Security-onion: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (→Setup) |
Thomas (Diskussion | Beiträge) (→Setup) |
||
| Zeile 1: | Zeile 1: | ||
=Setup= | =Setup= | ||
*[[Security Onion Setup]] | *[[Security Onion Setup]] | ||
| + | =Check= | ||
| + | *[[Security Onion Check]] | ||
=nsm status= | =nsm status= | ||
Version vom 11. August 2016, 09:18 Uhr
Setup
Check
nsm status
- service nsm status
Status: securityonion * sguil server [ OK ] Status: HIDS * ossec_agent (sguil) [ OK ] Status: Bro Getting process status ... Getting peer status ... Name Type Host Status Pid Peers Started bro standalone localhost running 3049 0 10 Aug 13:20:10 Status: gondor-eth1 * netsniff-ng (full packet data) [ OK ] * pcap_agent (sguil) [ OK ] * snort_agent-1 (sguil) [ OK ] * snort-1 (alert data) [ OK ] * barnyard2-1 (spooler, unified2 format) [ OK ]
test
- cat /etc/nsm/rules/local.rules
alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; GID:1; sid:10000001; rev:001; classtype:icmp-event;)
nsm restart
- service nsm restart