ProHoster > Blog > internet nhau > Kuburitswa kweSuricata 6.0 intrusion yekuona system

Kuburitswa kweSuricata 6.0 intrusion yekuona system

Mushure megore rekusimudzira, sangano reOISF (Open Information Security Foundation). yakabudiswa kuburitswa kwe network intrusion yekuona uye kudzivirira system Meerkat 6.0, iyo inopa zvishandiso zvekuongorora marudzi akasiyana-siyana emotokari. MuSuricata zvigadziriso zvinogoneka kushandisa signature databases, yakagadziridzwa neSnort project, pamwe chete nemaseti emitemo Kutyisidzirwa Zvirikuitika ΠΈ Emerging Threats Pro. Project sources paradzira ane rezinesi pasi peGPLv2.

Shanduko huru:

  • Yekutanga tsigiro yeHTTP/2.
  • Tsigiro yeRFB neMQTT protocol, kusanganisira kugona kutsanangura iyo protocol uye kuchengetedza danda.
  • Kugona kwekucheka kweiyo DCERPC protocol.
  • Kuvandudza kwakakosha mukuita matanda kuburikidza neEVE subsystem, iyo inopa chiitiko chinobuda muJSON fomati. Iko kukwidziridzwa kwakawanikwa nekuda kwekushandiswa kweJSON stock builder yakanyorwa neRust mutauro.
  • Iyo scalability yeEVE log system yakawedzerwa uye kugona kuchengetedza rakasiyana regi faira kune yega yega tambo yaitwa.
  • Kugona kutsanangura mamiriro ekugadzirisa zvakare ruzivo kune log.
  • Kugona kwekuratidzira kero dzeMAC muiyo EVE logi uye kuwedzera iwo iwo ruzivo rweiyo DNS log.
  • Kuvandudza kushanda kweinjini yekuyerera.
  • Tsigiro yekuzivisa SSH kuita (HASSH).
  • Kuitwa kweGENEVE tunnel decoder.
  • Kodhi yekugadziriswa yakanyorwa patsva mumutauro weRust ASN.1, DCERPC uye SSH. Rust inotsigirawo maprotocol matsva.
  • Mumutauro wetsanangudzo yemutemo, tsigiro yekubva_end paramende yawedzerwa kune byte_jump kiyi kiyi, uye tsigiro yeiyo bitmask paramende yakawedzerwa kune byte_test. Yakamisikidza pcrexform kiyi kiyi kubvumidza yakajairika mataurirwo (pcre) kushandiswa kutora substring. Yakawedzera urldecode shanduko. Yakawedzerwa byte_math keyword.
  • Inopa kugona kushandisa cbindgen kugadzira zvinosungirwa muRust uye C mitauro.
  • Yakawedzera yekutanga plugin rutsigiro.

Zvinoumba Suricata:

  • Uchishandisa fomati yakabatana kuratidza mhinduro dze scan Unified2, inoshandiswawo neSnort project, iyo inobvumira kushandiswa kwemaitiro ekuongorora maturusi akadai mbare2. Kugona kwekubatanidza neBASE, Snorby, Sguil uye SKerRT zvigadzirwa. PCAP yakabuda rutsigiro;
  • Tsigiro yekuongorora otomatiki yeprotocol (IP, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, nezvimwewo), zvichikubvumidza kuti ushande mumitemo chete nemhando yeprotocol, pasina kutaurwa kune nhamba yechiteshi (semuenzaniso, block HTTP traffic pane isiri-standard port) . Kuwanikwa kwemadhikodha eHTTP, SSL, TLS, SMB, SMB2, DCERPC, SMTP, FTP uye SSH protocol;
  • Iyo ine simba HTTP traffic yekuongorora system inoshandisa yakakosha raibhurari yeHTP yakagadzirwa nemunyori weMod_Security purojekiti kuburitsa uye kugadzirisa HTTP traffic. A module inowanikwa kuchengetedza yakadzama yerogi yekufambisa HTTP kutamiswa; irogi rinochengetwa mune yakajairwa fomati
    Apache. Kutora uye kutarisa mafaera anofambiswa kuburikidza neHTTP kunotsigirwa. Tsigiro yekupatsanura zvakamisikidzwa zvemukati. Kugona kuziva neURI, Cookie, misoro, mushandisi-mumiriri, chikumbiro/muviri wekupindura;

  • Tsigiro yeakasiyana mainterface ekuvharira traffic, kusanganisira NFQueue, IPFRing, LibPcap, IPFW, AF_PACKET, PF_RING. Zvinokwanisika kuongorora mafaira akachengetwa kare muPCAP format;
  • Kuita kwepamusoro, kugona kugadzirisa kunoyerera kusvika kugumi gigabits/sec pane zvakajairika midziyo.
  • Yepamusoro-inoshanda mask yekufananidza michina yemaseti makuru eIP kero. Tsigiro yekusarudza zvirimo nemasiki uye zvinogara zvichitaurwa. Kuparadzanisa mafaera kubva kutraffic, kusanganisira kuzivikanwa kwawo nemazita, mhando kana MD5 checksum.
  • Kugona kushandisa zvinoshanduka mumitemo: unogona kuchengetedza ruzivo kubva kune rukova uye gare gare ushandise mune mamwe mitemo;
  • Kushandisa iyo YAML fomati mumafaira ekumisikidza, ayo anotendera iwe kuti uchengetedze kujeka uchiri nyore kugadzira muchina;
  • Yakazara IPv6 rutsigiro;
  • Yakavakirwa-mukati injini yeotomatiki defragmentation uye kuunganazve kwemapaketi, ichibvumira kugadzirisa kwakaringana hova, zvisinei nekurongeka uko mapaketi anosvika;
  • Tsigiro yetunneling protocol: Teredo, IP-IP, IP6-IP4, IP4-IP6, GRE;
  • Packet decoding support: IPv4, IPv6, TCP, UDP, SCTP, ICMPv4, ICMPv6, GRE, Ethernet, PPP, PPPoE, Raw, SLL, VLAN;
  • Mode yekucheka makiyi uye zvitupa zvinoonekwa mukati meTLS/SSL zvinongedzo;
  • Kugona kunyora zvinyorwa muLua kupa ongororo yepamusoro uye kushandisa mamwe masimba anodiwa kuona mhando dzetraffic iyo yakajairwa mitemo isina kukwana.

Source: opennet.ru

Voeg