Difference between revisions of "SNORT: Menjalankan sebagai daemon"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Gunakan switch -D | Gunakan switch -D | ||
− | Jika snort di instalasi dengan apt install | + | Jika snort di instalasi dengan apt install. |
+ | Logging ASCII tampaknya lebih memudahkan SNORT Untuk deteksi serangan jika kita membuat local.rules. | ||
+ | |||
+ | Logging ASCII | ||
+ | |||
+ | snort -c /etc/snort/snort.conf -l /var/log/snort/ -K ascii -D | ||
+ | |||
+ | Logging binary | ||
+ | |||
+ | snort -c /etc/snort/snort.conf -l /var/log/snort/ -b -D | ||
+ | |||
+ | atau | ||
/usr/sbin/snort -d -h 192.168.0.0/24 -l /var/log/snort/ -c /etc/snort/snort.conf -s -D | /usr/sbin/snort -d -h 192.168.0.0/24 -l /var/log/snort/ -c /etc/snort/snort.conf -s -D | ||
+ | |||
+ | atau | ||
+ | |||
+ | /usr/sbin/snort -m 027 -D -d -l /var/log/snort \ | ||
+ | -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/24] -i ens18 | ||
+ | |||
+ | |||
Gunakan full path agar bisa di restart dengan signal SIGHUP | Gunakan full path agar bisa di restart dengan signal SIGHUP |
Latest revision as of 14:54, 11 May 2017
Gunakan switch -D Jika snort di instalasi dengan apt install. Logging ASCII tampaknya lebih memudahkan SNORT Untuk deteksi serangan jika kita membuat local.rules.
Logging ASCII
snort -c /etc/snort/snort.conf -l /var/log/snort/ -K ascii -D
Logging binary
snort -c /etc/snort/snort.conf -l /var/log/snort/ -b -D
atau
/usr/sbin/snort -d -h 192.168.0.0/24 -l /var/log/snort/ -c /etc/snort/snort.conf -s -D
atau
/usr/sbin/snort -m 027 -D -d -l /var/log/snort \ -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/24] -i ens18
Gunakan full path agar bisa di restart dengan signal SIGHUP
/usr/local/bin/snort -d -h 192.168.1.0/24 \ -l /var/log/snortlogs -c /usr/local/etc/snort.conf -s -D