dnf -y update
dnf -y install curl
dnf -y install git
dnf -y install pcre*
울dnf -y config-manager --set-enabled crb
dnf -y install dnf-plugins-core
dnf -y install epel-release
dnf -y upgrade
# vi /etc/ld.so.conf.d/local.conf
추가 입력
/usr/local/lib
/usr/local/lib64
# ldconfig
[ Snort 3 ]
- snort 설치
git clone <https://github.com/nasirchouhan08/centos9-snort3.git>
- 컴파일 및 설치
cd centos9-snort3
sh installer.sh
셸 파일 실행
허가권 변경
chmod +x installer.sh
dnf install -y cmake gcc gcc-c++ flex bison libpcap-devel \\
pcre-devel pcre2-devel zlib-devel openssl-devel luajit-devel \\
pkgconf-pkg-config libdnet-devel libdnet lua-devel luajit pyyaml
git clone <https://github.com/snort3/snort3.git>
cd snort3
mkdir build && cd build
cmake ..
make -j$(nproc)
make install
snort 실행 및 설정
snort -c /usr/local/snort/etc/snort/snort.lua -i ens160
-- HOME_NET and EXTERNAL_NET must be set now
-- setup the network addresses you are protecting
HOME_NET = '192.168.10.0/24' //// 추가 입력
-- set up the external network addresses.
-- (leave as "any" in most situations)
EXTERNAL_NET = 'any'
include 'snort_defaults.lua'
192 variables = default_variables,
193 rules = [[
194 include /usr/local/snort/etc/snort/local.rules
195 ]]
추가 입력 후
local.rules 파일 생성 필요
local.rules
추가 입력
alert icmp any any ( IP 주소 / 포트 번호 ) > any any (msg::"Ping Detected";sid:1000001;rev:1;)
alert icmp any any -> $HOME_NET any (msg:"Ping Detected";sid:1000001;rev:1;)
특정 IP에서의 모든 트래픽 차단
특정 IP 주소에서 들어오는 모든 트래픽을 차단하는 규칙입니다.
drop ip 192.168.10.50 any -> any any (msg:"Blocked IP 192.168.10.50"
snort -c /usr/loca/snort/etc/snort/snort.lua -i ens160 -A alert_fast
'IT 엔지니어 > Linux server' 카테고리의 다른 글
| Web Security (0) | 2025.04.23 |
|---|---|
| KAIL linux & UTM (0) | 2025.04.22 |
| Snort (0) | 2025.04.21 |
| 리눅스 own클라우드 (0) | 2025.03.31 |
| [Web Mail Server] (0) | 2025.03.29 |
