Snort On Multiple NICs

snort 2012. 11. 9. 11:37 |

스노트 서버에 두개이상의 NIC를 모니터링해야 할때 리눅스의 bonding기능을 사용하여  하나의 sensor로 관리할 수 있다.


@@ eth1, eth2 를 묶는 상황


==master ifcfg추가

#vi /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0

ONBOOT=yes

USERCTL=no

#mac정보 등록하지말것


==slave가 될 ifcfg수정

#vi /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1

HWADDR=11:11:11:11:11:11

ONBOOT=yes

USERCTL=no

MASTER=bond0

SLAVE=yes

DHCP_HOSTNAME=localhost

TYPE=Ethernet


#vi /etc/sysconfig/network-scripts/ifcfg-eth2

DEVICE=eth2

HWADDR=11:11:11:11:11:12

ONBOOT=yes

USERCTL=no

MASTER=bond0

SLAVE=yes

DHCP_HOSTNAME=localhost

TYPE=Ethernet


==modprobe.conf 수정

#vi /etc/modprobe.conf

#아래추가

alias bond0 bonding

options bond0 mode=3 miimon=100


==모듈적재

#modprobe bonding


==모듈확인

#lsmod |grep bonding



네트워크 재시작

#service network restart


확인해보자

#ifconfig


bond0     Link encap:Ethernet  HWaddr ===

          UP BROADCAST RUNNING PROMISC MASTER MULTICAST  MTU:1500  Metric:1

          RX packets:3356331948 errors:0 dropped:1237 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:1833559479666 (1.6 TiB)  TX bytes:0 (0.0 b)


eth0      Link encap:Ethernet  HWaddr ===

          inet addr:192.168.25.238  Bcast:192.168.25.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:109870 errors:0 dropped:0 overruns:0 frame:0

          TX packets:57559 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:10922558 (10.4 MiB)  TX bytes:46141080 (44.0 MiB)

          Interrupt:162 Memory:f4000000-f4012800


eth1      Link encap:Ethernet  HWaddr ===

          UP BROADCAST RUNNING PROMISC SLAVE MULTICAST  MTU:1500  Metric:1

          RX packets:2905684886 errors:0 dropped:1221 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:1732421175495 (1.5 TiB)  TX bytes:0 (0.0 b)

          Interrupt:170 Memory:f2000000-f2012800


eth2      Link encap:Ethernet  HWaddr ===

          UP BROADCAST RUNNING PROMISC SLAVE MULTICAST  MTU:1500  Metric:1

          RX packets:450647062 errors:0 dropped:16 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:101138304171 (94.1 GiB)  TX bytes:0 (0.0 b)

          Interrupt:178 Memory:f8000000-f8012800



##snort 시작옵션

snort -i bond0 ....

'snort' 카테고리의 다른 글

이벤트별 DB분류 저장  (0) 2013.01.12
Managing Snort Alerts  (0) 2013.01.11
snort 퍼포먼스 모니터링  (0) 2012.09.11
snort-sms연동(bash)  (0) 2012.04.19
snort 룰설정  (0) 2012.03.21
Posted by applicationlayer
:

hwp & javascript

vulnerability 2012. 10. 16. 00:56 |

출처: 한컴 공식 개발문서

스크립트 관련 설정:

1. 도구 -> 환경설정 -> 기타 -> 스크립트 실행 확인

2. 도구 -> 매크로 -> 스크립트 매크로 보안 설정

웹에서 hwp호출예제

<html>
 <script language="jscript">
  var App = new ActiveXObject("HWPFrame.HwpObject.1");  
  function OnChangeCharShape() {
   App.HAction.Run("SelectAll");
   App.HAction.GetDefault("CharShape"
     , App.HParameterSet.HCharShape.HSet);
   App.HParameterSet.HCharShape.FaceNameHangul = "궁서체";
   App.HParameterSet.HCharShape.FaceNameLatin = "궁서체";
   App.HParameterSet.HCharShape.FaceNameHanja = "궁서체";
   App.HParameterSet.HCharShape.FaceNameJapanese = "궁서체";
   App.HParameterSet.HCharShape.FaceNameOther = "궁서체";
   App.HParameterSet.HCharShape.FaceNameSymbol = "궁서체";
   App.HParameterSet.HCharShape.FaceNameUser = "궁서체";
   App.HParameterSet.HCharShape.Height = 4000;
   App.HParameterSet.HCharShape.TextColor = 16737792;
   App.HParameterSet.HCharShape.UnderlineType = 1;
   App.HParameterSet.HCharShape.ShadowType = 1;
   App.HAction.Execute("CharShape"
     , App.HParameterSet.HCharShape.HSet);
   App.HAction.Run("Cancel"); 
  }
 </script language="jscript">
 <body>
  <button onclick="OnChangeCharShape()">  글자 모양 변경 </button>
 </body>
</html>

 

'vulnerability' 카테고리의 다른 글

00410041 exploit  (0) 2013.05.09
web browser bug hunting  (0) 2013.02.27
GOM Player 2.1.33.5071 exploit  (0) 2011.12.09
CVE ID 받기  (0) 2011.03.31
LNK 파일 생성기(Windows LNK Vulnerability)  (1) 2010.07.27
Posted by applicationlayer
:

snort 퍼포먼스 모니터링

snort 2012. 9. 11. 19:21 |

#####스노트 perfmon 옵션실행#####################################

vim /etc/snort/snort.conf

주석제거

preprocessor perfmonitor: time 30 file /var/snort/snort.stats pktcnt 10000

디렉터리 생성

mkdir /var/snort/

스노트 재시작

###################################################################


#####munin설치 & 설정######################################################

rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

yum -y install munin

yum -y install munin-node


vim /etc/munin/munin-node.conf

내용수정

  st_name snort;snort01          <-- 이름을 지정

  allow ^AAA\.AAA\.AAA\.AAA$  <-- 모니터링용 서버의 IP주소(AAA.AAA.AAA.AAA)


vim /etc/munin/munin.conf

내용추가

  [snort;snort01]

   address BBB.BBB.BBB.BBB   <-- 감시할 서버의 IP주소

    use_node_name yes


#########snort 관련 플러그인 등록 ###################################

ln -s /usr/share/munin/plugins/snort_* /etc/munin/plugins/


서비스 재시작

service httpd restart

service munin-node restart




'snort' 카테고리의 다른 글

Managing Snort Alerts  (0) 2013.01.11
Snort On Multiple NICs  (0) 2012.11.09
snort-sms연동(bash)  (0) 2012.04.19
snort 룰설정  (0) 2012.03.21
sguil 관련  (0) 2012.02.16
Posted by applicationlayer
:

티스토리툴바