SNORT: Install SNORT saja Ubuntu 16.04: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Siapkan Pendukung== | |||
Edit /etc/apt/sources.list | |||
vi /etc/apt/sources.list | |||
Tambahkan, misalnya, | |||
deb http://archive.ubuntu.com/ubuntu bionic main universe multiverse | |||
deb http://archive.ubuntu.com/ubuntu bionic-security main universe multiverse | |||
deb http://archive.ubuntu.com/ubuntu bionic-updates main universe multiverse | |||
==Cek Jaringan== | ==Cek Jaringan== | ||
| Line 41: | Line 54: | ||
kalau ingin supaya bisa di baca di kemudian hari oleh wireshark harus di simpan dalam bentuk binary, dengan perintah | kalau ingin supaya bisa di baca di kemudian hari oleh wireshark harus di simpan dalam bentuk binary, dengan perintah | ||
/usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 | /usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 & | ||
Supaya tidak rewel, sebaiknya permission /var/log/snort di jadikan | |||
chmod 770 /var/log/snort | |||
ini sebetulnya cara yang tidak baik. | |||
==Referensi== | ==Referensi== | ||
* https://www.snort.org/#get-started | * https://www.snort.org/#get-started | ||
==Pranala Menarik== | |||
* [[SNORT]] | |||
Latest revision as of 13:11, 10 October 2019
Siapkan Pendukung
Edit /etc/apt/sources.list
vi /etc/apt/sources.list
Tambahkan, misalnya,
deb http://archive.ubuntu.com/ubuntu bionic main universe multiverse deb http://archive.ubuntu.com/ubuntu bionic-security main universe multiverse deb http://archive.ubuntu.com/ubuntu bionic-updates main universe multiverse
Cek Jaringan
ifconfig
catat nama interface yang nanti akan di monitor
ens18 Link encap:Ethernet HWaddr 66:31:34:63:65:31
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::6431:34ff:fe63:6531/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26658 errors:0 dropped:11 overruns:0 frame:0
TX packets:9441 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37165428 (37.1 MB) TX bytes:751808 (751.8 KB)
maka interface yang dimonitor adalah
ens18
Siapkan Aplikasi Pendukung
sudo locale-gen id_ID.UTF-8
apt update apt install oinkmaster snort snort-common snort-rules-default snort-doc
Akan di tanya
- interface yang akan di monitor, misalnya ens18
- range IP yang di monitor, misalnya 192.168.0.0/16
Cek Snort
snort -C
Jalankan Snort mode NIDS
snort -dev -l /var/log/snort/ -h 192.168.0.0/16 -c /etc/snort/snort.conf &
kalau ingin supaya bisa di baca di kemudian hari oleh wireshark harus di simpan dalam bentuk binary, dengan perintah
/usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 &
Supaya tidak rewel, sebaiknya permission /var/log/snort di jadikan
chmod 770 /var/log/snort
ini sebetulnya cara yang tidak baik.
Referensi
