wget http://www.chaotic.org/guardian/guardian-1.7.tar.gz //下載guardian-1.7.tar.gz
tar zxvf guardian-1.7.tar.gz //解壓縮
cd guardian-1.7 //切換目錄
touch /etc/snort/guardian.ignore //建立檔案
touch /etc/snort/guardian.target
touch /var/log/snort/guardian.log
cp guardian.pl /usr/local/bin/ //複製檔案
cp scripts/iptables_block.sh /usr/local/bin/guardian_block.sh
cp scripts/iptables_unblock.sh /usr/local/bin/guardian_unblock.sh
cp guardian.conf /etc/snort
vi /etc/snort/guardian.conf //編輯設定檔
Interface eth0
LogFile /var/log/snort/guardian.log
AlertFile /var/log/snort/alert //alert檔的位置
IgnoreFile /etc/snort/guardian.ignore //白名單目錄
targetFile /etc/snort/guardian.target //黑名單
TimeLimit 86400 #以秒為單位
guardian需用perl執行
啟動該服務
/usr/bin/perl /usr/local/bin/guardian.pl -c /etc/snort/guardian.conf
沒有留言:
張貼留言