Security-onion
Version vom 11. August 2016, 08:53 Uhr von Thomas (Diskussion | Beiträge)
Setup
- [Security Onion Setup]]
nsm status
- service nsm status
Status: securityonion * sguil server [ OK ] Status: HIDS * ossec_agent (sguil) [ OK ] Status: Bro Getting process status ... Getting peer status ... Name Type Host Status Pid Peers Started bro standalone localhost running 3049 0 10 Aug 13:20:10 Status: gondor-eth1 * netsniff-ng (full packet data) [ OK ] * pcap_agent (sguil) [ OK ] * snort_agent-1 (sguil) [ OK ] * snort-1 (alert data) [ OK ] * barnyard2-1 (spooler, unified2 format) [ OK ]
test
- cat /etc/nsm/rules/local.rules
alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; GID:1; sid:10000001; rev:001; classtype:icmp-event;)
nsm restart
- service nsm restart