Ubuntu server 24 (Linux) Snort3 3.2.1.0 Guardian IPtables 联动实战 主
一 Snort3 安装配置,参考:Ubuntu server 24 安装配置 snort3 3.2.1.0 网络入侵检测防御体系 配置注册规则集-CSDN博客二 安装自动防御程序Guardian
1 下载,解压
tar zxvf guardian-1.7.tar.gz
cdguardian-1.7/ https://img-blog.csdnimg.cn/direct/2eff84f1e7ab43408cc86045fba0d2a5.png
2 配置
#拷贝文件
sudo cp guardian.pl /usr/local/bin/
sudo cp scripts/iptables_block.sh /usr/local/bin/guardian_block.sh
sudo cp scripts/iptables_unblock.sh/usr/local/bin/guardian_unblock.sh
sudotouch /var/log/snort/guardian.log
sudo touch /usr/local/snort/etc/snort/guardian.ignore
sudo touch /usr/local/snort/etc/snort/guardian.target
sudo cp guardian.conf/usr/local/snort/etc/snort/
#修改配置文件
sudo vim /usr/local/snort/etc/snort/guardian.conf
Interface ens33
HostIpAddr 192.168.50.19
HostGatewayByte1
LogFile /var/log/snort/guardian.log
AlertFile /var/log/snort/alert_fast.txt
IgnoreFile /usr/local/snort/etc/snort/guardian.ignore
TargetFile /usr/local/snort/etc/snort/guardian.target
TimeLimit 86400
#其中HostIpAddr,如不填写会报如下错误
Warning! HostIpAddr is undefined! Attempting to guess..
Couldn't figure out the ip address
3 guardian启动
#启动
sudo /usr/bin/perl/usr/local/bin/guardian.pl -c /usr/local/snort/etc/snort/guardian.conf
#报错
Can't locate getopts.pl in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at ./guardian.pl line 10.
#修改guardian.pl 解决
sudo vim /usr/local/bin/guardian.pl
require 'getopts.pl'; --> #require 'getopts.pl';
&Getopts ('hc:d'); --> &getopts ('hc:d');
https://img-blog.csdnimg.cn/direct/b7916a2f019c4fcba52521a463af9754.png
#再次启动
test@ubuntuserver:~$ sudo /usr/bin/perl/usr/local/bin/guardian.pl -c /usr/local/snort/etc/snort/guardian.conf
OS shows Linux
My ip address and interface are: 192.168.50.19 ens33
Loaded 1 addresses from /usr/local/snort/etc/snort/guardian.ignore
Loaded 0 addresses from /usr/local/snort/etc/snort/guardian.target
Becoming a daemon..
#查看进程 https://img-blog.csdnimg.cn/direct/e7fd295e9cb14effa1fd0c196564785b.png
三 snort+guard+iptables 实战联动测试
1 查看Iptables 表
sudo iptables-L-n https://img-blog.csdnimg.cn/direct/2be6db767e9a415e9f848c06ef3a77ef.png
2 别的一台主机上测试ping 测试
#自定义告警规则
sudo vim /usr/local/snort/etc/rules/local.rules
alert icmp any any -> $HOME_NET any (msg:"ICMP connection test"; sid:1000001; rev:1;) https://img-blog.csdnimg.cn/direct/49bd6d3268a340608036468f0867efaf.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]