Π sigubungele indlela yokuqhuba inguqulelo ezinzileyo yeSuricata ku-Ubuntu 18.04 LTS. Ukuseta i-IDS kwindawo enye kunye nokuvumela iiseti zemithetho yasimahla zilula kakhulu. Namhlanje siza kubona indlela yokukhusela inethiwekhi yenkampani usebenzisa iintlobo eziqhelekileyo zokuhlaselwa usebenzisa i-Suricata efakwe kwi-server ebonakalayo. Ukwenza oku, sifuna i-VDS kwi-Linux ene-computing cores ezimbini. Isixa se-RAM sixhomekeke kumthwalo: i-2 GB yanele kumntu, kwaye i-4 okanye i-6 inokufuneka kwimisebenzi enzima ngakumbi. Inzuzo yomatshini wenyani kukukwazi ukuzama: ungaqala ngokucwangciswa okuncinci kwaye ukwandise. izixhobo eziyimfuneko.
Ifoto: Reuters
Ukudibanisa iinethiwekhi
Ukususa i-IDS kumatshini wenyani kwasekuqaleni kungafuneka kuvavanyo. Ukuba awuzange ujongane nezisombululo ezinjalo, akufanele ukhawuleze ukuya kwi-hardware yomzimba kwaye utshintshe i-architecture yenethiwekhi. Kungcono ukuqhuba inkqubo ngokukhuselekileyo nangeendleko ezifanelekileyo ukumisela iimfuno zakho zekhompyutha. Kubalulekile ukuqonda ukuba yonke i-traffic yenkampani iya kufuneka igqithwe kwindawo enye yangaphandle: ukudibanisa inethiwekhi yendawo (okanye iinethiwekhi ezininzi) kwi-VDS ene-IDS Suricata efakwe, ungasebenzisa. -I-server ye-VPN ekulula ukuyiqwalasela, i-cross-platform ebonelela nge-encryption eyomeleleyo. I-intanethi ye-intanethi ye-intanethi ayinayo i-IP yangempela, ngoko ke kungcono ukuyibeka kwi-VPS. Azikho iipakethi esele zenziwe kwindawo yokugcina Ubuntu, kuya kufuneka ukhuphele isoftware nokuba ivela , okanye ukusuka kwindawo yokugcina yangaphandle kwinkonzo (ukuba uyamthemba):
sudo add-apt-repository ppa:paskal-07/softethervpn
sudo apt-get updateUngajonga uluhlu lweepakethe ezikhoyo ngalo myalelo ulandelayo:
apt-cache search softether
Siya kufuna i-softether-vpnserver (umncedisi kuqwalaselo lovavanyo lusebenza kwi-VDS), kunye ne-softether-vpncmd - izixhobo zomgca womyalelo wokuyiqwalasela.
sudo apt-get install softether-vpnserver softether-vpncmdUsetyenziso olukhethekileyo lomgca womyalelo lusetyenziselwa ukuqwalasela umncedisi:
sudo vpncmd
Asiyi kuthetha ngokubanzi malunga nokucwangcisa: inkqubo ilula kakhulu, ichazwe kakuhle kwiincwadi ezininzi kwaye ayihambelani ngqo nesihloko senqaku. Ngamafutshane, emva kokuqala i-vpncmd, kufuneka ukhethe into 1 ukuya kwi-console yokulawula iseva. Ukwenza oku, kufuneka ufake igama lendawo kwaye ucinezele u-enter endaweni yokufaka igama le hub. Igama eligqithisiweyo lomlawuli libekwe kwi-console kunye nomyalelo we-serverpasswordset, i-DEFAULT i-hub ebonakalayo iyacinywa (umyalelo we-hubdelete) kwaye entsha yenziwe ngegama elithi Suricata_VPN, kunye negama lokugqitha libekwe (hubcreate command). Emva koko, kufuneka uye kwikhonsoli yokulawula yehabhu entsha usebenzisa i-hub Suricata_VPN umyalelo wokudala iqela kunye nomsebenzisi usebenzisa i-groupcreate kunye nemiyalelo yomsebenzisi. Igama lokugqithisa lomsebenzisi limiselwe kusetyenziswa isethi yegama lokugqitha.
I-SoftEther isekela iindlela ezimbini zokudlulisa i-traffic: SecureNAT kunye neBhulorho yeNdawo. Eyokuqala bubuchwephesha bobunini bokwakha inethiwekhi yabucala ebonakalayo eneNAT yayo kunye neDHCP. I-SecureNAT ayifuni i-TUN/TAP okanye i-Netfilter okanye ezinye iisetingi zomlilo. Umzila awuchaphazeli undoqo wenkqubo, kwaye zonke iinkqubo zenziwe ngokubonakalayo kwaye zisebenza kuyo nayiphi na i-VPS / VDS, kungakhathaliseki ukuba i-hypervisor esetyenziswayo. Oku kubangela ukwanda komthwalo we-CPU kunye nesantya esicothayo xa kuthelekiswa nemowudi yeBhulorho yeNdawo, edibanisa i-hub ye-SoftEther ebonakalayo kwi-adapter yenethiwekhi yomzimba okanye isixhobo se-TAP.
Uqwalaselo kulo mzekelo luba nzima ngakumbi, kuba umzila wenziwa kwinqanaba le-kernel usebenzisa i-Netfilter. I-VDS yethu yakhiwe kwi-Hyper-V, ngoko ke kwinqanaba lokugqibela senza ibhuloho yendawo kwaye sisebenze isixhobo se-TAP kunye ne-bridgecreate Suricate_VPN -device: suricate_vpn -tap: ewe umyalelo. Emva kokuphuma kwikhonsoli yolawulo lwehabhu, siya kubona ujongano olutsha lwenethiwekhi kwinkqubo engekabelwa iIP:
ifconfig
Okulandelayo, kuya kufuneka wenze ipakethe indlela phakathi kojongano (ip phambili), ukuba ayisebenzi:
sudo nano /etc/sysctl.confSukuphawula lo mgca ulandelayo:
net.ipv4.ip_forward = 1Gcina utshintsho kwifayile, phuma kumhleli kwaye uzisebenzise ngalo myalelo ulandelayo:
sudo sysctl -pOkulandelayo, kufuneka sichaze i-subnet yenethiwekhi yenyani kunye nee-IP ezikhohlisayo (umzekelo, 10.0.10.0/24) kwaye sinikeze idilesi kujongano:
sudo ifconfig tap_suricata_vp 10.0.10.1/24Emva koko kufuneka ubhale imithetho ye-Netfilter.
1. Ukuba kuyimfuneko, vumela iipakethi ezingenayo kwii-port zokumamela (i-SoftEther proprietary protocol isebenzisa i-HTTPS kunye ne-port 443)
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 992 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 5555 -j ACCEPT2. Cwangcisa i-NAT ukusuka kwi-10.0.10.0/24 subnet ukuya kumncedisi oyintloko we-IP
sudo iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -j SNAT --to-source 45.132.17.1403. Vumela iipakethi ezidlulayo kwi-subnet 10.0.10.0/24
sudo iptables -A FORWARD -s 10.0.10.0/24 -j ACCEPT4. Vumela iipakethi zokupasa kuqhagamshelwano olusele lusekiwe
sudo iptables -A FORWARD -p all -m state --state ESTABLISHED,RELATED -j ACCEPTSiya kushiya i-automation yenkqubo xa inkqubo iphinda iqaliswe kusetyenziswa izikripthi zokuqalisa kubafundi njengomsebenzi wasekhaya.
Ukuba ufuna ukunika i-IP kubathengi ngokuzenzekelayo, kuya kufuneka kwakhona ufake uhlobo oluthile lwenkonzo ye-DHCP kwibhulorho yendawo. Oku kugqiba ukuseta iseva kwaye ungaya kubaxhasi. ISoftEther ixhasa iiprotocol ezininzi, ukusetyenziswa kwazo kuxhomekeke kubuchule bezixhobo zeLAN.
netstat -ap |grep vpnserver
Ekubeni i-router yethu yokuvavanya isebenza phantsi kwe-Ubuntu, masifake i-softether-vpnclient kunye ne-softether-vpncmd iiphakheji ezivela kwindawo yokugcina yangaphandle ukuze sisebenzise iprotocol yobunikazi. Kuya kufuneka uqhube umxhasi:
sudo vpnclient startUkuqwalasela, sebenzisa into eluncedo ye-vpncmd, ukhetha inginginya yendawo njengomatshini apho i-vpnclient isebenza khona. Yonke imiyalelo yenziwe kwikhonsoli: kuya kufuneka wenze ujongano olubonakalayo (NicCreate) kunye neakhawunti (AccountCreate).
Kwezinye iimeko, kufuneka ucacise indlela yokuqinisekisa usebenzisa i-AkhawuntiAnonymousSet, i-AkhawuntiPasswordSet, i-AccountCertSet, kunye nemiyalelo ye-AccountSecureCertSet. Ekubeni singasebenzisi i-DHCP, idilesi ye-adapter ebonakalayo isetwa ngesandla.
Ukongeza, kufuneka sivumele i-ip phambili (inketho net.ipv4.ip_forward=1 kwifayile /etc/sysctl.conf) kwaye uqwalasele iindlela ezimileyo. Ukuba kuyimfuneko, kwi-VDS kunye neSuricata, ungaqwalasela ukuthunyelwa kwezibuko ukusebenzisa iinkonzo ezifakwe kwinethiwekhi yendawo. Kule nto, ukudityaniswa kwenethiwekhi kunokuqwalaselwa ngokupheleleyo.
Ulungelelwaniso lwethu olucetywayo luya kujongeka ngolu hlobo:
Ukumisela iSuricata
Π sathetha ngeendlela ezimbini zokusebenza kwe-IDS: nge-NFQUEUE queue (imo ye-NFQ) kunye nekopi ye-zero (imo ye-AF_PACKET). Eyesibini ifuna ujongano ezimbini, kodwa ikhawuleza - siya kuyisebenzisa. Iparameter isetwa ngokungagqibekanga kwi/etc/default/suricata. Kwakhona kufuneka sihlele icandelo levars kwi /etc/suricata/suricata.yaml, ukuseta i-subnet yenyani apho njengekhaya.
Ukuqalisa kwakhona i-IDS, sebenzisa lo myalelo:
systemctl restart suricataIsisombululo silungile, ngoku unokufuna ukuvavanya ukuchasana nezenzo ezinobungozi.
Ukulinganisa uhlaselo
Kunokubakho iimeko ezininzi zokulwa nokusetyenziswa kwenkonzo ye-IDS yangaphandle:
Ukukhuselwa kuhlaselo lweDDoS (injongo ephambili)
Kunzima ukuphumeza ukhetho olunjalo ngaphakathi kwenethiwekhi yenkampani, kuba iipakethi zohlalutyo kufuneka zifike kujongano lwenkqubo olujonga kwi-Intanethi. Nokuba i-IDS iyabavimba, itrafikhi ekhohlisayo inokuthoba ikhonkco ledatha. Ukuze ugweme oku, kufuneka u-odole i-VPS enoqhagamshelo lwe-Intanethi olunemveliso ngokwaneleyo enokuthi idlule yonke i-traffic yenethiwekhi yendawo kunye nayo yonke i-traffic yangaphandle. Kuhlala kulula kwaye kutshiphu ukwenza oku kunokwandisa itshaneli yeofisi. Njengenye indlela, kufanelekile ukukhankanya iinkonzo ezikhethekileyo zokukhusela kwi-DDoS. Iindleko zeenkonzo zabo zithelekiseka neendleko zomncedisi wenyani, kwaye ayifuni uqwalaselo oluchitha ixesha, kodwa kukwakho nezinto ezingeloncedo - umxhasi ufumana ukhuseleko lweDDoS kuphela ngemali yakhe, ngelixa i-IDS yakhe inokuqwalaselwa njengawe. njengaye.
Ukukhuselwa ekuhlaselweni kwangaphandle kwezinye iintlobo
I-Suricata iyakwazi ukujamelana neenzame zokusebenzisa ubuthathaka obahlukeneyo kwiinkonzo zenethiwekhi ezihlangeneyo ezifumaneka kwi-Intanethi (iseva ye-imeyile, iseva yewebhu kunye nezicelo zewebhu, njl. njl.). Ngokuqhelekileyo, kule nto, i-IDS ifakwe ngaphakathi kwe-LAN emva kwezixhobo zomda, kodwa ukuyithatha ngaphandle kunelungelo lokuba khona.
Ukukhuselwa kwabangaphakathi
Ngaphandle kweenzame ezilungileyo zomlawuli wenkqubo, iikhomputha kuthungelwano lwenkampani zinokosulelwa yi-malware. Ukongeza, ama-hooligan ngamanye amaxesha avela kwindawo yendawo, azama ukwenza imisebenzi engekho mthethweni. I-Suricata inokunceda ukuvimba iinzame ezinjalo, nangona ukukhusela inethiwekhi yangaphakathi kungcono ukuyifaka ngaphakathi kwi-perimeter kwaye uyisebenzise kwi-tandem kunye ne-switch elawulwayo ekwazi ukubonisa i-traffic kwi-port enye. I-IDS yangaphandle nayo ayinamsebenzi kule meko - ubuncinane iya kukwazi ukubamba iinzame nge-malware ehlala kwi-LAN ukuqhagamshelana nomncedisi wangaphandle.
Ukuqala, siza kudala olunye uvavanyo oluhlasela i-VPS, kwaye kwi-router yenethiwekhi yendawo siya kuphakamisa i-Apache kunye noqwalaselo olungagqibekanga, emva koko siya kuthumela i-port ye-80 kuyo kwi-IDS iseva. Okulandelayo, siyakulinganisa uhlaselo lwe-DDoS kumkhosi ohlaselayo. Ukwenza oku, khuphela kwi-GitHub, qulunqa kwaye usebenzise inkqubo encinci ye-xerxes kwindawo yokuhlasela (kunokufuneka ufake iphakheji ye-gcc):
git clone https://github.com/Soldie/xerxes-DDos-zanyarjamal-C.git
cd xerxes-DDos-zanyarjamal-C/
gcc xerxes.c -o xerxes
./xerxes 45.132.17.140 80Isiphumo somsebenzi wakhe saba ngolu hlobo lulandelayo:
I-Suricata inqumle i-villain, kwaye iphepha le-Apache livula ngokungagqibekanga, ngaphandle kohlaselo lwethu lwe-impromptu kunye nejelo elifileyo lenethiwekhi "yeofisi" (yekhaya ngokwenene). Ngemisebenzi enzima ngakumbi, kufuneka usebenzise . Yenzelwe uvavanyo lokungena kwaye ikuvumela ukuba ulinganise iintlobo zohlaselo. Imiyalelo yokufakela kwiwebhusayithi yeprojekthi. Emva kofakelo, kufuneka uhlaziyo:
sudo msfupdateUkuvavanya, sebenzisa i-msfconsole.
Ngelishwa, iinguqulelo zamva nje zesakhelo azinawo amandla okuqhekeka ngokuzenzekelayo, ke ukuxhaphaza kuya kufuneka kuhlelwe ngesandla kwaye kuqhutywe usebenzisa umyalelo wokusetyenziswa. Ukuqala, kufanelekile ukumisela izibuko ezivulekileyo kumatshini ohlaselweyo, umzekelo, ukusebenzisa i-nmap (kwimeko yethu, iya kutshintshwa ngokupheleleyo yi-netstat kumamkeli ohlaselwe), kwaye emva koko ukhethe kwaye usebenzise efanelekileyo. .
Kukho ezinye iindlela zokuvavanya ukomelela kwe-IDS kuhlaselo, kuquka neenkonzo ze-intanethi. Ngenxa yokufuna ukwazi, ungalungiselela uvavanyo loxinzelelo usebenzisa inguqulo yesilingo . Ukujonga ukusabela kwizenzo zabangeneleli bangaphakathi, kuyafaneleka ukufaka izixhobo ezikhethekileyo komnye woomatshini kwinethiwekhi yendawo. Kukho iinketho ezininzi kwaye amaxesha ngamaxesha kufuneka zisetyenziswe kungekuphela nje kwindawo yovavanyo, kodwa nakwiinkqubo zokusebenza, kuphela eli libali elihluke ngokupheleleyo.
umthombo: www.habr.com