Π
Ukuhogela noma i-Suricata. Ingxenye 1: Ukukhetha I-IDS/IPS Yamahhala Ukuvikela Inethiwekhi Yakho Yebhizinisi Ukuhogela noma i-Suricata. Ingxenye 2: Ukufakwa kanye nokusetha kokuqala kwe-Suricata
Ixhuma amanethiwekhi
Ukuhambisa i-IDS emshinini obonakalayo kungase kudingeke ngokuyinhloko ukuze kuhlolwe. Uma ungakaze ubhekane nezixazululo ezinjalo, akufanele ugijimele uku-oda i-hardware ebonakalayo futhi ushintshe ukwakheka kwenethiwekhi. Kungcono ukuhlola isistimu ngokuphepha futhi ngaphandle kwezindleko ezengeziwe ukuze unqume izidingo zakho zensiza yekhompyutha. Kubalulekile ukuqonda ukuthi yonke i-traffic yezinkampani kuzodingeka idluliselwe endaweni eyodwa yangaphandle: ukuxhuma inethiwekhi yendawo (noma amanethiwekhi amaningana) ku-VDS ene-IDS Suricata efakiwe, ungasebenzisa.
sudo add-apt-repository ppa:paskal-07/softethervpn
sudo apt-get update
Ungabuka uhlu lwamaphakheji atholakalayo usebenzisa umyalo olandelayo:
apt-cache search softether
Sizodinga i-softether-vpnserver (iseva ekucushweni kokuhlola isebenza ku-VDS), kanye ne-softether-vpncmd - izinsiza zomugqa womyalo ukuze uyilungiselele.
sudo apt-get install softether-vpnserver softether-vpncmd
Ukuze ulungiselele iseva, sebenzisa insiza yomugqa womyalo okhethekile:
sudo vpncmd
Ngeke sikhulume ngokuningiliziwe mayelana nokusetha: inqubo ilula kakhulu, ichazwe kahle ezincwadini eziningi futhi ayihlobene ngokuqondile nesihloko se-athikili. Ngamafuphi, ngemva kokuqala i-vpncmd udinga ukukhetha into 1 ukuze uye kukhonsoli yokuphatha iseva. Ukuze wenze lokhu, udinga ukufaka igama le-localhost bese ucindezela u-enter esikhundleni sokufaka igama lehabhu. Ku-console, setha iphasiwedi yomqondisi ngomyalo we-serverpasswordset, susa ihabhu ebonakalayo ye-DEFAULT (umyalo we-hubdelete) bese udala entsha enegama elithi Suricata_VPN, futhi usethe iphasiwedi yayo (umyalo we-hubcreate). Okulandelayo, udinga ukuya kukhonsoli yokuphatha yehabhu entsha usebenzisa umyalo wehabhu Suricata_VPN ukuze udale iqembu nomsebenzisi usebenzisa imiyalo ye-groupcreate and usercreate. Iphasiwedi yomsebenzisi isethwe kusetshenziswa isethi yegama lomsebenzisi.
I-SoftEther isekela izindlela ezimbili zokudlulisela ithrafikhi: I-SecureNAT ne-Local Bridge. Esokuqala ubuchwepheshe bobunikazi bokwakha inethiwekhi yangasese ebonakalayo ene-NAT ne-DHCP yayo. I-SecureNAT ayidingi i-TUN/TAP, futhi ayidingi i-Netfilter noma ezinye izilungiselelo zohlelo lokuvikela. Umzila awuwuthinti umgogodla wesistimu, futhi zonke izinqubo zenziwe nge-virtual futhi zisebenza kunoma iyiphi i-VPS/VDS, kungakhathaliseki ukuthi i-hypervisor esetshenzisiwe. Lokhu kubangela ukukhuphuka komthwalo we-CPU kanye nesivinini esincishisiwe uma kuqhathaniswa nemodi Yebhuloho Lendawo, elixhuma ihabhu ebonakalayo ye-SoftEther ku-adaptha yenethiwekhi yangempela noma idivayisi ye-TAP.
Ukucushwa kuleli cala kuba nzima kakhulu, njengoba umzila wenziwa ezingeni le-kernel usebenzisa i-Netfilter. I-VDS yethu yakhelwe ku-Hyper-V, ngakho esinyathelweni sokugcina sakha ibhuloho lendawo bese sivula idivayisi ye-TAP ngebhulohocreate Suricate_VPN -device:suricate_vpn -tap:yebo umyalo. Ngemuva kokuphuma kukhonsoli yokuphatha ihabhu, sizobona isixhumi esibonakalayo esisha kusistimu, esingakanikezwa i-IP:
ifconfig
Okulandelayo kuzodingeka unike amandla umzila wephakethe phakathi kwezixhumi ezibonakalayo (ip phambili) uma ingasebenzi:
sudo nano /etc/sysctl.conf
Susa amazwana kulayini olandelayo:
net.ipv4.ip_forward = 1
Sigcina izinguquko efayelini, siphume kusihleli bese sisisebenzisa sisebenzisa umyalo olandelayo:
sudo sysctl -p
Okulandelayo, sidinga ukuchaza i-subnet enama-IP angelona iqiniso kunethiwekhi ebonakalayo (isibonelo, 10.0.10.0/24) futhi sinikeze ikheli kusixhumi esibonakalayo:
sudo ifconfig tap_suricata_vp 10.0.10.1/24
Bese uzodinga ukusetha imithetho ye-Netfilter.
1. Uma kudingekile, vumela amaphakethe angenayo ezimbobeni zokulalela (Iphrothokholi yobunikazi beSoftEther isebenzisa i-HTTPS nembobo 443)
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 992 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 5555 -j ACCEPT
2. Lungiselela i-NAT kusukela ku-subnet engu-10.0.10.0/24 ukuya kuseva eyinhloko ye-IP
sudo iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -j SNAT --to-source 45.132.17.140
3. Vumela amaphakethe adlulayo asuka ku-subnet engu-10.0.10.0/24
sudo iptables -A FORWARD -s 10.0.10.0/24 -j ACCEPT
4. Vumela amaphakethe adlulayo ekuxhumekeni osekusunguliwe
sudo iptables -A FORWARD -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
Sizoshiya okuzenzakalelayo kwenqubo lapho siqala kabusha isistimu sisebenzisa imibhalo yokuqalisa njengomsebenzi wasekhaya wabafundi.
Uma ufuna ukukhiphela amaklayenti i-IP ngokuzenzakalelayo, kuzodingeka futhi ufake uhlobo oluthile lwesevisi ye-DHCP yebhuloho lendawo. Kuleli qophelo, ukusethwa kweseva kuqediwe futhi ungadlulela kumakhasimende. I-SoftEther isekela amaphrothokholi amaningi, ukusetshenziswa kwawo kuncike emandleni emishini yenethiwekhi yendawo.
netstat -ap |grep vpnserver
Njengoba i-router yethu yokuhlola isebenzisa Ubuntu, sizofaka amaphakheji e-softether-vpnclient kanye ne-softether-vpncmd kusuka endaweni yokugcina yangaphandle ukuze sisebenzise iphrothokholi yobunikazi. Uzodinga ukuqala iklayenti:
sudo vpnclient start
Ukuze ulungiselele, sebenzisa insiza ye-vpncmd, ukhethe i-localhost njengomshini lapho i-vpnclient isebenza khona. Yonke imiyalo yenziwa kukhonsoli: uzodinga ukudala isixhumi esibonakalayo (i-NicCreate) ne-akhawunti (AccountCreate).
Kwezinye izimo, udinga ukusetha indlela yokuqinisekisa usebenzisa imiyalo ye-AccountAnonymousSet, AccountPasswordSet, AccountCertSet, kanye ne-AccountSecureCertSet. Njengoba singasebenzisi i-DHCP, ikheli le-adaptha ebonakalayo lisethwa ngesandla.
Ukwengeza, sizodinga ukunika amandla i-ip phambili (net.ipv4.ip_forward=1 ipharamitha kufayela /etc/sysctl.conf) futhi silungise imizila emile. Uma kunesidingo, ungamisa ukudluliselwa kwembobo ku-VDS ene-Suricata ukuze usebenzise izinsiza ezifakwe kunethiwekhi yendawo. Kuleli qophelo, ukuhlanganiswa kwamanethiwekhi kungabhekwa njengokuphelele.
Ukucushwa kwethu okuhlongozwayo kuzobukeka kanje:
Isetha i-Suricata
Π
Ukuze uqale kabusha i-IDS sebenzisa umyalo:
systemctl restart suricata
Isixazululo sesilungile, manje kungase kudingeke usihlolele ukumelana nabahlaseli.
Ukulingisa ukuhlasela
Kungase kube nezimo ezimbalwa zokusebenzisa ukulwa kwesevisi ye-IDS yangaphandle:
Ukuvikelwa ekuhlaselweni kwe-DDoS (inhloso enkulu)
Kunzima ukusebenzisa le nketho ngaphakathi kwenethiwekhi yebhizinisi, njengoba amaphakethe okuhlaziya kufanele afinyelele isixhumi esibonakalayo esibhekene ne-inthanethi. Ngisho noma i-IDS ibavimbile, ithrafikhi engamanga ingavala isixhumanisi sedatha. Ukuze ugweme lokhu, udinga uku-oda i-VPS enoxhumano lwe-inthanethi olunamandla ngokwanele olungadlula kuwo wonke ithrafikhi yenethiwekhi yendawo kanye nayo yonke ithrafikhi yangaphandle. Lokhu ngokuvamile kulula futhi kushibhile ukukwenza kunokwandisa isiteshi sehhovisi. Njengenye indlela, kufanelekile ukusho izinsizakalo ezikhethekile zokuvikela i-DDoS. Izindleko zezinsizakalo zabo ziqhathaniswa nezindleko zeseva ebonakalayo, futhi ukucushwa okunamandla akudingekile, kodwa kukhona futhi nezinkinga - ngemali yabo iklayenti ithola ukuvikelwa kwe-DDoS kuphela, kuyilapho i-IDS yabo ingacushwa ngendlela efunwa ngayo.
Ukuvikelwa kwezinye izinhlobo zokuhlaselwa kwangaphandle
I-Suricata iyakwazi ukubhekana nemizamo yokusebenzisa ubungozi obuhlukahlukene ezinsizeni zenethiwekhi yezinkampani ezitholakala ku-inthanethi (iseva yemeyili, iseva yewebhu nezinhlelo zokusebenza zewebhu, njll.). Ngokuvamile, ngenxa yale njongo, i-IDS ifakwa ngaphakathi kwendawo yasendaweni ngemva kwamadivayisi onqenqema, kodwa ukuyihambisa ngaphandle kunelungelo lokuba khona.
Ukuvikelwa kubahlaseli bangaphakathi
Naphezu kwayo yonke imizamo yomphathi wesistimu, amakhompyutha kunethiwekhi yebhizinisi angangenwa i-malware. Ngaphezu kwalokho, ngezinye izikhathi izixhwanguxhwangu ziyavela endaweni bese zizama ukwenza imisebenzi engekho emthethweni. I-Suricata ingasiza ekuvimbeleni imizamo enjalo, nakuba ukuvikela inethiwekhi yangaphakathi kungcono ukuyifaka ngaphakathi kwe-perimeter futhi uyisebenzise ngokuhambisana ne-switch ephethwe engakwazi ukubukisa ithrafikhi echwebeni elilodwa. I-IDS yangaphandle ayisebenzi nakulokhu - okungenani izokwazi ukubamba imizamo yohlelo olungayilungele ikhompuyutha ehlala ku-LAN ukuze ixhumane neseva yangaphandle.
Okokuqala, sizodala enye isivivinyo esihlasela i-VPS, futhi kumzila wenethiwekhi yendawo sizofaka i-Apache ngokucushwa okuzenzakalelayo, bese sidlulisela phambili i-port 80 kusuka kuseva ye-IDS kuya kuyo. Okulandelayo sizolingisa ukuhlasela kwe-DDoS kusuka endaweni ehlaselayo. Ukuze wenze lokhu, landa ku-GitHub, hlanganisa futhi usebenzise uhlelo oluncane lwe-xerxes endaweni ehlaselayo (ungahle udinge ukufaka iphakheji ye-gcc):
git clone https://github.com/Soldie/xerxes-DDos-zanyarjamal-C.git
cd xerxes-DDos-zanyarjamal-C/
gcc xerxes.c -o xerxes
./xerxes 45.132.17.140 80
Umphumela womsebenzi wakhe waba kanje:
I-Suricata inqamula isigebengu, futhi ikhasi le-Apache livuleka ngokuzenzakalelayo, naphezu kokuhlasela kwethu okungahleliwe kanye nesiteshi esifile senethiwekhi "yehhovisi" (empeleni eyasekhaya). Ukuze uthole imisebenzi enzima kakhulu kufanelekile ukuyisebenzisa
sudo msfupdate
Ukuze uhlole, sebenzisa i-msfconsole.
Ngeshwa, izinguqulo zakamuva zohlaka azinawo amandla okugebenga ngokuzenzakalela, ngakho-ke ukuxhashazwa kuzodingeka kuhlungwe ngesandla futhi kwethulwe kusetshenziswa umyalo wokusebenzisa. Okokuqala, kufanele unqume ukuthi izimbobo zivuliwe emshinini ohlaselwe, isibonelo, usebenzisa i-nmap (kithi, izoshintshwa ngokuphelele yi-netstat kumsingathi ohlaselwe), bese ukhetha futhi usebenzise ezifanele.
Kunezinye izindlela zokuhlola ukumelana ne-IDS ekuhlaselweni, okuhlanganisa namasevisi aku-inthanethi. Ngenxa yelukuluku, ungahlela ukuhlolwa kokucindezeleka usebenzisa inguqulo yesilingo
Source: www.habr.com