Difference between revisions of "SNORT: Install SNORT saja Ubuntu 16.04"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 42: | Line 42: | ||
/usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 & | /usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 & | ||
| + | |||
| + | Supaya tidak rewel, sebaiknya permission /var/log/snort di jadikan | ||
| + | |||
| + | chmod 770 /var/log/snort | ||
| + | |||
| + | ini sebetulnya cara yang tidak baik. | ||
==Referensi== | ==Referensi== | ||
* https://www.snort.org/#get-started | * https://www.snort.org/#get-started | ||
Revision as of 09:40, 16 March 2017
Cek Jaringan
ifconfig
catat nama interface yang nanti akan di monitor
ens18 Link encap:Ethernet HWaddr 66:31:34:63:65:31
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::6431:34ff:fe63:6531/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26658 errors:0 dropped:11 overruns:0 frame:0
TX packets:9441 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37165428 (37.1 MB) TX bytes:751808 (751.8 KB)
maka interface yang dimonitor adalah
ens18
Siapkan Aplikasi Pendukung
sudo locale-gen id_ID.UTF-8
apt update apt install oinkmaster snort snort-common snort-rules-default snort-doc
Akan di tanya
- interface yang akan di monitor, misalnya ens18
- range IP yang di monitor, misalnya 192.168.0.0/16
Cek Snort
snort -C
Jalankan Snort mode NIDS
snort -dev -l /var/log/snort/ -h 192.168.0.0/16 -c /etc/snort/snort.conf &
kalau ingin supaya bisa di baca di kemudian hari oleh wireshark harus di simpan dalam bentuk binary, dengan perintah
/usr/sbin/snort -m 027 -b -l /var/log/snort/ -u agung -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i ens18 &
Supaya tidak rewel, sebaiknya permission /var/log/snort di jadikan
chmod 770 /var/log/snort
ini sebetulnya cara yang tidak baik.