Mailinglist Archive: opensuse-es (1047 mails)
| < Previous | Next > |
[opensuse-es] Sistemas de detección de intrusiones
- From: "Juan Erbes" <jerbes@xxxxxxxxx>
- Date: Fri, 29 Feb 2008 10:10:52 -0200
- Message-id: <61ec494a0802290410u481549cal4de95f6ecca3d27a@xxxxxxxxxxxxxx>
Hace un tiempo, he descargado el rkhunter, pero la verdad es que nunca
lo he instalado.
Alguien tiene experiencia con este tipo de utilitarios?
http://rkhunter.sourceforge.net/
Hoy, en la versión online de Linux Magazine, apareción un articulo
sobre el tema:
http://www.linux-mag.com/id/2611
Se refiere a un sistema de detección de intrusiones llamado Bro:
http://www.bro-ids.org/
La pagina de descarga es:
http://www.bro-ids.org/download.html
Unos comentarios sobre su instalación:
Bro requires a recent version of the libpcap, openssl, and termcap
libraries. libpcap version 2.0.8, openssl version 0.9.7, and termcap
version 11.0.1 were used for this article. The latter versions are
distributed with Trustix.
The Trouble With Termcap
On some versions of Linux, the Bro configure script may not determine
the appropriate version of termcap. A workable solution is to hardcode
an older version of the termcap library. If you look in /lib and don't
see libtermcap.so, try the following as root to address the issue.
# ln -s /lib/libtermcap.so.2.0.8 /lib/libtermcap.so
Making Bro Go
Assuming you have Lynx installed, Bro version 1.1 can be downloaded
with the following two commands. (This article uses the Filesystem
Hierachy Standard for install locations; adjust the directories to
match your own local policies.)
# cd /usr/src/
# lynx ftp://bro-ids.org/bro-1.1-current.tar.gz>
Next, uncompress the Bro distribution with…
# gunzip bro-1.1-current.tar.gz
… and unpack the archive using:
# tar xvf bro-1.1-current.tar
The latter command creates the directory /usr/src/bro-1.1/. Change to
that directory and compile and install the program. This example
installs Bro into /opt/Bro/.
# cd bro-1.1
# ./configure ––prefix=/opt/Bro
After the configure script runs, you should receive the following
message on your terminal:
Bro Configuration Summary
- Debugging enabled: no
- OpenSSL support: yes
- Non-blocking main loop: yes
- Non-blocking resolver: yes
- Installation prefix: /opt/Bro
- Perl interpreter: /usr/bin/perl5
- Using basic_string: no
- Pcap used: system-provided
Now run make and make install:
# make
# make install
Now that the executables have been created and Bro's been installed,
run the following to create crontab entries for Bro's daily reports:
# make install-brolite
Answer each prompt that the script presents. Your answers to the
prompts tailor Bro's configuration file in /opt/Bro/etc/bro.cfg. (The
sidebar "Bro Directory Structure" provides a map of the Bro directory
structure.)
Salu2
---------------------------------------------------------------------
Para dar de baja la suscripción, mande un mensaje a:
opensuse-es+unsubscribe@xxxxxxxxxxxx
Para obtener el resto de direcciones-comando, mande
un mensaje a:
opensuse-es+help@xxxxxxxxxxxx
lo he instalado.
Alguien tiene experiencia con este tipo de utilitarios?
http://rkhunter.sourceforge.net/
Hoy, en la versión online de Linux Magazine, apareción un articulo
sobre el tema:
http://www.linux-mag.com/id/2611
Se refiere a un sistema de detección de intrusiones llamado Bro:
http://www.bro-ids.org/
La pagina de descarga es:
http://www.bro-ids.org/download.html
Unos comentarios sobre su instalación:
Bro requires a recent version of the libpcap, openssl, and termcap
libraries. libpcap version 2.0.8, openssl version 0.9.7, and termcap
version 11.0.1 were used for this article. The latter versions are
distributed with Trustix.
The Trouble With Termcap
On some versions of Linux, the Bro configure script may not determine
the appropriate version of termcap. A workable solution is to hardcode
an older version of the termcap library. If you look in /lib and don't
see libtermcap.so, try the following as root to address the issue.
# ln -s /lib/libtermcap.so.2.0.8 /lib/libtermcap.so
Making Bro Go
Assuming you have Lynx installed, Bro version 1.1 can be downloaded
with the following two commands. (This article uses the Filesystem
Hierachy Standard for install locations; adjust the directories to
match your own local policies.)
# cd /usr/src/
# lynx ftp://bro-ids.org/bro-1.1-current.tar.gz>
Next, uncompress the Bro distribution with…
# gunzip bro-1.1-current.tar.gz
… and unpack the archive using:
# tar xvf bro-1.1-current.tar
The latter command creates the directory /usr/src/bro-1.1/. Change to
that directory and compile and install the program. This example
installs Bro into /opt/Bro/.
# cd bro-1.1
# ./configure ––prefix=/opt/Bro
After the configure script runs, you should receive the following
message on your terminal:
Bro Configuration Summary
- Debugging enabled: no
- OpenSSL support: yes
- Non-blocking main loop: yes
- Non-blocking resolver: yes
- Installation prefix: /opt/Bro
- Perl interpreter: /usr/bin/perl5
- Using basic_string: no
- Pcap used: system-provided
Now run make and make install:
# make
# make install
Now that the executables have been created and Bro's been installed,
run the following to create crontab entries for Bro's daily reports:
# make install-brolite
Answer each prompt that the script presents. Your answers to the
prompts tailor Bro's configuration file in /opt/Bro/etc/bro.cfg. (The
sidebar "Bro Directory Structure" provides a map of the Bro directory
structure.)
Salu2
---------------------------------------------------------------------
Para dar de baja la suscripción, mande un mensaje a:
opensuse-es+unsubscribe@xxxxxxxxxxxx
Para obtener el resto de direcciones-comando, mande
un mensaje a:
opensuse-es+help@xxxxxxxxxxxx
| < Previous | Next > |