Bayan shekara guda na ci gaba, da Buɗe Asusun Tsaron Bayani (OISF) sanar ta hanyar rubutun blog, fitowar sabon sigar Suricata 6.0, wanda shine tsarin gano kutse da tsarin rigakafin yanar gizo wanda ke samar da hanyar duba nau'ikan zirga-zirga.
A cikin wannan sabon bugu an gabatar da ci gaba da ban sha'awa da yawa, kamar tallafi don HTTP / 2, haɓakawa ga ladabi daban-daban, haɓaka ayyukan aiki, tsakanin sauran canje-canje.
Ga wadanda basu san meerkat ba, ya kamata ku sani cewa wannan software eYa dogara ne akan jerin dokoki externally ci gaba don lura da zirga-zirgar hanyoyin sadarwa kuma samar da faɗakarwa ga mai gudanar da tsarin lokacin da abubuwan fargaba suka faru.
A cikin daidaitawar Suricata, an ba shi izinin yin amfani da bayanan sa hannu wanda aikin Snort ya haɓaka, da kuma reataddamarwa da Barazana da Emerarfafa Barazana Pro.
An rarraba lambar tushe na aikin a ƙarƙashin lasisin GPLv2.
Babban labarai na Suricata 6.0
A cikin wannan sabon sigar na Suricata 6.0 zamu iya samun tallafi na farko don HTTP / 2 tare da wacce ake gabatar da ingantattun abubuwa marasa adadi kamar amfani da mahada guda daya, matse kan kai, da sauran abubuwa.
Bayan haka goyon baya ga ladaran RFB da MQTT an haɗa su, ciki har da ma'anar yarjejeniya da damar shiga.
Har ila yau aikin rajista ya inganta sosai ta hanyar injin EVE, wanda ke ba da fitowar JSON daga abubuwan da suka faru. Ana samun hanzari ta hanyar amfani da sabon janareto na JSON, wanda aka rubuta a cikin harshen Rust.
Haɓaka tsarin tsarin Hauwa'u ya ƙaru kuma sun aiwatar da ikon kiyaye fayil ɗin otal don kowane watsa shirye-shirye.
Har ila yau, Suricata 6.0 yana gabatar da sabon yare ma'anar doka wanda ke ƙara goyan baya ga ma'aunin daga_end a cikin maɓallin byte_jump da mahimmin bitmask a cikin byte_test. Additionari ga haka, an aiwatar da maɓallin pcrexform don ba da izinin maganganu na yau da kullun (pcre) don ɗaukar maɓallin.
Abilityarfin tunatar da adiresoshin MAC a cikin rikodin EVE da ƙara bayanai dalla-dalla na DNS.
Na sauran canje-canje da suka yi fice na wannan sabon sigar:
- Conversionara sauya urldecode Keyara maɓallin byte_math.
- Damar shiga cikin yarjejeniyar DCERPC. Ikon ayyana yanayi don zubar da bayanai a cikin kundin.
- Ingantaccen aikin motsa jiki.
- Tallafi don gano ayyukan aiwatarwar SSH (HASSH).
- Aiwatar da GENEVE tunnel decoder.
- An sake rubuta lambar tsatsa don ɗaukar ASN.1, DCERPC, da SSH. Rust kuma yana tallafawa sabbin ladabi.
- Bayar da damar amfani da cbindgen don samar da haɗin haɗi a Rust da C.
- Supportara tallafin tallafi na farko.
Finalmente idan kanaso ka kara sani game da shi, zaka iya duba bayanan ta hanyar zuwa zuwa mahada mai zuwa.
Yadda ake girka Suricata akan Ubuntu?
Don shigar da wannan mai amfani, zamu iya yin hakan ta ƙara matatar ajiya mai zuwa zuwa tsarinmu. Don yin wannan, kawai rubuta waɗannan umarnin:
sudo add-apt-repository ppa:oisf/suricata-stable sudo apt-get update sudo apt-get install suricata
Idan akwai Ubuntu 16.04 ko samun matsaloli tare da masu dogaro, tare da umarnin mai zuwa an warware shi:
sudo apt-get install libpcre3-dbg libpcre3-dev autoconf automake libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libmagic-dev libjansson-dev libjansson4
Girkawar gama, ana bada shawara don musaki kowane fakitin fasalin kashe abubuwa akan NIC wanda Suricata ke saurare.
Zasu iya kashe LRO / GRO akan hanyar sadarwar eth0 ta amfani da umarni mai zuwa:
sudo ethtool -K eth0 gro off lro off
Meerkat yana tallafawa halaye da dama na aiki. Zamu iya ganin jerin duk yanayin aiwatarwa tare da umarni mai zuwa:
sudo /usr/bin/suricata --list-runmodes
Yanayin gudu wanda aka yi amfani dashi shine autofp yana tsaye ne don "daidaita daidaitaccen ƙarancin yadin gudana". A wannan yanayin, an sanya fakiti daga kowane rafi daban-daban zuwa zaren gano guda. Ana sanya gudummawar zuwa zaren tare da mafi ƙarancin fakiti marasa tsari.
Yanzu zamu iya ci gaba fara Suricata a cikin yanayin rayuwa kai tsaye, ta amfani da umarni mai zuwa:
sudo /usr/bin/suricata -c /etc/suricata/suricata.yaml -i ens160 --init-errors-fatal