SNORT: Install SNORT saja Ubuntu 16.04: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older edit
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Siapkan Aplikasi Pendukung==
==Siapkan Pendukung==
 
Edit /etc/apt/sources.list
 
vi /etc/apt/sources.list
 
Tambahkan, misalnya,
 
deb http://archive.ubuntu.com/ubuntu bionic main universe multiverse
deb http://archive.ubuntu.com/ubuntu bionic-security main universe multiverse
deb http://archive.ubuntu.com/ubuntu bionic-updates main universe multiverse
 
 
==Cek Jaringan==
 
ifconfig


sudo locale-gen id_ID.UTF-8
catat nama interface yang nanti akan di monitor


  apt update
  ens18    Link encap:Ethernet  HWaddr 66:31:34:63:65:31 
  apt install kernel-package libncurses5-dev fakeroot wget bzip2 \
          inet addr:192.168.0.100 Bcast:192.168.0.255  Mask:255.255.255.0
  fakeroot kernel-wedge build-essential makedumpfile libncurses5 \
          inet6 addr: fe80::6431:34ff:fe63:6531/64 Scope:Link
  libpcre3 libpcre3-dev libpcrecpp0v5 libpcap0.8 libpcap0.8-dev \
          UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1
libdumbnet1 libdumbnet-dev bison flex zlib1g-dev
          RX packets:26658 errors:0 dropped:11 overruns:0 frame:0
          TX packets:9441 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:37165428 (37.1 MB) TX bytes:751808 (751.8 KB)


==Download & Compile==
maka interface yang dimonitor adalah


  sudo su
  ens18
cd /usr/local/src
wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
wget https://www.snort.org/downloads/snort/snort-2.9.9.0.tar.gz


cd /usr/local/src
tar xvfz daq-2.0.6.tar.gz
cd daq-2.0.6
./configure && make && sudo make install


cd /usr/local/src
==Siapkan Aplikasi Pendukung==
tar xvfz snort-2.9.9.0.tar.gz
cd snort-2.9.9.0
./configure --enable-sourcefire && make && sudo make install


sudo locale-gen id_ID.UTF-8


Load library
apt update
apt install oinkmaster snort snort-common snort-rules-default snort-doc


ldconfig
Akan di tanya
* interface yang akan di monitor, misalnya ens18
* range IP yang di monitor, misalnya 192.168.0.0/16


==Set Konfigurasi==


mkdir -p /etc/snort/rules
==Cek Snort==
mkdir -p /usr/local/lib/snort_dynamicrules
cp /usr/local/src/snort-2.9.9.0/etc/* /etc/snort/
touch /etc/snort/rules/local.rules


===Download rules===
snort -C


cd /usr/local/src
==Jalankan Snort mode NIDS==
wget https://www.snort.org/downloads/community/community-rules.tar.gz
wget https://www.snort.org/downloads/community/opensource.tar.gz
tar zxvf community-rules.tar.gz -C /etc/snort/rules/
tar zxvf opensource.tar.gz -C /etc/snort/rules/


snort -dev -l /var/log/snort/ -h 192.168.0.0/16 -c /etc/snort/snort.conf &


===Edit Konfigurasi===
kalau ingin supaya bisa di baca di kemudian hari oleh wireshark harus di simpan dalam bentuk binary, dengan perintah


Edit /etc/snort/snort.conf
/usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 &


var RULE_PATH /etc/snort/rules
Supaya tidak rewel, sebaiknya permission /var/log/snort di jadikan
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules


==Load Library & check snort==
chmod 770 /var/log/snort


ldconfig
ini sebetulnya cara yang tidak baik.
snort -c


==Referensi==
==Referensi==


* https://www.snort.org/#get-started
* https://www.snort.org/#get-started
==Pranala Menarik==
* [[SNORT]]

Latest revision as of 13:11, 10 October 2019

Siapkan Pendukung

Edit /etc/apt/sources.list 

vi /etc/apt/sources.list

Tambahkan, misalnya, 

deb http://archive.ubuntu.com/ubuntu bionic main universe multiverse
deb http://archive.ubuntu.com/ubuntu bionic-security main universe multiverse
deb http://archive.ubuntu.com/ubuntu bionic-updates main universe multiverse


Cek Jaringan

ifconfig

catat nama interface yang nanti akan di monitor 

ens18     Link encap:Ethernet  HWaddr 66:31:34:63:65:31  
          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::6431:34ff:fe63:6531/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:26658 errors:0 dropped:11 overruns:0 frame:0
          TX packets:9441 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:37165428 (37.1 MB)  TX bytes:751808 (751.8 KB)

maka interface yang dimonitor adalah 

ens18


Siapkan Aplikasi Pendukung

sudo locale-gen id_ID.UTF-8

apt update
apt install oinkmaster snort snort-common snort-rules-default snort-doc

Akan di tanya

  • interface yang akan di monitor, misalnya ens18
  • range IP yang di monitor, misalnya 192.168.0.0/16


Cek Snort

snort -C

Jalankan Snort mode NIDS

snort -dev -l /var/log/snort/ -h 192.168.0.0/16 -c /etc/snort/snort.conf &

kalau ingin supaya bisa di baca di kemudian hari oleh wireshark harus di simpan dalam bentuk binary, dengan perintah 

/usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 &

Supaya tidak rewel, sebaiknya permission /var/log/snort di jadikan 

chmod 770 /var/log/snort

ini sebetulnya cara yang tidak baik.

Referensi


Pranala Menarik

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=SNORT:_Install_SNORT_saja_Ubuntu_16.04&oldid=57335"