configure --prefix=/usr/local/mysql && make -s && make -s install
# scripts/mysql_install_db
# chown -R root.mysql /usr/local/mysql
# chown -R mysql /usr/local/mysql/var
# cp support-files/mysql-x.conf /etc/my.cnf <-- »ç¾ç¿¡ ¸Â´Â ÆÄÀÏ ¼±ÅÃ
# vi /etc/ld.so.conf
/usr/local/lib
/usr/local/mysql/lib/mysql
2ÁÙ Ãß°¡
# ldconfig -v
# cd /usr/local/mysql
# bin/mysqld_safe --user=mysql &
ºÎÆýà ÀÚµ¿ ½ÇÇàµÇ°Ô Á¶Ä¡¸¦ ÃëÇسõ´Â´Ù.¤»¤»¤»¤»
2. Apache-2.0.47 + PHP-4.3.2 ¼³Ä¡
# tar xfz httpd-2.1.0.tar.gz
# cd httpd-2.0.47
# ./configure --prefix=/usr/local/apache --enable-mods-shared=all --enable-so && make -s && make -s install
# tar xfz php-4.3.2.tar.gz
# cd php-4.3.2
# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs \
--with-config-file-path=/usr/local/apache/conf --enable-sockets \
--with-mysql=/usr/local/mysql --with-zlib-dir=/usr --with-gd && make -s && make -s install
# cp php.ini-dist /usr/local/apache/conf
# vi /usr/local/apache/conf/httpd.conf
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .ph .php .html
Àû´çÇÑ À§Ä¡¿¡ Ãß°¡ ½ÃÄÑÁØ´Ù.
# vi /etc/rc.loal
/usr/local/apache/bin/apachectl start <--- ºÎÆýà ½ÇÇàµÇ°Ô²û ÇÑÁÙ Ãß°¡.
!! httpd.conf ÆÄÀÏ ¼³Á¤Àº ÇØ´çµÇ´Â ÆäÀÌÁö°¡ ¿¸®°Ô²û °¢ÀÚ ¾Ë¾Æ¼ ¼³Á¤À» ÀßÇϽñæ..
3. SNORT-2.0.0 ¼³Ä¡
# tar xfz snort-2.0.0.tar.gz
# cd snort-2.0.0
# ./configure --prefix=/usr/local/snort && make -s && make -s install
!! ¹®¼»ó¿¡´Â prefix Áö½ÃÀÚ¸¦ ¾²Áö ¾Ê¾ÒÁö¸¸ ÇÑ°÷À¸·Î ¸ô¾Æ¼ °ü¸®ÇÏ´Â°Ô ÆíÇϹǷÎ
ÇÊÀÚ´Â ÀÌ·¸°Ô ¼³Ä¡Çß´Ù.
# mkdir -p /usr/local/snort/etc/snort
# mkdir -p /usr/local/snort/var/log < -- ·Î±×³²±æ °æ·Î Àß ±â¾ïÇØµÑ °Í
# cp -rfp rules /usr/local/snort/etc < -- ·êÆÄÀÏ °æ·Î Àß ±â¾ïÇØµÑ °Í
# cp etc/* /usr/local/snort/etc/snort < -- ¼³Á¤ÆÄÀÏ º¹»ç(±ÍÂú¾Æ¼ ´Ù º¹»çÇßÀ½.)
# vi /usr/local/snort/etc/snort/snort.conf
var HOME_NET 10.2.2.0/24 < -- ³»ºÎ ³×Æ®¿÷ ¾ÆÀ̵ð / ¸¶½ºÅ© ºñÆ®¼ö
ex) 192.168.1.x C Ŭ·¡½º¸¦ 4°³ÀÇ ¼ºê³ÝÀ¸·Î ³ª´©¾úÀ»¶§ ºñÆ®¼ö´Â 2 ÀÌ°í
¸ð´ÏÅ͸µÇÒ ³×Æ®¿÷ÀÌ 192.168.1.192 ¶ó¸é ¾Æ·¡¿Í °°ÀÌ ÇÑ´Ù.
var HOME_NET 192.168.1.192/26
var RULE_PATH /usr/local/snort/etc/rules <--- ·êÆÄÀÏ °æ·Î
output database : log, mysql, user="À¯Àú¸í" password="Æнº¿öµå" dbname="µðºñ¸í" host="localhost"
# cp contrib/S99snort /etc/init.d/snort
# chmod 750 /etc/init.d/snort
# vi /etc/init.d/snort
CONFIG=/usr/local/snort/etc/snort/snort.conf < -- º¯°æ
LOGDIR=/usr/local/snort/var/log¡¡¡¡¡¡¡¡¡¡¡¡<--- Ãß°¡
#SNORT_GID=nogroup¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡<--- ÁÖ¼®Ã³¸®
$SNORT_PATH/snort -c $CONFIG -i $IFACE -g $SNORT_GID $OPTIONS
--> $SNORT_PATH/snort -c $CONFIG -i $IFACE $OPTIONS -l $LOGDIR ·Î º¯°æ
!! ½©½ºÅ©¸³Æ®¸¦ ÀÌÇØÇÑ´Ù¸é ÀÚ½ÅÀÇ ±¸¹Ì¿¡ ¸Â°Ô ¼öÁ¤ÇϽñæ...
4. MySQL ¼ÂÆà (!! ÇöÀç À§Ä¡ÇÑ µð·ºÅ͸®´Â snort-2.0.0 ¼Ò½ºµð·ºÅ͸®ÀÌ´Ù.)
# /usr/local/mysql/bin/mysql
> drop database test;
> use mysql;
> insert into db values('localhost','µðºñ¸í','µðºñÀ¯Àú','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
> insert into user (Host,User,Password) values('localhost','À¯Àú¸í',password('Æнº¿öµå'));
> flush privileges;
> exit
# /usr/local/mysql/bin/mysql -u snort -p snort < ./contrib/create_mysql
>Enter password:
# zcat ./contrib/snortdb-extra.gz | /usr/local/mysql/bin/mysql -u snort -p snort
>Enter password:
!! Á¦´ë·Î ½ºÅ°¸¶¿Í µ¥ÀÌÅÍ°¡ ÀԷµǾîÀÖ´ÂÁö °¢ÀÚ È®ÀÎÇغ»´Ù. ^^;
5. JPGraph-1.13 + ADODB + ACID-0.9.6b23 ¼³Ä¡
# tar xfz jpgraph-1.13.tar.gz
# tar xfz adodb330.tgz
# tar xfz acid-0.9.6b23.tar.gz
# mv jpgraph-1.13 /YOUR/HOMEPAGE/DRECTORY/jpgraph
# mv adodb /YOUR/HOMEPAGE/DRECTORY
# mv acid /YOUR/HOMEPAGE/DRECTORY
# cd /YOUR/HOMEPAGE/DRECTORY/acid
# vi acid_conf.php
$DBlib_path = "/YOUR/HOMEPAGE/DRECTORY/adodb";
$DBtype = "mysql";
$alert_dbname = "µðºñ¸í";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "À¯Àú¸í";
$alert_password = "Æнº¿öµå";
$archive_dbname = "µðºñ¸í";
$archive_host = "localhost";
$archive_port = "";
$archive_user = "À¯Àú¸í";
$archive_password = "Æнº¿öµå";
$ChartLib_path = "/YOUR/HOMEPAGE/DRECTORY/jpgraph/src";
$chart_fileformat = "png";
6. È®ÀÎ
ºê¶ó¿ìÀúâ¿¡¼ http://yourhost/acid/ or http://yourip/~°èÁ¤/acid
setup ÆäÀÌÁö°¡ ³ª¿À¸é Creat ACID AG ¹öÆ°À» Ŭ¸¯ÇÑ´Ù.
ÀÌÁ¦ ¸ðµç°ÍÀÌ ³¡³µ´Ù.
snort¸¦ ½ÇÇà½ÃÅ°°í ºê¶ó¿ìÁ® âÀ» ¶ç¿ì¸é ½Ç½Ã°£À¸·Î ºÐ¼®µÈ ³»¿ëÀÌ ³ªÅ¸³´Ù.
!! ºÎÆýà ÀÚµ¿ ½ÃÀÛµÇ°Ô ÇÏ´Â ¹æ¹ýÀº ÀϺη¯ ÀûÁö ¾Ê¾Ò´Ù.
½º½º·Î ¾Ë¾Æ¼ ÇϽñæ...
7. ´ý
½ÇÁ¦ Å×½ºÆ® ÇÒ¼öÀִ ȯ°æ
snort ¼¹ö 1´ë / ÀÏ¹Ý ³ëµå¿ë ÇǾ¾ 1´ë ÀÌ»ó / IP 2°³ ÀÌ»ó
Áö´É½ºÀ§Ä¡(port-mirroring Áö¿ø Çʼö) 1´ë
¹Ì·¯¸µÀ¸·Î ¿À°í°¡´Â ÆÐŶÀ» snort¼¹ö Æ÷Æ®·Î º¹»çµÇ°Ô²ûÇÑ´Ù.
Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
[04/18]
??? ?????
[04/17]
???? onion ?????? -
[04/11]
±¹°¡
[04/10]
Stride Into Dream:
[03/20]
Re: ¿Â¶óÀΰÔÀÓÀÇ Á¾ÁÖ±¹ ´ëÇѹα¹
[10/20]
Cross Compiler ±ò
[07/14]
SSL ¬¡¬°
[04/26]
Re: µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[04/25]
µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[10/30]
Cshell¿¡¼ ³¼ö ¼³Á¤
[10/23]
°øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
[01/26]
Re: wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/25]
wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/11]
ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼ SSL ¹®Á¦ (WebView ¹ö±×)
[08/01]
DNS forwarder (Àü´ÞÀÚ) ¼¹ö¸¦ ÅëÇؼ Äõ¸®ÇÏ¸é ¿ª¹æÇâÀ» ¹Þ¾Æ¿ÀÁú ¸øÇÕ´Ï´Ù.
N
e
w
! ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
QCad for Windows --- GNU GPL (Free Software)
The Hello World Collection
IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼¹ö°ü¸®
DNS ¼³Á¤ °Ë»ç
nagiosgraph ¼³Ä¡ ¹æ¹ý
Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
clusterssh
[ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]
¿î¿µÁø :
ÁÁÀºÁøÈ£(truefeel)
, ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
2003³â 8¿ù 4ÀÏ~