Snort Install Linux: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (→Test) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 9: | Zeile 9: | ||
#Alert udp any any -> any any (msg:"Snort Test UDP"; sid:1000000002;) | #Alert udp any any -> any any (msg:"Snort Test UDP"; sid:1000000002;) | ||
#Alert tcp any any -> any any (msg:"Snort Test TCP"; sid:1000000003;) | #Alert tcp any any -> any any (msg:"Snort Test TCP"; sid:1000000003;) | ||
| + | |||
| + | =Snort Test mit Ping von 192.168.244.2 auf 192.168.244.213= | ||
| + | *snort -i eth0 -c /etc/snort/snort.conf -A console | ||
| + | <pre> | ||
| + | 08/24-10:07:20.917072 [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.2 -> 192.168.244.213 | ||
| + | 08/24-10:07:20.917072 [**] [1:384:5] ICMP PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213 | ||
| + | 08/24-10:07:20.917097 [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.213 -> 192.168.244.2 | ||
| + | 08/24-10:07:20.917097 [**] [1:408:5] ICMP Echo Reply [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.213 -> 192.168.244.2 | ||
| + | 08/24-10:07:21.917091 [**] [1:366:7] ICMP PING *NIX [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213 | ||
| + | 08/24-10:07:21.917091 [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.2 -> 192.168.244.213 | ||
| + | 08/24-10:07:21.917091 [**] [1:384:5] ICMP PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213 | ||
| + | </pre> | ||
Version vom 24. August 2016, 10:07 Uhr
Install
- apt-get install snort
Test
- snort -T -i eth0 -c /etc/snort/snort.conf
Local Rules
- cat /etc/snort/rules/local.rules
Alert icmp any any -> any any (msg:"Snort Test"; sid:1000000001;) #Alert udp any any -> any any (msg:"Snort Test UDP"; sid:1000000002;) #Alert tcp any any -> any any (msg:"Snort Test TCP"; sid:1000000003;)
Snort Test mit Ping von 192.168.244.2 auf 192.168.244.213
- snort -i eth0 -c /etc/snort/snort.conf -A console
08/24-10:07:20.917072 [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.2 -> 192.168.244.213
08/24-10:07:20.917072 [**] [1:384:5] ICMP PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213
08/24-10:07:20.917097 [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.213 -> 192.168.244.2
08/24-10:07:20.917097 [**] [1:408:5] ICMP Echo Reply [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.213 -> 192.168.244.2
08/24-10:07:21.917091 [**] [1:366:7] ICMP PING *NIX [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213
08/24-10:07:21.917091 [**] [1:1000000001:0] Snort Test [**] [Priority: 0] {ICMP} 192.168.244.2 -> 192.168.244.213
08/24-10:07:21.917091 [**] [1:384:5] ICMP PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.244.2 -> 192.168.244.213