I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukukhishwa kwesistimu yokuthola ukungena kwe-Suricata 6.0

Ukukhishwa kwesistimu yokuthola ukungena kwe-Suricata 6.0

Ngemuva konyaka wentuthuko, inhlangano ye-OISF (Open Information Security Foundation). eshicilelwe ukukhululwa kokutholwa kokungena kwenethiwekhi kanye nesistimu yokuvimbela I-Meerkat 6.0, ehlinzeka ngamathuluzi okuhlola izinhlobo ezahlukene zethrafikhi. Ekucushweni kwe-Suricata kungenzeka ukusebenzisa isiginesha yolwazi, ithuthukiswe iphrojekthi ye-Snort, kanye nesethi yemithetho Izinsongo Ezisafufusa ΠΈ Izinsongo Ezisafufusa Pro. Imithombo yephrojekthi ukubhebhetheka ilayisensi ngaphansi kwe-GPLv2.

Izinguquko eziyinhloko:

  • Usekelo lokuqala lwe-HTTP/2.
  • Ukusekelwa kwezivumelwano ze-RFB ne-MQTT, okuhlanganisa ikhono lokuchaza iphrothokholi nokugcina ilogu.
  • Amathuba okungena ngemvume kwephrothokholi ye-DCERPC.
  • Intuthuko enkulu ekusebenzeni kokungena ngohlelo olungaphansi lwe-EVE, oluhlinzeka ngokuphuma komcimbi ngefomethi ye-JSON. Ukusheshisa kufinyelelwe ngenxa yokusebenzisa umakhi wesitoko omusha we-JSON obhalwe ngolimi lwe-Rust.
  • Ukukhula kwesistimu ye-log ye-EVE kunyusiwe futhi nekhono lokugcina ifayela lokungena elihlukile lochungechunge ngalunye selisetshenzisiwe.
  • Ikhono lokuchaza izimo zokusetha kabusha ulwazi kulogi.
  • Amathuba okubonisa amakheli e-MAC kulogi ye-EVE nokukhulisa imininingwane yelogi ye-DNS.
  • Ukuthuthukisa ukusebenza kwenjini yokugeleza.
  • Ukusekelwa kokuhlonza ukusetshenziswa kwe-SSH (I-HASSH).
  • Ukuqaliswa kwe-GENEVE isikhiphi khodi somhubhe.
  • Ikhodi yokucubungula ibhalwe kabusha ngolimi lwe-Rust I-ASN.1, DCERPC kanye ne-SSH. I-Rust iphinde isekele amaphrothokholi amasha.
  • Olimini lwencazelo yomthetho, usekelo lwepharamitha ethi from_end yengezwe egameni elingukhiye elithi byte_jump, futhi usekelo lwepharamitha ye-bitmask yengezwe ku-byte_test. Kusetshenziswe igama elingukhiye le-pcrexform ukuvumela izinkulumo ezivamile (i-pcre) ukuthi zisetshenziselwe ukuthwebula uchungechunge oluncane. Kwengezwe ukuguqulwa kwe-urldecode. Kwengezwe igama elingukhiye elithi byte_math.
  • Inikeza ikhono lokusebenzisa i-cbindgen ukwenza izibopho ngezilimi ze-Rust ne-C.
  • Kwengezwe usekelo lwe-plugin lokuqala.

Izici ze-Suricata:

  • Kusetshenziswa ifomethi ehlanganisiwe ukuze ubonise imiphumela yokuskena Unified2, ebuye isetshenziswe iphrojekthi ye-Snort, evumela ukusetshenziswa kwamathuluzi okuhlaziya ajwayelekile njenge igceke2. Amathuba okuhlanganiswa nemikhiqizo ye-BASE, Snorby, Sguil kanye ne-SKerRT. Ukusekelwa kokuphuma kwe-PCAP;
  • Ukusekelwa kokutholwa okuzenzakalelayo kwezivumelwano (IP, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, njll.), okukuvumela ukuthi usebenze ngemithetho kuphela ngohlobo lwephrothokholi, ngaphandle kokubhekisela kwinombolo yembobo (isibonelo, vimba i-HTTP ithrafikhi echwebeni elingajwayelekile) . Ukutholakala kwama-decoder we-HTTP, SSL, TLS, SMB, SMB2, DCERPC, SMTP, FTP kanye nezivumelwano ze-SSH;
  • Uhlelo olunamandla lokuhlaziya ithrafikhi ye-HTTP esebenzisa umtapo wezincwadi okhethekile we-HTP odalwe umlobi wephrojekthi ye-Mod_Security ukuze ahlaziye futhi enze ithrafikhi ye-HTTP ibe yejwayelekile. Imojuli iyatholakala ukuze kugcinwe ilogu enemininingwane yokudluliswa kwe-HTTP yezokuthutha; ilogu igcinwa ngefomethi evamile
    I-Apache. Ukubuyisa nokuhlola amafayela athunyelwa nge-HTTP kuyasekelwa. Usekelo lokuhlaziya okuqukethwe okucindezelwe. Ikhono lokuhlonza nge-URI, Ikhukhi, izihloko, i-ejenti yomsebenzisi, indikimba yesicelo/yempendulo;

  • Ukusekela kokusebenzelana okuhlukahlukene kokuvinjwa kwethrafikhi, okuhlanganisa i-NFQueue, IPFRing, LibPcap, IPFW, AF_PACKET, PF_RING. Kungenzeka ukuhlaziya amafayela asevele agciniwe ngefomethi ye-PCAP;
  • Ukusebenza okuphezulu, ikhono lokucubungula ligeleza lifinyelela ku-10 gigabits/isekhondi kumishini evamile.
  • Indlela yokufanisa imaski esebenza kahle kakhulu yamasethi amakhulu amakheli e-IP. Ukusekelwa kokukhetha okuqukethwe ngemaski nezinkulumo ezijwayelekile. Ukuhlukanisa amafayela kuthrafikhi, okuhlanganisa ukukhonjwa kwawo ngegama, uhlobo noma i-MD5 checksum.
  • Ikhono lokusebenzisa okuguquguqukayo emithethweni: ungagcina ulwazi emfudlaneni futhi kamuva ulusebenzise kweminye imithetho;
  • Ukusetshenziswa kwefomethi ye-YAML kumafayela okumisa, okukuvumela ukuthi ugcine ukucaca kuyilapho kulula ukuwenza ngomshini;
  • Ukusekelwa okugcwele kwe-IPv6;
  • Injini eyakhelwe ngaphakathi yokwahlukaniswa okuzenzakalelayo nokuhlanganiswa kabusha kwamaphakethe, okuvumela ukucutshungulwa okufanele kwemifudlana, kungakhathaliseki ukuthi amaphakethe afika ngaluphi uhlelo;
  • Ukusekelwa kwezivumelwano zokuhubhela: Teredo, IP-IP, IP6-IP4, IP4-IP6, GRE;
  • Ukusekelwa kokuqopha iphakethe: IPv4, IPv6, TCP, UDP, SCTP, ICMPv4, ICMPv6, GRE, Ethernet, PPP, PPPoE, Raw, SLL, VLAN;
  • Imodi yezikhiye zokungena nezitifiketi ezivela phakathi koxhumo lwe-TLS/SSL;
  • Ikhono lokubhala izikripthi ngesi-Lua ukuze kuhlinzekwe ukuhlaziywa okuthuthukile nokusebenzisa amakhono engeziwe adingekayo ukuze kukhonjwe izinhlobo zethrafikhi imithetho evamile enganele.

Source: opennet.ru

Engeza amazwana