Difference between revisions of "SNORT: Install SNORT saja Ubuntu 16.04"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | ==Siapkan Pendukung== | ||
+ | |||
+ | Edit /etc/apt/sources.list | ||
+ | |||
+ | vi /etc/apt/sources.list | ||
+ | |||
+ | Tambahkan, misalnya, | ||
+ | |||
+ | deb http://archive.ubuntu.com/ubuntu bionic main universe multiverse | ||
+ | deb http://archive.ubuntu.com/ubuntu bionic-security main universe multiverse | ||
+ | deb http://archive.ubuntu.com/ubuntu bionic-updates main universe multiverse | ||
+ | |||
+ | |||
+ | ==Cek Jaringan== | ||
+ | |||
+ | ifconfig | ||
+ | |||
+ | catat nama interface yang nanti akan di monitor | ||
+ | |||
+ | ens18 Link encap:Ethernet HWaddr 66:31:34:63:65:31 | ||
+ | inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 | ||
+ | inet6 addr: fe80::6431:34ff:fe63:6531/64 Scope:Link | ||
+ | UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 | ||
+ | RX packets:26658 errors:0 dropped:11 overruns:0 frame:0 | ||
+ | TX packets:9441 errors:0 dropped:0 overruns:0 carrier:0 | ||
+ | collisions:0 txqueuelen:1000 | ||
+ | RX bytes:37165428 (37.1 MB) TX bytes:751808 (751.8 KB) | ||
+ | |||
+ | maka interface yang dimonitor adalah | ||
+ | |||
+ | ens18 | ||
+ | |||
+ | |||
==Siapkan Aplikasi Pendukung== | ==Siapkan Aplikasi Pendukung== | ||
Line 4: | Line 37: | ||
apt update | apt update | ||
− | apt install | + | apt install oinkmaster snort snort-common snort-rules-default snort-doc |
− | |||
− | |||
− | |||
− | + | Akan di tanya | |
+ | * interface yang akan di monitor, misalnya ens18 | ||
+ | * range IP yang di monitor, misalnya 192.168.0.0/16 | ||
− | |||
− | |||
− | |||
− | |||
− | + | ==Cek Snort== | |
− | |||
− | |||
− | |||
− | + | snort -C | |
− | |||
− | |||
− | |||
− | |||
− | + | ==Jalankan Snort mode NIDS== | |
− | + | snort -dev -l /var/log/snort/ -h 192.168.0.0/16 -c /etc/snort/snort.conf & | |
− | + | kalau ingin supaya bisa di baca di kemudian hari oleh wireshark harus di simpan dalam bentuk binary, dengan perintah | |
− | + | /usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 & | |
− | |||
− | |||
+ | Supaya tidak rewel, sebaiknya permission /var/log/snort di jadikan | ||
− | + | chmod 770 /var/log/snort | |
− | + | ini sebetulnya cara yang tidak baik. | |
− | |||
− | |||
− | |||
− | |||
− | == | + | ==Referensi== |
+ | |||
+ | * https://www.snort.org/#get-started | ||
− | |||
− | |||
− | == | + | ==Pranala Menarik== |
− | * | + | * [[SNORT]] |
Latest revision as of 20:11, 10 October 2019
Siapkan Pendukung
Edit /etc/apt/sources.list
vi /etc/apt/sources.list
Tambahkan, misalnya,
deb http://archive.ubuntu.com/ubuntu bionic main universe multiverse deb http://archive.ubuntu.com/ubuntu bionic-security main universe multiverse deb http://archive.ubuntu.com/ubuntu bionic-updates main universe multiverse
Cek Jaringan
ifconfig
catat nama interface yang nanti akan di monitor
ens18 Link encap:Ethernet HWaddr 66:31:34:63:65:31 inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::6431:34ff:fe63:6531/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:26658 errors:0 dropped:11 overruns:0 frame:0 TX packets:9441 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:37165428 (37.1 MB) TX bytes:751808 (751.8 KB)
maka interface yang dimonitor adalah
ens18
Siapkan Aplikasi Pendukung
sudo locale-gen id_ID.UTF-8
apt update apt install oinkmaster snort snort-common snort-rules-default snort-doc
Akan di tanya
- interface yang akan di monitor, misalnya ens18
- range IP yang di monitor, misalnya 192.168.0.0/16
Cek Snort
snort -C
Jalankan Snort mode NIDS
snort -dev -l /var/log/snort/ -h 192.168.0.0/16 -c /etc/snort/snort.conf &
kalau ingin supaya bisa di baca di kemudian hari oleh wireshark harus di simpan dalam bentuk binary, dengan perintah
/usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 &
Supaya tidak rewel, sebaiknya permission /var/log/snort di jadikan
chmod 770 /var/log/snort
ini sebetulnya cara yang tidak baik.
Referensi