-
8/16/2019 Cau Hinh Snort (Nids)
1/14
NIDS (Network Intrusion Detection System) với Snort
I: Chuẩn bị
• Máy chủ Linux chạy HDH CentOS 6.5• Máy Client chạy HĐH Windows
7
II: Cấu hinh
• Ci !"t th#$ các %&i h' t() cho We*
+(oot,-/01L02134 yu$ inst8ll 1y $ys9l1se(:e(
$ys9l1*ench$ys9l1de:el htt;d ;h; ;h;1$*st(in% ;h;lex *ison• ?@i :A
các %&i s8uB ho"c c& th li#n h :Ei %i@n% :i#n
-
8/16/2019 Cau Hinh Snort (Nids)
2/14
• Fi@i nGn : ci !"t Li*dnet1.4.t%I
+(oot,-/01L02134 t8( 1Ix:> li*dnet1.4.t%I
+(oot,-/01L02134 cd li*dnet1.4
+(oot,-/01L02134 li*dnet1.4 .Jcon>i%u(e11;(e>ix
-
8/16/2019 Cau Hinh Snort (Nids)
3/14
+(oot,-/01L02134 cd li*;c8;1.3.3
+(oot,-/01L02134 li*;c8;1.3.3 .Jcon>i%u(e
11;(e>ix
-
8/16/2019 Cau Hinh Snort (Nids)
4/14
+(oot,-/01L02134 t8( 1Ix:> sno(t14.R...t8(.%I
+(oot,-/01L02134 cd sno(t14.R..
+(oot,-/01L02134 sno(t14.R.. .Jcon>i%u(e
11with1$ys9l1li*(8(iesi(e 11en8*le1(elo8d 11en8*le1Ili*11en8*le1%(e
11en8*le1$;ls 11en8*le1;;$
11en8*le1;e(>;(o>ilin%11with1dnet1includes
-
8/16/2019 Cau Hinh Snort (Nids)
5/14
+(oot,-/01L02134 sno(t14.R.. $Kdi( JetcJsno(t
+(oot,-/01L02134 sno(t14.R.. $Kdi( J:8(Jlo%Jsno(t
• ?h8y !Yi 9uyAn sZ h[u củ8 th $Nc J:8(Jlo%Jsno(t
+(oot,-/01L02134 sno(t14.R.. chown
sno(t\sno(tJ:8(Jlo%Jsno(tJ
• Chuyn :A th $Nc J(oot : co;y tt c@ các >ile cu h]nh
củ8Sno(t tEi th $Nc JetcJsno(t
+(oot,-/01L02134 c; sno(t14.R..JetcJ^ JetcJsno(tJ
+(oot,-/01L02134 ($ 1(> JetcJsno(tJM8Ke>ile^ _t; tin h'
t()cho :ic *i#n dUch các ch`n% t(]nh :iQt *an% $b n%un C
+(oot,-/01L02134 $Kdi( 1;Jus(Jloc8lJli*6Jsno(tdyn8$ic(ules
•
Co;y ton *V th $Nc Sno(t(ules1sn8;shot114f5g.t8(.%I :oth $Nc
JetcJsno(t
+(oot,-/01L02134 c;
sno(t(ules1sn8;shot14f5g.t8(.%IJetcJsno(tJ
• Chuyn !Qn th $Nc JetcJsno(t tiQn hnh %i@i nGn : ci
!"tSno(t(ule
+(oot,-/01L02134 cd JetcJsno(tJ
+(oot,-/01L02134 sno(t t8( 1Ix:>
sno(t(ules1sn8;shot14f5g.t8(.%I
-
8/16/2019 Cau Hinh Snort (Nids)
6/14
+(oot,-/01L02134 sno(t
c;JetcJsno(tJso(ulesJ;(eco$;iledJCentos151JxR616J4.f.5.gJ^.soJus(Jloc8lJli*6Jsno(tdyn8$ic(ulesJ
+(oot,-/01L02134 sno(t c8t JetcJsno(tJso(ulesJ^.(ules
JetcJsno(tJ(ulesJso1(ules.(ules
• Chuyn !Qn th $Nc JetcJsno(t : tiQn hnh cu h]nh Sno(t
+(oot,-/01L02134 sno(tcd JetcJsno(t
+(oot,-/01L02134 sno(t :i sno(t.con>
Djn% 3 t(Z !n% dkn tEi th $Nc chX8 ules
:8( mL0/?H JetcJsno(tJ(ules
Djn% t(Z !n% dkn tEi th $Nc chX8 th :in
:8( 00OCmL0/?H JetcJsno(tJ;(e;(oc(ules
Djn% 6RR tiQn hnh *Z du : !iAn thn% tin :A d8t8*8seout;ut
d8t8*8se\ lo%B $ys9lB use(
-
8/16/2019 Cau Hinh Snort (Nids)
7/14
+(oot,-/01L02134 sno(t se(:ice $ys9ld st8(t
+(oot,-/01L02134 sno(t chKcon>i% $ys9ld on
• ?ạo CSDL cho Sno(t :Ei MySpL
+(oot,-/01L02134 sno(t echo rset ;8sswo(d
>o((oot,loc8lhosto(sno(t,loc8lhost
-
8/16/2019 Cau Hinh Snort (Nids)
8/14
+(oot,-/01L02134 $: 8dod*5 J:8(JwwwJ8dod*
• Fi@i nGn %&i *8se1.g.f.t8(.%I
+(oot,-/01L02134 t8( 1Ix:> *8se1.g.f.t8(.%I
• Di chuyn ton *V th $Nc *8se1.g.f :8 %i@i nGn :o th$Nc
J:8(JwwwJht$lJ*8se
+(oot,-/01L02134 $: *8se1.g.f J:8(JwwwJht$lJ*8se
• ?h8y !Yi 9uyAn sT h[u củ8 th $Nc *8se
+(oot,-/01L02134 chown 8;8che\8;8cheJ:8(JwwwJht$lJ*8seJ
• S8 >ile ;h;.ini
+(oot,-/01L02134 :i JetcJ;h;.ini
-Z tt c@ du !u djn%B t djn% 4 1 5• S8 >ile htt;d.con>
+(oot,-/01L02134 :i
JetcJhtt;dJcon>Jhtt;d.con>
?ại djn% 476 *Z du !u djn%• hTi !Vn% dUch :N htt;dB : cho ;hG;
KhTi !Vn% cPn% h
thqn%
+(oot,-/01L02134 se(:ice htt;d st8(t
+(oot,-/01L02134 chKcon>i% htt;d on• Ci !"t %&i ;el
+(oot,-/01L02134 (;$ 1i:h e;el1(ele8se161R.no8(ch.(;$
• Ci d"t th#$ các %&i s8u
-
8/16/2019 Cau Hinh Snort (Nids)
9/14
+(oot,-/01L02134 yu$ 1y inst8ll ;c(e ;c(e1de:el
;h;1;e8( ;h;1;e8(1zu$*e( ;h;1;e8(1zu$*e(1Wo(ds
;h;1;e8(12$8%e1Colo( ;h;1;e8(12$8%e1C8n:8s
;h;1;e8(12$8%e1F(8;h
•
Sủ8 >ile sno(t.con> +(oot,-/01L02134 :i
JetcJsno(tJsno(t.con>
? djn% R3 1 R64 tiQn hnh thG$ d{u :o !u tt c@ cácdjn% t(Z !n%
dkn tEi các ules
• hTi !Vn% dUch :N Sno(t : cho ;hG; KhTi !Vn% cPn% hthqn%
+(oot,-/01L02134 se(:ice sno(td st8(t
+(oot,-/01L02134 chKcon>i% sno(td on
• ?ạo ules Ki$ t(8 ;h@n Xn% củ8 Sno(t
+(oot,-/01L02134 :i JetcJsno(tJ(ulesJic$;.(ules
?ại !{y tiQn hnh soạn (ules $Ei :Ei nVi dun% nh s8u
8le(t ic$; 8ny 8ny 1 8ny 8ny _$s%\r0h8t hien co n%uoid8n% ;in%
:8o he thon%r sid\
• ?(Z !n% dkn tEi ules :8 KhTi tạo
+(oot,-/01L02134 :i JetcJsno(tJsno(t.con>
• ?ại djn% Rg *Z du t(Ec dn% dkn tEi ules ic$; :8
KhTi tạo
Rg include |mL0/?HJic$;.(ules
• hTi !Vn% lại dUch :N Sno(t
-
8/16/2019 Cau Hinh Snort (Nids)
10/14
+(oot,-/01L02134 se(:ice sno(td (est8(t
• }8n% $áy Client !~n% nhv; :o -8se ! Ki$ t(8 :Ei !U8
ch•htt;\JJf4.6R.3.g5J*8se Ch€n Continue ! tiQ; tNc
• ?(Z !n% dkn tEi 8dod*
http://192.168.0.135/basehttp://192.168.0.135/base
-
8/16/2019 Cau Hinh Snort (Nids)
11/14
• zhv; các thn% tin :A d8t8*8seB use(n8$eB ;8sswo(d
củ8mse(n8$e 9u@n t(U d8t8*8se
•
• zhv; mse(n8$e : ;8sswo(d 9u@n t(U
-
8/16/2019 Cau Hinh Snort (Nids)
12/14
• Ch€n Continue ! :o *uuwowcstiee;s theo
• ?(8n% 9u@n t(U Sno(t
-
8/16/2019 Cau Hinh Snort (Nids)
13/14
• ?hn% sq cN th Khi Sno(t ;hát hin c& n%i !8n% ;in% :oh
thqn%
-
8/16/2019 Cau Hinh Snort (Nids)
14/14
?iQn% Fi& }n }8o
![CoNFV: A Heterogeneous Platform for Scalable Network ... · including the entire SNORT network intrusion detection system (NIDS) ruleset [16]. Although DDoS prevention using FPGAs](https://img.dokumen.tips/doc/110x75/5fdb07cd57f59973506619d4/confv-a-heterogeneous-platform-for-scalable-network-including-the-entire-snort.jpg)
