Cisco Company yekupedzisira beta vhezheni yeyakagadziridzwa patsva yekudzivirira kurwisa system , inozivikanwawo seSnort ++ purojekiti, yanga ichishanda nguva nenguva kubvira 2005. Mumiriri wekusunungurwa akarongwa kuburitswa gare gare gore rino.
Mubazi idzva, pfungwa yechigadzirwa inodzokororwa zvachose uye chivakwa chinogadziridzwa. Pakati penzvimbo dzakasimbiswa pakugadzirira bazi idzva, pakanga paine kurerutswa kwekumisikidza uye kutanga Snort, otomatiki yekumisikidza, kurerutsa mutauro wekuvaka mitemo, kuona otomatiki kwezvibvumirano zvese, kupihwa kwegoko rekutonga kubva pakuraira. mutsara, kushingaira kushandiswa kwemultithreading nekugoverana kwekugoverana kwema processors akasiyana kune imwe chete gadziriro.
Zvinotevera zvakakosha zvitsva zvakaitwa:
- Shanduko yakaitwa kune itsva yekumisikidza sisitimu inopa yakapfava syntax uye inobvumira kushandiswa kwezvinyorwa kugadzira zvine simba zvigadziriso. LuaJIT inoshandiswa kugadzirisa mafaira ekugadzirisa. Plugins yakavakirwa paLuaJIT inopiwa nekushandiswa kwezvimwe zvingasarudzwa zvemitemo uye hurongwa hwekutema matanda;
- Injini yekuona yekurwisa yakagadziridzwa, mitemo yakagadziridzwa, uye kugona kusunga mabuffers mumitemo (sticky buffers) kwakawedzerwa. Injini yekutsvaga yeHyperscan yakashandiswa, iyo yakaita kuti zvikwanise kushandiswa nekukurumidza uye zvakanyanya kukonzerwa nemaitiro akakonzerwa nekutaura nguva dzose mumitemo;
- Yakawedzera nzira itsva yekutarisisa yeHTTP iyo inofunga nezvesesheni mamiriro uye inovhara 99% yemamiriro ezvinhu anotsigirwa nebvunzo suite. . Kodhi yekutsigira HTTP/2 iri mukuvandudzwa;
- Kuita kweiyo yakadzika packet inspection mode yakagadziridzwa zvakanyanya. Yakawedzera kugona ku-multi-thread packet processing, zvichibvumira kuuraya panguva imwe chete yetambo dzinoverengeka nemapaketi processors uye nekupa mutsara scalability zvichienderana nehuwandu hweCPU cores;
- A common configuration storage and attribute tables akaitwa, ayo anogovaniswa pakati pema subsystems akasiyana, ayo akaderedza zvakanyanya kudyiwa kwendangariro nekubvisa kudzokorora kweruzivo;
- Mutsva wechiitiko chekutema dhizaini uchishandisa JSON fomati uye nyore kusanganiswa nemapuratifomu ekunze akadai seElastic Stack;
- Shanduko kune modular architecture, kugona kuwedzera mashandiro kuburikidza nekubatanidza plugins uye kuita makiyi subsystems muchimiro cheanotsiviwa plugins. Parizvino, mazana emazana plugins akatoshandiswa kuSnort 3, achivhara nzvimbo dzakasiyana dzemashandisirwo, semuenzaniso, achikubvumidza iwe kuti uwedzere ako ega macodecs, nzira dzekuona, nzira dzekutema miti, zviito uye sarudzo mumitemo;
- Kuzvionera otomatiki kweanomhanya masevhisi, kubvisa kudiwa kwekudoma nemaoko anoshanda network ports.
Shanduko zvichienzaniswa neyekupedzisira bvunzo kuburitswa, iyo yakaburitswa muna 2018:
- Yakawedzera tsigiro yemafaira kuti ikurumidze kupfuudza zvigadziriso zvine chekuita neiyo default gadziriso;
- Iyo kodhi inopa kugona kushandisa C ++ inovaka inotsanangurwa muC ++ 14 chiyero (kuvaka kunoda compiler inotsigira C ++ 14);
- Yakawedzera mutsva weVXLAN mugadziri;
- Kuvandudzwa kwekutsvaga kwemhando dzemukati nemukati uchishandisa yakagadziridzwa imwe algorithm kuita ΠΈ ;
- Iyo HTTP/2 traffic inspection system inenge yaunzwa pakugadzirira zvizere;
- Kutanga kunokwidziridzwa nekushandisa tambo dzakawanda kuunganidza mapoka emitemo;
- Yakawedzera nzira itsva yekutema matanda;
- Kuvandudzwa kwekuonekwa kwezvikanganiso zveLua uye optimized whitelists;
- Shanduko dzakaitwa kuti dzibvumire kurodha zvakare kwezvigadziriso panhunzi;
- Iyo RNA (Real-time Network Awareness) yekuongorora system yakawedzerwa, kuunganidza ruzivo nezve zviwanikwa, mauto, maapplication uye masevhisi aripo pane network;
- Kurerutsa kugadzirisa, kushandiswa kwe snort_config.lua uye SNORT_LUA_PATH kwakamiswa.
Source: opennet.ru