EuropaInedit
VIZITATI CELE MAI TARI HUBURI: starmusik.info:1411 SI red-dogs.no-ip.org:1209
|
Lista Forumurilor Pe Tematici
|
EuropaInedit | Reguli | Inregistrare | Login
POZE EUROPAINEDIT
Nu sunteti logat.
|
Nou pe simpatie:
Adelinadia
 | Femeie
25 ani
Mures
cauta Barbat
27 - 71 ani |
|
|
wolf
Administrator
Inregistrat: acum 18 ani
Postari: 244
|
|
dupa ceva cercetari Very Happy am reusit sa aflu solutia ! . enjoy:::
De iptables si presupun ca nu are rost sa scriu, cel mai probabil e deja
instalat. Prima oara trebuie sa verifici daca ai modulul de kernel
"ip_queue". Logheaza-te ca root si scrie:
Code:
# lsmod | grep ip_queue
Daca nu spune nimic, scrie:
Code:
# modprobe ip_queue
apoi
Code:
# lsmod | grep ip_queue
ar trebui sa arate ceva in genul: ip_queue 10977 1
Daca arata asa, e bine. Trecem mai departe.
1. Downloadam pachetele de care avem nevoie:
-snort_inline=>
(sa nu iei alta versiune, mie doar asta imi merge anti exploitu asta)
- libdnet ==> libnet ==> - pcre ==> iptables-devel ==>
Pentru Fedora, scrie: yum install iptables-devel
Pentru Mandriva, scrie urpmi iptables-devel
Pentru Debian, scrie apt-get install iptables-devel
2. Le instalam in ordinea asta:
Code:
# tar xzvf libdnet-1.11.tar.gz
# cd libdnet-1.11
# ./configure
# make
# make install
# tar xzvf libnet.tar.gz
# cd libnet
# ./configure
# make
# make install
# tar xzvf pcre-6.6.tar.gz
# cd pcre-6.6
# ./configure
# make
# make install
Apoi snort_inline:
Code:
# tar xzvf snort_inline-2.4.3-RC4.tar.gz
# cd snort_inline-2.4.3-RC4
# ./configure
# make
# make install
Daca la configure iti da eroare ca ii lipseste si o alta librarie
inafara de cele de mai sus, va trebui sa o instalezi tu.
Daca la compilare iti da eroare de make[3]: *** [spo_alert_fast.o] Error
1, trebuie sa:
Code:
# cd /root
# wget ... .9.tar.bz2
# bzip2 -cd linux-2.6.9.tar.bz2 | tar xf -
# cd /usr/include
# mv linux linux.vechi
# ln -s /root/linux-2.6.9/include/linux/ linux
si inapoi la instalarea snort_inline. daca ai folosit chestia asta,
trebuie sa o aducem inapoi la normal:
# cd /usr/include
# rm -rf linux
# mv linux.vechi linux
Dupa ce snort_inline a fost instalat, trecem la configurare:
Code:
# cd snort_inline-2.4.3-RC4
# mkdir rules
# cp etc/classification.config rules/
# cp etc/reference.config rules/
# mkdir /etc/snort_inline
# cp etc/* /etc/snort_inline/
# cp rules/ /etc/snort_inline/ -R
Deschizi cu un editor text fisierul: /etc/snort_inline/snort_inline.conf
si inlocuiesti linia:
var RULE_PATH /etc/snort_inline/drop_rules
cu
var RULE_PATH /etc/snort_inline/rules
Apoi te duci jos, in acelasi fisier, si in loc de:
Code:
### The Drop Rules
# Enabled
include $RULE_PATH/exploit.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-php.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/oracle.rules
include $RULE_PATH/mysql.rules
include $RULE_PATH/snmp.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/pop3.rules
include $RULE_PATH/pop2.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/virus.rules
include $RULE_PATH/nntp.rules
### Disabled
Lasi doar:
Code:
### The Drop Rules
# Enabled
include $RULE_PATH/hlds1.rules
include $RULE_PATH/hlds2.rules
include $RULE_PATH/hlds3.rules
### Disabled
Apoi, trebuie sa creezi si editezi cele 3 fisiere dupa cum urmeaza:
/etc/snort_inline/rules/hlds1.rules trebuie sa contina:
Code:
alert udp any any <> any 27015 (msg: "HLDS Exploit"; \
content: "\"\\\""; replace: " "
/etc/snort_inline/rules/hlds2.rules trebuie sa contina:
Code:
alert udp any any <> any 28015 (msg: "HLDS Exploit"; \
content: "\"\\\""; replace: " "
/etc/snort_inline/rules/hlds3.rules trebuie sa contina:
Code:
alert udp any any <> any 29015 (msg: "HLDS Exploit"; \
content: "\"\\\""; replace: " "
Mai departe:
Code:
# mkdir /var/log/snort_inline
Apoi facem regulile de iptables pentru fiecare port udp:
Code:
# iptables -I INPUT -p udp --dport 27015 -j QUEUE
# iptables -I INPUT -p udp --dport 28015 -j QUEUE
# iptables -I INPUT -p udp --dport 29015 -j QUEUE
Si ultima, pornim snort_inline:
Code:
# /usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -Q -N -l /var/log/snort_inline/ -t /var/log/snort_inline/ -v -D
Ca sa porneasca la startup-ul linuxului, trebuie sa adaugi in
/etc/rc.d/rc.local :
/sbin/modprobe ip_queue
/sbin/iptables -I INPUT -p udp --dport 27015 -j QUEUE
/sbin/iptables -I INPUT -p udp --dport 28015 -j QUEUE
/sbin/iptables -I INPUT -p udp --dport 29015 -j QUEUE
/usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -Q -N
-l /var/log/snort_inline/ -t /var/log/snort_inline/ -v -D
Cam asta ar fi. 27015, 28015 , 29015 sunt porturile pe care ruleaza serverul, deci pot fi inlocuite cu orice
_______________________________________
............>>>>>Un Click Pls Multumesc<<<<<.............
|
|
| pus acum 18 ani |
|