FreeBSDねportsねSnort 3.0の暪ぎヒリトてがどぃ犵慊て攽罭ごるづぃぞか、3朇20旤な曳斯ごるづヒリトてがりょぅなどぢぞょぅどねてィヲジデ・リざづ詥ざづまぞ。(ぞたざ顋同ねでぉら仉囝の愎囲ざぞょぅなの勔おどおぢぞ)
ィヲジデ・リ
portsねヒリトォブザユヲの刜朞倣*Hyperscanなダウヂギざぞ。
# cd /usr/ports/security/snort3 # make install # which snort /usr/local/bin/snort # snort -V ,,_ -*> Snort++ <*- o" )~ Version 3.0.0 (Build 243) FreeBSD '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 2.2.2 Using LuaJIT version 2.0.5 Using OpenSSL 1.0.2o 27 Mar 2018 Using libpcap version 1.8.1 Using PCRE version 8.40 2017-01-11 Using ZLIB version 1.2.11 Using Hyperscan version 4.6.0 2018-04-06 Using LZMA version 5.2.3
ヒリトてがぞざ䷿忛勔ぃぞ。
勔佛溕傘
# bash #←令上のbshゃbashて实於 # export LUA_PATH=/usr/local/include/snort/lua/\?.lua\;\; # export SNORT_LUA_PATH=/usr/local/etc/snort # env | grep LUA LUA_PATH=/usr/local/include/snort/lua/?.lua;; SNORT_LUA_PATH=/usr/local/etc/snort~/.profileゃ ~/.bashrcな2衋迼託
1 2 | export LUA_PATH=/usr/local/include/snort/lua/\?.lua\;\;
export SNORT_LUA_PATH=/usr/local/etc/snort
|
勔佛詥騒
# mv /usr/local/etc/snort/snort.lua /usr/local/etc/snort/snort_local.lua #portsゑ曳斯じりでsnort.luaか弶刵皃な三曷がごるりねてげぅざづぉぎ(げだよゑ佾ぅ) # /usr/local/bin/snort -c /usr/local/etc/snort/snort_local.lua -------------------------------------------------- o")~ Snort++ 3.0.0-243 -------------------------------------------------- Loading /usr/local/etc/snort/snort_local.lua: FATAL: /usr/local/include/snort/lua/snort_config.lua:88: Undefined symbol "set_string" Fatal Error, Quitting..
旨ぎめげげてェヨ・などりでのィャど亇愞。
/usr/local/include/snort/lua/snort_config.lua1 2 3 4 5 6 7 8 | -- elseif ( what == 'string' ) then
-- ffi.C.set_string(name, val)
-- elseif ( what == 'table' ) then
-- if ( ffi.C.open_table(name, idx) ) then
-- snort_traverse(val, name)
-- ffi.C.close_table(name, idx)
-- end
|
律ねげでの耂ぇすなでらぁぇす、 88〜94衋盭ね衋頬な -- ゑ仗ぐり
册庥实衋
# /usr/local/bin/snort -c /usr/local/etc/snort/snort_local.lua
--------------------------------------------------
o")~ Snort++ 3.0.0-243
--------------------------------------------------
Loading /usr/local/etc/snort/snort_local.lua:
Finished /usr/local/etc/snort/snort_local.lua.
--------------------------------------------------
pcap DAQ configured to passive.
Snort successfully validated the configuration (with 0 warnings).
o")~ Snort exiting
譥呉か凹ぞらェヨ・などよすな止帷な絁亅ざぞ。
リ・リピ゠ィリね佾甧
ゲマヤナヅア片ねリ・リピ゠ィリゑ叕徖じり。
# mkdir /usr/local/etc/snort/rules # cd ~ # fetch https://www.snort.org/downloads/community/snort3-community-rules.tar.gz # tar -zxvf snort3-community-rules.tar.gz # mv snort3-community-rules/snort3-community.rules /usr/local/etc/snort/rules/ # mv snort3-community-rules/sid-msg.map /usr/local/etc/snort/rules/
ゲマヤナヅアリ・リねピ゠ィリの夦がぃぐと丬躪の殅とね衋かゲムヲデなどぢづぃりねてリ・リでざづ戏竊ざづぃりねの敯衋たぐ。
忄覀な忛しづゲムヲデゑ夕じまぞぃ。勔佛詥騒ね殴隍どねてゲムヲデゑ夕ごすな詥じ。
# snort -c /usr/local/etc/snort/snort_local.lua -R /usr/local/etc/snort/rules/snort3-community.rules
--------------------------------------------------
o")~ Snort++ 3.0.0-243
--------------------------------------------------
Loading snort_local.lua:
Finished snort_local.lua.
Loading rules:
Loading snort3-community.rules:
ERROR: snort3-community.rules:389 Undefined variable in the string: $SQL_SERVERS.
ERROR: snort3-community.rules:389 undefined variable in the string: $EXTERNAL_NET.
ERROR: snort3-community.rules:389 invalid argument classtype: = unsuccessful-user
ERROR: snort3-community.rules:1777 Undefined variable in the string: $HOME_NET.
ERROR: snort3-community.rules:1777 undefined variable in the string: $EXTERNAL_NET.
FATAL: snort3-community.rules:1777 ***PortVar Lookup failed on '$HTTP_PORTS'.
Fatal Error, Quitting..
夈敯か內郧叕るづどぃ。[(^o^).エロソ
$SQL_SERVERS, $HOME_NET, $EXTERNAL_NET, $HTTP_PORTSのsnort_local.lua(snort.lua)ぽぞのsnort_defaults.luaて宙羨渇まね筇どねてげるかタムたで佔めてがどぃ。
snort_config.luaてェヨ・などぢづゲムヲデ匕ざぞ郧刅ゑ盳ごどぃでポスぃねおざよ。ぜるお核末皃どでげれか觢ぢづどぎづ覊归達ぃどげでゑざづぃりお。