mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
20150811-1 选题
This commit is contained in:
DeadFire
parent
a7f988ef5a
commit
e0a4f50170
@ -0,0 +1,203 @@
|
||||
How to Install Snort and Usage in Ubuntu 15.04
|
||||
================================================================================
|
||||
Intrusion detection in a network is important for IT security. Intrusion Detection System used for the detection of illegal and malicious attempts in the network. Snort is well-known open source intrusion detection system. Web interface (Snorby) can be used for better analysis of alerts. Snort can be used as an intrusion prevention system with iptables/pf firewall. In this article, we will install and configure an open source IDS system snort.
|
||||
|
||||
### Snort Installation ###
|
||||
|
||||
#### Prerequisite ####
|
||||
|
||||
Data Acquisition library (DAQ) is used by the snort for abstract calls to packet capture libraries. It is available on snort website. Downloading process is shown in the following screenshot.
|
||||
|
||||
|
||||
|
||||
Extract it and run ./configure, make and make install commands for DAQ installation. However, DAQ required other tools therefore ./configure script will generate following errors .
|
||||
|
||||
flex and bison error
|
||||
|
||||
|
||||
|
||||
libpcap error.
|
||||
|
||||
|
||||
|
||||
Therefore first install flex/bison and libcap before DAQ installation which is shown in the figure.
|
||||
|
||||
|
||||
|
||||
Installation of libpcap development library is shown below
|
||||
|
||||
|
||||
|
||||
After installation of necessary tools, again run ./configure script which will show following output.
|
||||
|
||||
|
||||
|
||||
make and make install commands result is shown in the following screens.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
After successful installation of DAQ, now we will install snort. Downloading using wget is shown in the below figure.
|
||||
|
||||
|
||||
|
||||
Extract compressed package using below given command.
|
||||
|
||||
#tar -xvzf snort-2.9.7.3.tar.gz
|
||||
|
||||
|
||||
|
||||
Create installation directory and set prefix parameter in the configure script. It is also recommended to enable sourcefire flag for Packet Performance Monitoring (PPM).
|
||||
|
||||
#mkdir /usr/local/snort
|
||||
|
||||
#./configure --prefix=/usr/local/snort/ --enable-sourcefire
|
||||
|
||||
|
||||
|
||||
Configure script generates error due to missing libpcre-dev , libdumbnet-dev and zlib development libraries.
|
||||
|
||||
error due to missing libpcre library.
|
||||
|
||||
|
||||
|
||||
error due to missing dnet (libdumbnet) library.
|
||||
|
||||
|
||||
|
||||
configure script generate error due to missing zlib library.
|
||||
|
||||
|
||||
|
||||
Installation of all required development libraries is shown in the next screenshots.
|
||||
|
||||
# aptitude install libpcre3-dev
|
||||
|
||||
|
||||
|
||||
# aptitude install libdumbnet-dev
|
||||
|
||||
|
||||
|
||||
# aptitude install zlib1g-dev
|
||||
|
||||
|
||||
|
||||
After installation of above required libraries for snort, again run the configure scripts without any error.
|
||||
|
||||
Run make & make install commands for the compilation and installations of snort in /usr/local/snort directory.
|
||||
|
||||
#make
|
||||
|
||||
|
||||
|
||||
#make install
|
||||
|
||||
|
||||
|
||||
Finally snort running from /usr/local/snort/bin directory. Currently it is in promisc mode (packet dump mode) of all traffic on eth0 interface.
|
||||
|
||||
|
||||
|
||||
Traffic dump by the snort interface is shown in following figure.
|
||||
|
||||
|
||||
|
||||
#### Rules and Configuration of Snort ####
|
||||
|
||||
Snort installation from source code required rules and configuration setting therefore now we will copy rules and configuration under /etc/snort directory. We have created single bash scripts for rules and configuration setting. It is used for following snort setting.
|
||||
|
||||
- Creation of snort user for snort IDS service on linux.
|
||||
- Creation of directories and files under /etc directory for snort configuration.
|
||||
- Permission setting and copying data from etc directory of snort source code.
|
||||
- Remove # (comment sign) from rules path in snort.conf file.
|
||||
|
||||
#!/bin/bash##PATH of source code of snort
|
||||
snort_src="/home/test/Downloads/snort-2.9.7.3"
|
||||
echo "adding group and user for snort..."
|
||||
groupadd snort &> /dev/null
|
||||
useradd snort -r -s /sbin/nologin -d /var/log/snort -c snort_idps -g snort &> /dev/null#snort configuration
|
||||
echo "Configuring snort..."mkdir -p /etc/snort
|
||||
mkdir -p /etc/snort/rules
|
||||
touch /etc/snort/rules/black_list.rules
|
||||
touch /etc/snort/rules/white_list.rules
|
||||
touch /etc/snort/rules/local.rules
|
||||
mkdir /etc/snort/preproc_rules
|
||||
mkdir /var/log/snort
|
||||
mkdir -p /usr/local/lib/snort_dynamicrules
|
||||
chmod -R 775 /etc/snort
|
||||
chmod -R 775 /var/log/snort
|
||||
chmod -R 775 /usr/local/lib/snort_dynamicrules
|
||||
chown -R snort:snort /etc/snort
|
||||
chown -R snort:snort /var/log/snort
|
||||
chown -R snort:snort /usr/local/lib/snort_dynamicrules
|
||||
###copy configuration and rules from etc directory under source code of snort
|
||||
echo "copying from snort source to /etc/snort ....."
|
||||
echo $snort_src
|
||||
echo "-------------"
|
||||
cp $snort_src/etc/*.conf* /etc/snort
|
||||
cp $snort_src/etc/*.map /etc/snort##enable rules
|
||||
sed -i 's/include \$RULE\_PATH/#include \$RULE\_PATH/' /etc/snort/snort.conf
|
||||
echo "---DONE---"
|
||||
|
||||
Change the snort source directory in the script and run it. Following output appear in case of success.
|
||||
|
||||
|
||||
|
||||
Above script copied following files/directories from snort source into /etc/snort configuration file.
|
||||
|
||||
|
||||
|
||||
Snort configuration file is very complex however following necessary changes are required in snort.conf for IDS proper working.
|
||||
|
||||
ipvar HOME_NET 192.168.1.0/24 # LAN side
|
||||
|
||||
----------
|
||||
|
||||
ipvar EXTERNAL_NET !$HOME_NET # WAN side
|
||||
|
||||
|
||||
|
||||
var RULE_PATH /etc/snort/rules # snort signature path
|
||||
var SO_RULE_PATH /etc/snort/so_rules #rules in shared libraries
|
||||
var PREPROC_RULE_PATH /etc/snort/preproc_rules # Preproces path
|
||||
var WHITE_LIST_PATH /etc/snort/rules # dont scan
|
||||
var BLACK_LIST_PATH /etc/snort/rules # Must scan
|
||||
|
||||
|
||||
|
||||
include $RULE_PATH/local.rules # file for custom rules
|
||||
|
||||
remove comment sign (#) from other rules such as ftp.rules,exploit.rules etc.
|
||||
|
||||
|
||||
|
||||
Now [Download community][1] rules and extract under /etc/snort/rules directory. Enable community and emerging threats rules in snort.conf file.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Run following command to test the configuration file after above mentioned changes.
|
||||
|
||||
#snort -T -c /etc/snort/snort.conf
|
||||
|
||||
|
||||
|
||||
### Conclusion ###
|
||||
|
||||
In this article our focus was on the installation and configuration of an open source IDPS system snort on Ubuntu distribution. By default it is used for the monitoring of events however it can con configured inline mode for the protection of network. Snort rules can be tested and analysed in offline mode using pcap capture file.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://linoxide.com/security/install-snort-usage-ubuntu-15-04/
|
||||
|
||||
作者:[nido][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://linoxide.com/author/naveeda/
|
||||
[1]:https://www.snort.org/downloads/community/community-rules.tar.gz
|
||||
@ -0,0 +1,99 @@
|
||||
How to download apk files from Google Play Store on Linux
|
||||
================================================================================
|
||||
Suppose you want to install an Android app on your Android device. However, for whatever reason, you cannot access Google Play Store on the Android device. What can you do then? One way to install the app without Google Play Store access is to download its APK file using some other means, and then [install the APK][1] file on the Android device manually.
|
||||
|
||||
There are several ways to download official APK files from Google Play Store on non-Android devices such as regular computers and laptops. For example, there are browser plugins (e.g., for [Chrome][2] or [Firefox][3]) or online APK archives that allow you to download APK files using a web browser. If you do not trust these closed-source plugins or third-party APK repositories, there is yet another way to download official APK files manually, and that is via an open-source Linux app called [GooglePlayDownloader][4].
|
||||
|
||||
GooglePlayDownloader is a Python-based GUI application that enables you to search and download APK files from Google Play Store. Since this is completely open-source, you can be assured while using it. In this tutorial, I am going to show how to download an APK file from Google Play Store using GooglePlayDownloader in Linux environment.
|
||||
|
||||
### Python requirement ###
|
||||
|
||||
GooglePlayDownloader requires Python with SNI (Server Name Indication) support for SSL/TLS communication. This feature comes with Python 2.7.9 or higher. This leaves out older distributions such as Debian 7 Wheezy or earlier, Ubuntu 14.04 or earlier, or CentOS/RHEL 7 or earlier. Assuming that you have a Linux distribution with Python 2.7.9 or higher, proceed to install GooglePlayDownloader as follows.
|
||||
|
||||
### Install GooglePlayDownloader on Ubuntu ###
|
||||
|
||||
On Ubuntu, you can use the official deb build. One catch is that you may need to install one required dependency manually.
|
||||
|
||||
#### On Ubuntu 14.10 ####
|
||||
|
||||
Download [python-ndg-httpsclient][5] deb package, which is a missing dependency on older Ubuntu distributions. Also download GooglePlayDownloader's official deb package.
|
||||
|
||||
$ wget http://mirrors.kernel.org/ubuntu/pool/main/n/ndg-httpsclient/python-ndg-httpsclient_0.3.2-1ubuntu4_all.deb
|
||||
$ wget http://codingteam.net/project/googleplaydownloader/download/file/googleplaydownloader_1.7-1_all.deb
|
||||
|
||||
We are going to use [gdebi command][6] to install those two deb files as follows. The gdebi command will automatically handle any other dependencies.
|
||||
|
||||
$ sudo apt-get install gdebi-core
|
||||
$ sudo gdebi python-ndg-httpsclient_0.3.2-1ubuntu4_all.deb
|
||||
$ sudo gdebi googleplaydownloader_1.7-1_all.deb
|
||||
|
||||
#### On Ubuntu 15.04 or later ####
|
||||
|
||||
Recent Ubuntu distributions ship all required dependencies, and thus the installation is straightforward as follows.
|
||||
|
||||
$ wget http://codingteam.net/project/googleplaydownloader/download/file/googleplaydownloader_1.7-1_all.deb
|
||||
$ sudo apt-get install gdebi-core
|
||||
$ sudo gdebi googleplaydownloader_1.7-1_all.deb
|
||||
|
||||
### Install GooglePlayDownloader on Debian ###
|
||||
|
||||
Due to its Python requirement, GooglePlayDownloader cannot be installed on Debian 7 Wheezy or earlier unless you upgrade its stock Python.
|
||||
|
||||
#### On Debian 8 Jessie and higher: ####
|
||||
|
||||
$ wget http://codingteam.net/project/googleplaydownloader/download/file/googleplaydownloader_1.7-1_all.deb
|
||||
$ sudo apt-get install gdebi-core
|
||||
$ sudo gdebi googleplaydownloader_1.7-1_all.deb
|
||||
|
||||
### Install GooglePlayDownloader on Fedora ###
|
||||
|
||||
Since GooglePlayDownloader was originally developed for Debian based distributions, you need to install it from the source if you want to use it on Fedora.
|
||||
|
||||
First, install necessary dependencies.
|
||||
|
||||
$ sudo yum install python-pyasn1 wxPython python-ndg_httpsclient protobuf-python python-requests
|
||||
|
||||
Then install it as follows.
|
||||
|
||||
$ wget http://codingteam.net/project/googleplaydownloader/download/file/googleplaydownloader_1.7.orig.tar.gz
|
||||
$ tar -xvf googleplaydownloader_1.7.orig.tar.gz
|
||||
$ cd googleplaydownloader-1.7
|
||||
$ chmod o+r -R .
|
||||
$ sudo python setup.py install
|
||||
$ sudo sh -c "echo 'python /usr/lib/python2.7/site-packages/googleplaydownloader-1.7-py2.7.egg/googleplaydownloader/googleplaydownloader.py' > /usr/bin/googleplaydownloader"
|
||||
|
||||
### Download APK Files from Google Play Store with GooglePlayDownloader ###
|
||||
|
||||
Once you installed GooglePlayDownloader, you can download APK files from Google Play Store as follows.
|
||||
|
||||
First launch the app by typing:
|
||||
|
||||
$ googleplaydownloader
|
||||
|
||||
|
||||
|
||||
At the search bar, type the name of the app you want to download from Google Play Store.
|
||||
|
||||
|
||||
|
||||
Once you find the app in the search list, choose the app, and click on "Download selected APK(s)" button. You will find the downloaded APK file in your home directory. Now you can move the APK file to the Android device of your choice, and install it manually.
|
||||
|
||||
Hope this helps.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://xmodulo.com/download-apk-files-google-play-store.html
|
||||
|
||||
作者:[Dan Nanni][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://xmodulo.com/author/nanni
|
||||
[1]:http://xmodulo.com/how-to-install-apk-file-on-android-phone-or-tablet.html
|
||||
[2]:https://chrome.google.com/webstore/detail/apk-downloader/cgihflhdpokeobcfimliamffejfnmfii
|
||||
[3]:https://addons.mozilla.org/en-us/firefox/addon/apk-downloader/
|
||||
[4]:http://codingteam.net/project/googleplaydownloader
|
||||
[5]:http://packages.ubuntu.com/vivid/python-ndg-httpsclient
|
||||
[6]:http://xmodulo.com/how-to-install-deb-file-with-dependencies.html
|
||||
Loading…
Reference in New Issue
Block a user