Π tafotokoza momwe tingayendetsere mtundu wokhazikika wa Suricata pa Ubuntu 18.04 LTS. Kukhazikitsa IDS pa node imodzi ndikupangitsa ma seti aulere ndikosavuta. Lero tiwona momwe tingatetezere maukonde amakampani pogwiritsa ntchito mitundu yodziwika bwino yowukira pogwiritsa ntchito Suricata yoyikidwa pa seva yeniyeni. Kuti tichite izi, tifunika VDS pa Linux yokhala ndi ma cores awiri apakompyuta. Kuchuluka kwa RAM kumadalira katundu: 2 GB ndi yokwanira kwa wina, ndipo 4 kapena 6 ingafunike pa ntchito zovuta kwambiri. zothandizira ngati pakufunika.
Chithunzi: Reuters
Kulumikiza maukonde
Kuchotsa ma IDS kumakina enieni kungakhale kofunikira pakuyesa. Ngati simunachitepo ndi mayankho otere, musathamangire kuyitanitsa zida zakuthupi ndikusintha kamangidwe kamaneti. Ndi bwino kuyendetsa dongosolo mosamala komanso mopanda mtengo kuti mudziwe zosowa zanu. Ndikofunikira kumvetsetsa kuti magalimoto onse amabizinesi amayenera kudutsa munjira imodzi yakunja: kulumikiza netiweki yakomweko (kapena maukonde angapo) ku VDS yokhala ndi IDS Suricata yoyikidwa, mutha kugwiritsa ntchito. - Seva ya VPN yosavuta kuyisintha, yodutsa nsanja yomwe imapereka kubisa kolimba. Ofesi yolumikizira intaneti ingakhale ilibe IP yeniyeni, kotero ndi bwino kuyiyika pa VPS. Palibe mapaketi opangidwa kale m'malo a Ubuntu, muyenera kutsitsa pulogalamuyo kuchokera , kapena kuchokera kumalo akunja a ntchito (ngati mukumukhulupirira):
sudo add-apt-repository ppa:paskal-07/softethervpn
sudo apt-get updateMutha kuwona mndandanda wamaphukusi omwe alipo ndi lamulo ili:
apt-cache search softether
Tidzafunika softether-vpnserver (seva mu kasinthidwe ka mayeso ikugwira ntchito pa VDS), komanso softether-vpncmd - zida zopangira mzere kuti muyikonze.
sudo apt-get install softether-vpnserver softether-vpncmdChida chapadera cholamula chimagwiritsidwa ntchito kukonza seva:
sudo vpncmd
Sitidzayankhula mwatsatanetsatane za momwe zimakhalira: ndondomekoyi ndi yophweka, imafotokozedwa bwino m'mabuku ambiri ndipo sichigwirizana mwachindunji ndi mutu wa nkhaniyi. Mwachidule, mutatha kuyambitsa vpncmd, muyenera kusankha chinthu 1 kuti mupite ku seva yoyendetsera seva. Kuti muchite izi, muyenera kuyika dzina loti localhost ndikudina Enter m'malo molowetsa dzina la hub. Mawu achinsinsi a administrator amaikidwa mu console ndi sevapasswordset lamulo, DEFAULT virtual hub imachotsedwa (hubdelete command) ndipo yatsopano imapangidwa ndi dzina la Suricata_VPN, ndipo mawu ake achinsinsi amaikidwanso (hubcreate command). Kenako, muyenera kupita ku kasamalidwe ka kanyumba katsopano pogwiritsa ntchito hub Suricata_VPN lamulo kuti mupange gulu ndi wogwiritsa ntchito groupcreate ndi usercreate malamulo. Mawu achinsinsi amakhazikitsidwa pogwiritsa ntchito userpasswordset.
SoftEther imathandizira njira ziwiri zosinthira magalimoto: SecureNAT ndi Local Bridge. Yoyamba ndi ukadaulo wa eni ake pomanga netiweki yachinsinsi yokhala ndi NAT yake ndi DHCP. SecureNAT sichifuna TUN/TAP kapena Netfilter kapena zoikamo zina. Kuwongolera sikumakhudza pakatikati pa dongosolo, ndipo njira zonse zimasinthidwa ndikugwira ntchito pa VPS / VDS iliyonse, mosasamala kanthu za hypervisor yomwe imagwiritsidwa ntchito. Izi zimapangitsa kuti CPU ichuluke komanso kuthamanga pang'onopang'ono poyerekeza ndi Local Bridge mode, yomwe imagwirizanitsa SoftEther pafupifupi hub ku adaputala yamagetsi kapena chipangizo cha TAP.
Kukonzekera pankhaniyi kumakhala kovuta kwambiri, chifukwa kuwongolera kumachitika pamlingo wa kernel pogwiritsa ntchito Netfilter. VDS yathu imamangidwa pa Hyper-V, kotero pomaliza timapanga mlatho wamba ndikuyambitsa chipangizo cha TAP ndi bridgecreate Suricate_VPN -device:suricate_vpn -tap:yes command. Pambuyo potuluka mu hub management console, tiwona mawonekedwe atsopano a netiweki mudongosolo lomwe silinapatsidwe IP:
ifconfig
Chotsatira, muyenera kuloleza kuwongolera paketi pakati pa zolumikizira (ip patsogolo), ngati sikugwira ntchito:
sudo nano /etc/sysctl.confChotsani mzere wotsatirawu:
net.ipv4.ip_forward = 1Sungani zosintha pafayilo, tulukani mkonzi ndikuziyika ndi lamulo ili:
sudo sysctl -pKenako, tiyenera kutanthauzira subnet ya netiweki yeniyeni yokhala ndi ma IP abodza (mwachitsanzo, 10.0.10.0/24) ndikugawa adilesi ku mawonekedwe:
sudo ifconfig tap_suricata_vp 10.0.10.1/24Ndiye muyenera kulemba malamulo a Netfilter.
1. Ngati kuli kofunikira, lolani mapaketi obwera pamadoko omvera (SoftEther proprietary protocol amagwiritsa ntchito HTTPS ndi port 443)
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 992 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 5555 -j ACCEPT2. Konzani NAT kuchokera ku 10.0.10.0/24 subnet kupita ku seva yayikulu IP
sudo iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -j SNAT --to-source 45.132.17.1403. Lolani mapaketi odutsa kuchokera ku subnet 10.0.10.0/24
sudo iptables -A FORWARD -s 10.0.10.0/24 -j ACCEPT4. Lolani mapaketi odutsa pamalumikizidwe okhazikitsidwa kale
sudo iptables -A FORWARD -p all -m state --state ESTABLISHED,RELATED -j ACCEPTTidzasiya ndondomekoyi pamene dongosolo liyambiranso pogwiritsa ntchito zolemba zoyambirira kwa owerenga monga ntchito ya kunyumba.
Ngati mukufuna kupereka IP kwa makasitomala basi, mudzafunikanso kukhazikitsa mtundu wina wa ntchito ya DHCP pa mlatho wakomweko. Izi zimamaliza kukhazikitsidwa kwa seva ndipo mutha kupita kwa makasitomala. SoftEther imathandizira ma protocol ambiri, kugwiritsa ntchito komwe kumadalira luso la zida za LAN.
netstat -ap |grep vpnserver
Popeza router yathu yoyesa imagwiranso ntchito pansi pa Ubuntu, tiyeni tiyike phukusi la softether-vpnclient ndi softether-vpncmd kuchokera kumalo akunja kuti agwiritse ntchito proprietary protocol. Muyenera kuyendetsa kasitomala:
sudo vpnclient startKuti mukonze, gwiritsani ntchito vpncmd, ndikusankha localhost ngati makina omwe vpnclient ikuyendetsa. Malamulo onse amapangidwa mu console: muyenera kupanga mawonekedwe enieni (NicCreate) ndi akaunti (AccountCreate).
Nthawi zina, muyenera kufotokoza njira yotsimikizira pogwiritsa ntchito AccountAnonymousSet, AccountPasswordSet, AccountCertSet, ndi AccountSecureCertSet malamulo. Popeza sitigwiritsa ntchito DHCP, adilesi ya adaputalayo imayikidwa pamanja.
Kuwonjezera apo, tifunika kuthandizira ip patsogolo (option net.ipv4.ip_forward=1 mu fayilo ya /etc/sysctl.conf) ndikukonzekera njira zokhazikika. Ngati ndi kotheka, pa VDS yokhala ndi Suricata, mutha kukonza kutumiza kwa doko kuti mugwiritse ntchito ntchito zomwe zayikidwa pa netiweki yakomweko. Pa izi, kuphatikiza kwa maukonde kumatha kuonedwa ngati kokwanira.
Kusintha kwathu komwe tikufuna kudzawoneka motere:
Kupanga Suricata
Π tidakambirana za njira ziwiri zogwirira ntchito za IDS: kudzera pamzere wa NFQUEUE (NFQ mode) ndi zero copy (AF_PACKET mode). Yachiwiri imafuna mawonekedwe awiri, koma imathamanga - tidzaigwiritsa ntchito. Parameter imayikidwa mwachisawawa mu /etc/default/suricata. Tiyeneranso kusintha gawo la vars mu /etc/suricata/suricata.yaml, kukhazikitsa pafupifupi subnet pamenepo ngati kunyumba.
Kuti muyambitsenso IDS, gwiritsani ntchito lamulo:
systemctl restart suricataYankho lake ndi lokonzeka, tsopano mungafunike kuyesa kuti mukanize zochita zoipa.
Kutengera kuukira
Pakhoza kukhala zochitika zingapo zogwiritsira ntchito nkhondo yakunja kwa IDS:
Chitetezo ku DDoS (cholinga choyambirira)
Ndizovuta kugwiritsa ntchito njira yotereyi mkati mwamakampani, chifukwa mapaketi owunikira ayenera kupita ku mawonekedwe adongosolo omwe amayang'ana pa intaneti. Ngakhale ma IDS atawatsekereza, magalimoto abodza amatha kutsitsa ulalo wa data. Kuti mupewe izi, muyenera kuyitanitsa VPS yokhala ndi intaneti yogwira ntchito mokwanira yomwe imatha kudutsa magalimoto onse amderali komanso magalimoto onse akunja. Nthawi zambiri zimakhala zosavuta komanso zotsika mtengo kuchita izi kuposa kukulitsa njira yaofesi. Monga njira ina, ndikofunikira kutchula ntchito zapadera zodzitetezera ku DDoS. Mtengo wa mautumiki awo ndi wofanana ndi mtengo wa seva yeniyeni, ndipo sikutanthauza kusinthidwa kwa nthawi yambiri, koma palinso zovuta - kasitomala amalandira chitetezo cha DDoS kokha pa ndalama zake, pamene IDS yake ikhoza kukhazikitsidwa monga inu. monga.
Chitetezo ku kuukira kwakunja kwa mitundu ina
Suricata imatha kuthana ndi zoyesayesa zogwiritsa ntchito zovuta zosiyanasiyana m'mabungwe amakampani omwe amapezeka pa intaneti (ma seva yamakalata, seva yapaintaneti ndi kugwiritsa ntchito intaneti, ndi zina). Kawirikawiri, chifukwa cha izi, IDS imayikidwa mkati mwa LAN pambuyo pa zipangizo zamalire, koma kuzitengera kunja kuli ndi ufulu wokhalapo.
Chitetezo kuchokera kwa omwe ali mkati
Ngakhale woyang'anira dongosolo ayesetsa kuchita bwino, makompyuta omwe ali pamakampani amakampani amatha kukhala ndi pulogalamu yaumbanda. Kuonjezera apo, nthawi zina m'dera laderalo mumapezeka zigawenga, zomwe zimayesa kuchita zinthu zina zosaloledwa. Suricata ikhoza kuthandizira kuletsa zoyesayesa zotere, ngakhale kuteteza maukonde amkati ndi bwino kuyiyika mkati mozungulira ndikuigwiritsa ntchito molumikizana ndi chosinthira chowongolera chomwe chimatha kuwonetsa kuchuluka kwa magalimoto ku doko limodzi. IDS yakunja nayonso ndiyopanda pake pankhaniyi - mwina idzatha kuyeserera ndi pulogalamu yaumbanda yokhala pa LAN kuti ilumikizane ndi seva yakunja.
Poyamba, tipanga kuyesa kwina kuukira VPS, ndipo pa rauta yapaintaneti yapafupi tidzakweza Apache ndi kasinthidwe kosasintha, kenako tidzatumiza doko la 80 kuchokera pa seva ya IDS. Kenako, tidzayerekeza kuwukira kwa DDoS kuchokera kwa omwe akuwukira. Kuti muchite izi, koperani kuchokera ku GitHub, pangani ndikuyendetsa pulogalamu yaying'ono ya xerxes pamalo owukira (mungafunike kukhazikitsa phukusi la gcc):
git clone https://github.com/Soldie/xerxes-DDos-zanyarjamal-C.git
cd xerxes-DDos-zanyarjamal-C/
gcc xerxes.c -o xerxes
./xerxes 45.132.17.140 80Zotsatira za ntchito yake zinali motere:
Suricata amadula woyipayo, ndipo tsamba la Apache limatsegulidwa mwachisawawa, ngakhale tidawukira mopanda pake komanso njira yakufa ya "ofesi" (kwenikweni) network. Kuti mudziwe zambiri, muyenera kugwiritsa ntchito . Amapangidwa kuti aziyesa kulowa mkati ndipo amakulolani kuti muyesere zowukira zosiyanasiyana. Malangizo oyika pa webusaiti ya polojekiti. Mukayika, zosintha zimafunika:
sudo msfupdateKuti muyese, yendetsani msfconsole.
Tsoka ilo, mitundu yaposachedwa ya chimango ilibe luso lotha kusweka, chifukwa chake zochita ziyenera kusanjidwa pamanja ndikuyendetsedwa pogwiritsa ntchito lamulo logwiritsa ntchito. Poyamba, ndikofunikira kudziwa madoko otseguka pamakina omwe akuwukiridwa, mwachitsanzo, kugwiritsa ntchito nmap (kwa ife, idzasinthidwa ndi netstat pa omwe akuwukira), ndiyeno sankhani ndikugwiritsa ntchito yoyenera. .
Palinso njira zina zoyesera kulimba kwa IDS pakuwukiridwa, kuphatikiza ntchito zapaintaneti. Chifukwa cha chidwi, mutha kukonza zoyesa kupsinjika pogwiritsa ntchito mtundu woyeserera . Kuti muwone zomwe zimachitika kwa omwe alowa mkati, ndikofunikira kukhazikitsa zida zapadera pa imodzi mwamakina pamaneti am'deralo. Pali zosankha zambiri ndipo nthawi ndi nthawi ziyenera kugwiritsidwa ntchito osati kumalo oyesera okha, komanso ku machitidwe ogwira ntchito, izi ndizosiyana kwambiri.
Source: www.habr.com