尊龙凯时人生就是博

ÔõÑùʹÓÃÍø¹ØIDS±£»¤CentOSЧÀÍÆ÷ÄÚ²¿ÍøÂçµÄÇå¾²

ÔõÑùʹÓÃÍø¹Øids±£»¤centosЧÀÍÆ÷ÄÚ²¿ÍøÂçµÄÇå¾²

ÕªÒª£ºËæ×ÅÍøÂç¹¥»÷µÄÒ»Ö±Ôö¶à£¬±£»¤Ð§ÀÍÆ÷ÄÚÍøÇå¾²±äµÃÓÈΪÖ÷Òª¡£±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃÍø¹ØIDS£¨Intrusion Detection System£©À´±£»¤CentOSЧÀÍÆ÷ÄÚ²¿ÍøÂçµÄÇå¾²¡£ÎÒÃǽ«Í¨¹ýÉèÖÃÍø¹ØIDSÀ´¼à¿ØÍøÂçÁ÷Á¿£¬²¢Ê¹ÓûùÓÚ¹æÔòµÄ·À»ðǽÀ´×èÖ¹¶ñÒâÁ÷Á¿½øÈëÄÚ²¿ÍøÂç¡£ÎÄÕÂÖл¹½«°üÀ¨Ò»Ð©Ê¾Àý´úÂëÀ´×ÊÖú¶ÁÕ߸üºÃµØÃ÷È·ºÍʵÑéÕâЩÇå¾²²½·¥¡£

¼ò½é

Íø¹ØIDSÊÇÒ»ÖÖͨ¹ý¼à¿ØºÍÆÊÎöÍøÂçÁ÷Á¿À´¼ì²âºÍ×èÖ¹¶ñÒâÔ˶¯µÄϵͳ¡£Ëüͨ¹ý¼àÊÓÍøÂçÐÐΪºÍÁ÷Á¿£¬Ê¶±ðºÍ±¨¸æ¿ÉÄܵĹ¥»÷ÐÐΪ¡£Í¨¹ý½«Íø¹ØIDSÖÃÓÚÄÚ²¿ÍøÂçºÍÍⲿÍøÂçÖ®¼äµÄÍø¹ØλÖã¬ÎÒÃÇ¿ÉÒÔÓÐÓõر£»¤Ð§ÀÍÆ÷ÄÚÍøµÄÇå¾²¡£

×°ÖúÍÉèÖÃÍø¹ØIDS

Ê×ÏÈ£¬ÎÒÃÇÐèҪװÖúÍÉèÖÃÒ»¸öÍø¹ØIDSÈí¼þ£¬ÀýÈçSuricata¡£SuricataÊÇÒ»¸ö¹¦Ð§Ç¿Ê¢µÄ¿ªÔ´IDS/IPSϵͳ£¬Ëü¿ÉÒÔÔÚCentOSЧÀÍÆ÷ÉÏÔËÐС£

(1) ×°ÖÃSuricata£º

$ sudo yum install epel-release

$ sudo yum install suricata

(2) ÉèÖÃSuricata£º

$ sudo vi /etc/suricata/suricata.yaml

ÔÚÉèÖÃÎļþÖУ¬ÎÒÃÇ¿ÉÒÔͨ¹ý½ç˵¹æÔò¼¯¡¢ÆôÓÃÈÕÖ¾¼Í¼¡¢ÉèÖø澯µÈÀ´¶¨ÖÆSuricataµÄÐÐΪ¡£

ÉèÖ÷À»ðǽ¹æÔò

ÔÚÍø¹ØÉÏÉèÖ÷À»ðǽ¹æÔòÀ´×èÖ¹¶ñÒâÁ÷Á¿½øÈëЧÀÍÆ÷ÄÚÍøÊǺÜÊÇÖ÷ÒªµÄ¡£ÎÒÃÇ¿ÉÒÔʹÓÃiptables»ònftablesÀ´ÊµÏÖÕâÒ»µã¡£ÒÔÏÂÊÇÒ»¸öʹÓÃiptablesµÄʾÀý£º

(1) ½¨ÉèÒ»¸öеÄiptablesÁ´£º

$ sudo iptables -N IDS

(2) ½«Íø¹ØIDSµÄÈÕÖ¾Á÷Á¿¶¨Ïòµ½Õâ¸öÁ´£º

$ sudo iptables -A INPUT -j IDS

(3) ÔÚIDSÁ´ÉÏÉèÖùæÔò£º

$ sudo iptables -A IDS -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

$ sudo iptables -A IDS -m conntrack –ctstate INVALID -j DROP

$ sudo iptables -A IDS -p tcp –dport 22 -m recent –name ssh –set -m comment –comment “Allow SSH”

$ sudo iptables -A IDS -p tcp –dport 22 -m recent –name ssh –rcheck –seconds 60 –hitcount 4 -j DROP

ÒÔÉϹæÔòµÄ¼ÄÒåÊÇ£ºÔÊÐíÒѾ­½¨ÉèµÄºÍÏà¹ØµÄÅþÁ¬Í¨¹ý£¬ÑïÆúÎÞЧÅþÁ¬£¬ÈôÊÇÓÐÒ»Á¬4´ÎSSHÅþÁ¬ÔÚ60ÃëÄÚ±»´¥·¢£¬ÔòեȡSSHÅþÁ¬¡£

ÈÕÖ¾ÆÊÎöºÍ±¨¾¯

ÉèÖÃÍø¹ØIDS¿ÉÒÔ±¬·¢´ó×ÚµÄÈÕÖ¾¡£ÎÒÃÇ¿ÉÒÔ̫ͨ¹ýÎöÕâЩÈÕÖ¾²¢ÉèÖñ¨¾¯À´·¢Ã÷DZÔڵĹ¥»÷Ô˶¯¡£ÒÔÏÂÊÇÒ»¸öʹÓÃPython¾ç±¾¶ÁÈ¡²¢ÆÊÎöSuricataÈÕÖ¾µÄ´úÂëʾÀý£º

import sys

logfile_path = '/var/log/suricata/eve.json'

def analyze_logs():
    with open(logfile_path, 'r') as logfile:
        for line in logfile:
            # ÔÚÕâÀï¾ÙÐÐÈÕÖ¾ÆÊÎöºÍ±¨¾¯µÄÂß¼­
            pass

if __name__ == '__main__':
    analyze_logs()

µÇ¼ºó¸´ÖÆ

ͨ¹ý±àдÊʵ±µÄÂß¼­£¬ÎÒÃÇ¿ÉÒÔ¼ì²âµ½Òì³£Á÷Á¿¡¢¶ñÒâIPºÍÆäËûDZÔڵĹ¥»÷Ô˶¯£¬²¢ÊµÊ±·¢³ö±¨¾¯¡£

°´ÆÚ¸üйæÔò¼¯ºÍÈí¼þ

ΪÁ˼á³ÖЧÀÍÆ÷ÄÚÍøµÄÇå¾²ÐÔ£¬°´ÆÚ¸üÐÂÍø¹ØIDSµÄ¹æÔò¼¯ºÍÈí¼þÊǺÜÖ÷ÒªµÄ¡£ÎÒÃÇ¿ÉÒÔʹÓÃÏÂÁîÐй¤¾ß»òÉèÖÃÎļþÀ´¸üÐÂSuricataµÄ¹æÔò¼¯¡£±ðµÄ£¬ÎÒÃÇ»¹Ó¦¸Ã¾­³£¸üÐÂЧÀÍÆ÷ÉϵIJÙ×÷ϵͳºÍÏà¹ØÈí¼þ£¬ÒÔÐÞ¸´Ç±ÔÚµÄÎó²î¡£

½áÂÛ:

ͨ¹ýʹÓÃÍø¹ØIDS²¢ÉèÖ÷À»ðǽ¹æÔò£¬ÎÒÃÇ¿ÉÒÔ±£»¤CentOSЧÀÍÆ÷ÄÚ²¿ÍøÂçµÄÇå¾²¡£½ö½ö×°ÖÃÒ»¸öIDSϵͳÊDz»·óµÄ£¬ÎÒÃÇ»¹ÐèÒª°´ÆÚ¸üйæÔò¼¯¡¢¼à¿ØÈÕÖ¾²¢ÊµÊ±±¨¾¯¡£Ö»ÓÐͨ¹ý×ۺϵÄÇå¾²²½·¥£¬²Å»ªÓÐÓõر£»¤Ð§ÀÍÆ÷ÄÚÍøÃâÊÜÍøÂç¹¥»÷µÄÍþв¡£

²Î¿¼×ÊÁÏ£º

Suricata¹Ù·½Îĵµ: https://suricata.readthedocs.io/

iptablesÎĵµ: https://netfilter.org/documentation/

£¨×¢£º±¾ÎÄÖеÄʾÀý´úÂë½ö¹©²Î¿¼£¬ÏêϸÇéÐÎÏÂÇëƾ֤ÏÖÕæÏàÐξÙÐе÷½âºÍ²âÊÔ¡££©

ÒÔÉϾÍÊÇÔõÑùʹÓÃÍø¹ØIDS±£»¤CentOSЧÀÍÆ÷ÄÚ²¿ÍøÂçµÄÇå¾²µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í尊龙凯时人生就是博ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ尊龙凯时人生就是博ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ尊龙凯时人生就是博

13452372176

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
sitemap¡¢ÍøÕ¾µØͼ