snort3.0-ubuntu18.0464入侵检测安装与使用
- 电脑硬件
- 2025-09-06 22:27:02
在日常生活中,很多人怀疑自己的手机、电脑被监控了,担心自己的隐私泄漏,实际上最佳的检测方式就是终端检测,也就是EDR,但是就是有那么多的人在网上大放厥词,说任何EDR杀毒软件都检测不到监控,毕竟EDR杀毒软件对于普通人来说,安装使用太简单了,以至于大多数人都怀疑EDR的真实效果,既然很多人天生的对EDR不信任,那么何不试试NDR入侵检测系统呢?snort3.0就是一款值得研究和探索的免费的开源的NDR入侵检测系统,从网络流量的角度来追踪溯源网络威胁,正所谓雁过留声风过留痕,黑客路过就会留下入侵痕迹~
ailx10
1954 次咨询
4.9
网络安全优秀回答者
互联网行业 安全攻防员
去咨询
一、ubuntu18.04 更换为中科大源 /etc/apt/sources.list deb mirrors.ustc.edu /ubuntu/ bionic main restricted universe multiverse deb mirrors.ustc.edu /ubuntu/ bionic-updates main restricted universe multiverse deb mirrors.ustc.edu /ubuntu/ bionic-backports main restricted universe multiverse deb mirrors.ustc.edu /ubuntu/ bionic-security main restricted universe multiverse deb mirrors.ustc.edu /ubuntu/ bionic-proposed main restricted universe multiverse deb-src mirrors.ustc.edu /ubuntu/ bionic main restricted universe multiverse deb-src mirrors.ustc.edu /ubuntu/ bionic-updates main restricted universe multiverse deb-src mirrors.ustc.edu /ubuntu/ bionic-backports main restricted universe multiverse deb-src mirrors.ustc.edu /ubuntu/ bionic-security main restricted universe multiverse deb-src mirrors.ustc.edu /ubuntu/ bionic-proposed main restricted universe multiverse 二、更新系统 sudo apt-get update sudo apt-get dist-upgrade 三、安装依赖包 sudo apt-get install autoconf automake libtool sudo apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev 四、安装snort3 daq(用于网络流量采集) git clone github /snort3/libdaq.git ./bootstrap ./configure sudo make sudo make install 五、安装snort3 (大约30分钟) git clone github /snort3/snort3.git sudo ./configure_cmake.sh --prefix=/usr/local cd build/ sudo make sudo make install sudo ldconfig 六、网卡开启混杂模式(可以抓到局域网所有通信) sudo ip link set dev eth0 promisc on 七、自己写一个规则 sudo mkdir /var/log/snort sudo mkdir /usr/local/etc/rules sudo vim /usr/local/etc/rules/local.rules alert tcp 192.168.0.106 any -> 192.168.0.105 any (msg:”检测到黑客入侵”; sid:1) 八、检验snort3 初始配置注意:这里是64位操作系统,如果是32位系统,可能会报错
snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules 九、启动snort3 验证效果 sudo snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i eth0 -A alert_fast -s 65535 -k none发布于 2022-11-12 15:15・IP 属地江苏
snort3.0-ubuntu18.0464入侵检测安装与使用由讯客互联电脑硬件栏目发布,感谢您对讯客互联的认可,以及对我们原创作品以及文章的青睐,非常欢迎各位朋友分享到个人网站或者朋友圈,但转载请说明文章出处“snort3.0-ubuntu18.0464入侵检测安装与使用”
![[网鼎杯2020青龙组]AreUSerialz](/0pic/pp_99.jpg)
