IDS:Intrusion detection systems 入侵检测系统
IPS:Intrusion prevention systems 入侵防御系统
Snort:
安装:https://mp.weixin.qq.com/s/haxqngjZBcrYs2QsQN7aqg
配置文件,规则写法,使用参数
https://www.cnblogs.com/yuersan/p/15236326.html
https://blog.csdn.net/hexf9632/article/details/94715434
https://blog.csdn.net/qq_43968080/article/details/103378952
suricate:
下载:https://github.com/OISF/suricata
参考:https://suricata.readthedocs.io/
如 :检测漏洞攻击:MS17010
指令: suricata -c /etc/suricata/suricata.yaml -i eth0 -s /etc/suricata/rules/wannamine.rules
打开日志观察提示:cat /var/log/suricata/fast.log
Suricata规则下载:
https://github.com/al0ne/suricata-rules
https://github.com/ptresearch/AttackDetection(新项目)
打包系统:securityonion
集成snort/suricata、bro(zeek)、elk、ossec等