Snort Install Linux: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde geleert.)
 
Zeile 1: Zeile 1:
=Install=
 
*apt-get install snort
 
[[Datei:snort-linux-1.png]]
 
=Test=
 
*snort -T -i eth0 -c /etc/snort/snort.conf
 
=Local Rules=
 
*cat /etc/snort/rules/local.rules
 
Alert icmp any any -> any any (msg:"Snort Test"; sid:1000000001;)
 
#Alert udp any any -> any any (msg:"Snort Test UDP"; sid:1000000002;)
 
#Alert tcp any any -> any any (msg:"Snort Test TCP"; sid:1000000003;)
 
  
=Snort Test mit Ping von 192.168.244.2 auf 192.168.244.213=
 
*snort  -i eth0 -c /etc/snort/snort.conf  -A console
 
<pre>
 
08/24-10:07:20.917072  [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.2 -> 192.168.244.213
 
08/24-10:07:20.917072  [**] [1:384:5] ICMP PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213
 
08/24-10:07:20.917097  [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.213 -> 192.168.244.2
 
08/24-10:07:20.917097  [**] [1:408:5] ICMP Echo Reply [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.213 -> 192.168.244.2
 
08/24-10:07:21.917091  [**] [1:366:7] ICMP PING *NIX [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213
 
08/24-10:07:21.917091  [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.2 -> 192.168.244.213
 
08/24-10:07:21.917091  [**] [1:384:5] ICMP PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213
 
</pre>
 

Aktuelle Version vom 10. November 2017, 18:36 Uhr

Abgerufen von „http://wiki.ixheim.de/index.php?title=Snort_Install_Linux&oldid=15366