Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa Suricata 6.0 intrusion monitoring system

Kutulutsidwa kwa Suricata 6.0 intrusion monitoring system

Pambuyo pa chaka cha chitukuko, bungwe la OISF (Open Information Security Foundation). losindikizidwa kutulutsidwa kwa njira yodziwira kulowerera kwa netiweki ndi kupewa Meerkat 6.0, yomwe imapereka njira yowunikira mitundu yosiyanasiyana yamayendedwe. M'makonzedwe a Suricata, ndizololedwa kugwiritsa ntchito ma signature maziko, yopangidwa ndi polojekiti ya Snort, komanso malamulo Zowopsa Zomwe Zikubwera ΠΈ Emerging Threats Pro. Project source kodi kufalitsa zololedwa pansi pa GPLv2.

Zosintha zazikulu:

  • Thandizo loyambirira la HTTP/2.
  • Thandizo la ma protocol a RFB ndi MQTT, kuphatikizapo kutha kufotokozera ndondomeko ndi kusunga chipika.
  • Kuthekera kodula mitengo ya protocol ya DCERPC.
  • Kusintha kwakukulu pakudula mitengo kudzera mu kagawo kakang'ono ka EVE, komwe kamapereka zochitika mumtundu wa JSON. Kupititsa patsogoloku kudatheka chifukwa chogwiritsa ntchito makina atsopano a JSON olembedwa m'chinenero cha Rust.
  • Kuwonongeka kwa dongosolo la logi la EVE kwawonjezeka ndipo kuthekera kosunga fayilo yosiyana ya ulusi uliwonse kwakhazikitsidwa.
  • Kutha kufotokozera zikhalidwe zokhazikitsiranso zambiri ku chipika.
  • Kuthekera kowonetsa ma adilesi a MAC mu chipika cha EVE ndikuwonjezera tsatanetsatane wa chipika cha DNS.
  • Kupititsa patsogolo ntchito ya injini yoyenda.
  • Thandizo pakuzindikiritsa machitidwe a SSH (HASSH).
  • Kukhazikitsa kodulira tunnel ya GENEVE.
  • Khodi yokonza yalembedwanso m'chinenero cha Rust ASN.1, DCERPC ndi SSH. Dzimbiri imathandiziranso ma protocol atsopano.
  • M'chinenero chotanthauzira malamulo, chithandizo cha from_end parameter chawonjezeredwa ku byte_jump keyword, ndipo chithandizo cha bitmask parameter chawonjezedwa ku byte_test. Anakhazikitsa mawu achinsinsi a pcrexform kuti alole mawu okhazikika (pcre) kuti agwiritsidwe ntchito kujambula kachigawo kakang'ono. Anawonjezera kutembenuka kwa urldecode. Mawu ofunikira a byte_math.
  • Amapereka mwayi wogwiritsa ntchito cbindgen kupanga zomangira m'zilankhulo za Rust ndi C.
  • Anawonjezera chithandizo choyambirira cha plugin.

Zotsatira za Suricata:

  • Kugwiritsa Ntchito Fomu Yogwirizana Kuwonetsa Zotsatira Zotsimikizira mgwirizano2, yomwe imagwiritsidwanso ntchito ndi polojekiti ya Snort, kulola kugwiritsa ntchito zida zowunikira monga bwalo2. Kutha kuphatikiza ndi BASE, Snorby, Sguil ndi SQueRT. Kuthandizira kutulutsa mu mtundu wa PCAP;
  • Thandizo lodziwikiratu ma protocol (IP, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, etc.), zomwe zimakulolani kuti mugwiritse ntchito malamulo okha ndi mtundu wa protocol, osatchula nambala ya doko (mwachitsanzo. , kuletsa kuchuluka kwa HTTP padoko losakhala wamba) . Ma decoder a HTTP, SSL, TLS, SMB, SMB2, DCERPC, SMTP, FTP ndi SSH protocol;
  • Dongosolo lamphamvu lakusanthula magalimoto a HTTP lomwe limagwiritsa ntchito laibulale yapadera ya HTP yopangidwa ndi mlembi wa projekiti ya Mod_Security kuti awerenge ndikuwongolera kuchuluka kwa HTTP. Ma module akupezeka kuti asungire chipika chatsatanetsatane cha kusamutsidwa kwa HTTP, chipikacho chimasungidwa mumtundu wokhazikika
    Apache. Kutulutsa ndi kutsimikizira mafayilo omwe amasamutsidwa kudzera pa protocol ya HTTP kumathandizidwa. Thandizo la kusanthula kothinikizidwa. Kutha kuzindikira ndi URI, Cookie, mitu, wogwiritsa ntchito, bungwe lopempha / yankho;

  • Kuthandizira kwamakomedwe osiyanasiyana oletsa magalimoto, kuphatikiza NFQueue, IPFRing, LibPcap, IPFW, AF_PACKET, PF_RING. Ndizotheka kusanthula mafayilo osungidwa kale mumtundu wa PCAP;
  • Kuchita kwakukulu, kuthekera kosinthira mitsinje mpaka 10 gigabits / sekondi pazida wamba.
  • Injini yofananira ndi chigoba chachikulu yokhala ndi ma adilesi akulu a IP. Kuthandizira kusankha zomwe zili ndi chigoba komanso mawu okhazikika. Kupatukana kwamafayilo kumayendedwe, kuphatikiza kuwazindikiritsa ndi dzina, mtundu kapena MD5 checksum.
  • Kutha kugwiritsa ntchito zosinthika m'malamulo: mutha kusunga zambiri kuchokera pamtsinje ndipo kenako muzigwiritsa ntchito m'malamulo ena;
  • Kugwiritsa ntchito mtundu wa YAML mumafayilo osinthira, omwe amakulolani kuti muzitha kuwoneka mosavuta pamakina;
  • Thandizo lonse la IPv6;
  • Injini yopangidwira kuti iwonongeke komanso kukonzanso mapaketi, omwe amalola kuonetsetsa kuti mitsinje ikonzedwa moyenera, mosasamala kanthu za dongosolo lomwe mapaketi amafika;
  • Thandizo la ma protocol: Teredo, IP-IP, IP6-IP4, IP4-IP6, GRE;
  • Thandizo lolemba paketi: IPv4, IPv6, TCP, UDP, SCTP, ICMPv4, ICMPv6, GRE, Ethernet, PPP, PPPoE, Raw, SLL, VLAN;
  • Njira yolowera mitengo yamakiyi ndi ziphaso zomwe zimawoneka mkati mwa kulumikizana kwa TLS/SSL;
  • Kutha kulemba zolemba za Lua kuti apereke kusanthula kwapamwamba ndikugwiritsa ntchito zina zowonjezera zofunika kuzindikira mitundu yamagalimoto omwe malamulo okhazikika sali okwanira.

Source: opennet.ru

Kuwonjezera ndemanga