UTS network security lab 7
查看位置
1 | whereis snort |
安装snort
1 | sudo apt install snort |
修改配置文件
1 | vim /etc/snort/snort.conf |
• Change the ipvar HOME_NET from “any” to our local network “10.0.2.0/24“
开启服务
1 | service snort restart |
在rules目录下添加规则
1 | alert icmp any any -> any any (msg:"ICMP Packet found"; sid:1000001; rev:1;) |
进行ping操作,检查日志
1 | cd /var/log/snort |
对日志进行格式修改,因为日志本身是bytes格式。
1 | u2spewfoo filename > 2.txt |
下面用python起一个http 80服务,
1 | python -m http.server 8080 |
更新我们的local.rules规则
1 | vim /etc/snort/rules/local.rules |
重启服务
1 | service snort restart |
下面在规则中添加一条检测telnet的规则,只需要将刚才规则的端口改为23即可。
在ubuntu中安装telnet服务
1 | sudo apt-get install telnetd -y |
查看服务运行状态
1 | sudo netstat -a | grep telnet |
telnet登录连接。
All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
wechat
Related Articles
Comment