I-Suricata 4.0 ifumanisa abangena ngaphakathi kwaye ibeke esweni ukugcwala kwenethiwekhi

Darkcrizt

Imizuzu ye2

IMeerkat

uphawu lwemeerkat

IMeerkat Injini yenethiwekhi yokusebenza ye-IDS ephezulu (Inkqubo yokuKhangela ukungenelela), Ukhuseleko lwe-IPS kunye nenethiwekhi, ephuhliswe yi-OISF, esi sisiseko somthombo ovulekileyo wesicelo kunye Ngaba yipropathi ye- isiseko esingenzi nzuzo Uluntu oluSisiseko loLwazi loKhuseleko (OISF).

Isekwe kuseto lwemigaqo kuphuhliswe ngaphandle Ukujonga ukugcwala kwenethiwekhi kwaye unikeze izilumkiso kumlawuli wenkqubo xa kusenzeka iziganeko ezikrokrisayo. Yenzelwe ukuhambelana kunye nezinto ezikhoyo zokhuseleko, unikezela ukusebenza okuhlanganisiweyo kwemveliso kunye nokhetho lwethala leencwadi elinokutsha ukuze wamkele iminxeba evela kwezinye usetyenziso. Njengenjini enemisonto emininzi, ibonelela ngesantya esiphezulu kunye nokusebenza kakuhle kuhlalutyo lwendlela yenethiwekhi.

Okwangoku kuhlobo lwayo 4.0 ngophuculo kubuchule bokuchongwa kokungenelela kunye nasekuxhaseni iiprotocol ngakumbi kunye nokukhetha, ukuphucula i-injini ye-TCP yokuhamba kunye ne-IDS yayo.

Uyifaka njani iSuricata kwi-Ubuntu?

Njengoko benditshilo, inenkxaso yeenkqubo ezahlukeneyo zokusebenza kunye no-Ubuntu akunjalo, inendawo yokugcina esemthethweni esinokongeza kwaye sikwazi ukufaka kwinkqubo yethu, chwetheza nje le miyalelo ilandelayo:

sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update
sudo apt-get install suricata

Kwimeko yokuba noBuntu 16.04 okanye unengxaki zokuxhomekeka, ngalo myalelo ulandelayo usonjululwe:

sudo apt-get install libpcre3-dbg libpcre3-dev autoconf automake libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libmagic-dev libjansson-dev libjansson4

Ufakelo lwenziwe, Kuyacetyiswa ukuba ukhubaze nayiphi na ipakethi yento engekhoyo kwi-NIC ethi uSuricata ayimamele.

Banokukhubaza i-LRO / GRO kunxibelelwano lwe-eth0 yenethiwekhi besebenzisa lo myalelo ulandelayo:

sudo ethtool -K eth0 gro off lro off

IMeerkat ixhasa iindlela ezininzi zokusebenza. Sibona uluhlu lwazo zonke iindlela zokuphumeza ngalo myalelo ulandelayo:

sudo /usr/bin/suricata --list-runmodes
IMeerkat iyabaleka

Ukuqhuba kweMeerkat

Imowudi yokusebenza engagqibekanga esetyenzisiweyo yi-autofp imele "ulungelelwaniso oluzenzekelayo lokuhamba komthwalo" Kule ndlela, iipakethi ezivela kumjelo ngamnye owahlukileyo zabelwe intambo enye yokufumanisa. Ukuhamba kunikezelwe kwimisonto kunye nelona nani lisezantsi leepakethe ezingasetyenziswanga.

Ngoku sinokuqhubeka ukuya qala iSuricata kwimodi ephilayo ye-pcap , usebenzisa lo mthetho ulandelayo:

sudo /usr/bin/suricata -c /etc/suricata/suricata.yaml -i ens160 --init-errors-fatal

Ukuba ufuna ukwazi okungakumbi malunga nokukhethwa yiSuricata, ndiyakushiya esi sixhobo apho ungakhangela khona yonke into malunga nale software imangalisayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   UGustavo Adolfo Villegas Gómez sitsho
    yenzayo 7 iminyaka

    U-Elizabeth Aristizábal Gómez

    Phendula kuGustavo Adolfo Villegas Gómez
    1.    U-Elizabeth Aristizábal Gómez sitsho
      yenzayo 7 iminyaka

      Ndandihlala ndifuna ukuya kude ebomini. ?

      Phendula ku-Elizabeth Aristizábal Gómez
  2.   Jorge sitsho
    yenzayo 4 iminyaka

    kwaye ke ndiyibona njani into ayibonayo?

    Phendula Jorge