×ðÁú¿­Ê±

ÔõÑùʹÓÃÍøÂçIDS± £»¤CentOSЧÀÍÆ÷ÃâÊÜÍøÂç¹¥»÷

ÔõÑùʹÓÃÍøÂçids± £»¤centosЧÀÍÆ÷ÃâÊÜÍøÂç¹¥»÷

µ¼ÑÔ£º

Ëæ×ÅÍøÂçµÄ¿ìËÙÉú³¤ºÍʹÓà £¬ÔÚ»¥ÁªÍøÉϱ £»¤Ð§ÀÍÆ÷ÃâÊÜÖÖÖÖÍøÂç¹¥»÷µÄÖ÷ÒªÐÔÓú¿ªÕ¹ÏÖ¡£ÍøÂçÈëÇÖ¼ì²âϵͳ£¨Intrusion Detection System £¬IDS£©ÊÇÒ»ÖÖÓÃÓÚ¼ì²âºÍ×èÖ¹¶ñÒâÍøÂçÔ˶¯µÄÖ÷Òª¹¤¾ß¡£±¾ÎĽ«ÏòÄúÏÈÈÝÔõÑùÔÚCentOSЧÀÍÆ÷ÉÏʹÓÃÍøÂçIDSÀ´± £»¤ÄúµÄЧÀÍÆ÷ÃâÊÜÍøÂç¹¥»÷¡£

Ò»¡¢Ê²Ã´ÊÇÍøÂçIDS £¿

ÍøÂçIDSÊÇÒ»ÖÖÓÃÓÚ¼à¿ØÍøÂçÁ÷Á¿ºÍ¼ì²âDZÔڵĹ¥»÷ÐÐΪµÄϵͳ¡£Ëü¿ÉÒÔͨ¹ý¼ì²âÐÐΪģʽºÍÌض¨µÄ¹¥»÷ÌØÕ÷À´Ê¶±ð¹¥»÷ £¬ÒÔ±ãʵʱ½ÓÄÉÏìÓ¦µÄ²½·¥¡£

¶þ¡¢CentOSЧÀÍÆ÷ÉϵÄÍøÂçIDS×°ÖÃ

Ê×ÏÈ £¬ÎÒÃÇÐèÒªÔÚCentOSЧÀÍÆ÷ÉÏ×°ÖÃÍøÂçIDSÈí¼þ¡£ÔÚ±¾Ê¾ÀýÖÐ £¬ÎÒÃÇÑ¡ÔñSuricata×÷ΪÍøÂçIDS¡£Ö´ÐÐÒÔÏÂÏÂÁîÀ´×°ÖÃSuricata£º

sudo yum install epel-release
sudo yum install suricata

µÇ¼ºó¸´ÖÆ

×°ÖÃÍê³Éºó £¬ÎÒÃÇÐèÒªÉèÖÃSuricataÒÔ¼à¿ØÍøÂçÁ÷Á¿¡£·­¿ªSuricataÉèÖÃÎļþ/etc/suricata/suricata.yaml £¬²¢¾ÙÐÐÏìÓ¦µÄµ÷½â £¬ÈçÖ¸¶¨Òª¼à¿ØµÄÍøÂç½Ó¿Ú¡¢ÉèÖÃÈÕÖ¾Îļþ·¾¶µÈ¡£

Èý¡¢ÉèÖÃÍøÂçIDS¹æÔò

ÍøÂçIDSÒÀÀµÓÚIDS¹æÔòÀ´¼ì²âDZÔڵĹ¥»÷ÐÐΪ¡£SuricataʹÓùæÔòÎļþ¾ÙÐÐÍøÂçIDS¼ì²â¡£Ä¬ÈÏÇéÐÎÏ £¬Suricata»á´Ó/etc/suricata/rulesĿ¼¼ÓÔعæÔòÎļþ¡£

Äú¿ÉÒÔ±àд×Ô½ç˵¹æÔò £¬Ò²¿ÉÒÔ´Ó»¥ÁªÍøÉÏÏÂÔØÒÑÓеĹæÔò¡£ÏÂÃæÊÇÒ»¸öʾÀý¹æÔò £¬ÓÃÓÚ¼ì²âSSH±©Á¦Æƽ⹥»÷£º

alert tcp any any -> $HOME_NET 22 (msg: "Possible SSH Brute Force Attack"; flow: established,to_server; content: "SSH-"; threshold: type threshold, track by_src, count 5, seconds 60; sid: 1000001; rev: 1;)

µÇ¼ºó¸´ÖÆ

½«Õâ¸ö¹æÔòÉúÑĵ½/etc/suricata/rulesĿ¼ÏµÄcustom.rulesÎļþÖС£

ËÄ¡¢Æô¶¯ÍøÂçIDS

ÔÚÍê³ÉÉèÖú͹æÔòÉèÖúó £¬ÎÒÃÇ¿ÉÒÔÆô¶¯SuricataÀ´¼à¿ØÍøÂçÁ÷Á¿²¢¾ÙÐй¥»÷¼ì²â¡£Ö´ÐÐÒÔÏÂÏÂÁîÀ´Æô¶¯Suricata£º

sudo systemctl start suricata

µÇ¼ºó¸´ÖÆ

ͨ¹ýÒÔÏÂÏÂÁî £¬Äú¿ÉÒÔ¼ì²éSuricataµÄ״̬£º

sudo systemctl status suricata

µÇ¼ºó¸´ÖÆ

Îå¡¢¼à¿ØºÍÏìÓ¦ÍøÂç¹¥»÷

Ò»µ©Suricata×îÏȼà¿ØÍøÂçÁ÷Á¿ £¬Ëü½«ÔÚ¼ì²âµ½Ç±ÔÚ¹¥»÷ʱ·¢³ö¾¯±¨¡£Äú¿ÉÒÔʹÓÃSuricataÌṩµÄÈÕÖ¾ÎļþÀ´¼à¿Ø¾¯±¨ºÍ¹¥»÷ÊÂÎñ¡£Éó²éSuricataÈÕÖ¾ÎļþµÄ·¾¶¿ÉÒÔÔÚÉèÖÃÎļþÖоÙÐе÷½â¡£

µ±ÍøÂçIDS·¢Ã÷¹¥»÷ÐÐΪʱ £¬¿ÉÒÔ½ÓÄɶàÖÖÏìÓ¦²½·¥ £¬Èç¶Ï¿ªÅþÁ¬¡¢·â±Õ¹¥»÷ÕßIPµÈ¡£Äú¿ÉÒÔÉèÖÃSuricataÒÔʵÏÖÌض¨µÄÏìÓ¦ÐÐΪ¡£

½áÂÛ£º

ͨ¹ýÔÚCentOSЧÀÍÆ÷ÉÏʹÓÃÍøÂçIDS £¬ÎÒÃÇ¿ÉÒÔÓÐÓõر £»¤Ð§ÀÍÆ÷ÃâÊÜÍøÂç¹¥»÷¡£±¾ÎÄÏÈÈÝÁËÔõÑù×°Öá¢ÉèÖúÍʹÓÃSuricata×÷ΪÍøÂçIDSµÄʾÀý¡£Í¨¹ý׼ȷÉèÖùæÔò²¢¼à¿ØºÍÏìÓ¦¾¯±¨ £¬Äú¿ÉÒÔÌá¸ßЧÀÍÆ÷µÄÇå¾²ÐÔ²¢± £»¤Ð§ÀÍÆ÷ÄÚµÄÃô¸ÐÊý¾Ý¡£Çë¼Ç×Å £¬ÍøÂçIDSÖ»ÊÇÇ徲ϵͳÖеÄÒ»²¿·Ö £¬»¹ÐèÒªÆäËûÇå¾²²½·¥À´ÖÜÈ«± £»¤Ð§ÀÍÆ÷¡£

ÒÔÉϾÍÊÇÔõÑùʹÓÃÍøÂçIDS± £»¤CentOSЧÀÍÆ÷ÃâÊÜÍøÂç¹¥»÷µÄÏêϸÄÚÈÝ £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±ÂËÓÍ»úÍø¹Ù·½Ì¬¶È £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢ £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢ £¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±ÊµÊ±ÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå £¬9:30-18:30 £¬½ÚãåÈÕÐÝÏ¢

QR code
¡¾ÍøÕ¾µØͼ¡¿¡¾sitemap¡¿