Tutoria menjelaskan cara mengintegrasikan Snort, sebuah sistem deteksi intrusi, dengan BASE untuk memantau lalu lintas jaringan secara real-time. Langkahnya meliputi penginstalan dan konfigurasi Snort, BASE, serta komponen pendukung seperti MySQL dan ADOdb. Snort dikonfigurasi untuk melacak lalu lintas jaringan internal dan mencatat hasil deteksi ke database MySQL, yang kemudian ditampilkan secara grafis melalui
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSCody Thomas
Kerberos on macOS with and without Active Directory (AD). Where are attacks possible in Kerberos and how does the LKDC (Local Key Distribution Center) come into play.
Presented at Objective By The Sea (OBTS) 3.0 in Maui, Hawaii March 2020
This lecture discusses the different techniques used to install, uninstall and upgrade software packages in Linux and the associated tools
Video for this lecture on youtube:
http://www.youtube.com/watch?v=pFqdupd9wKk
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
Ahmed ElArabawy
- https://www.linkedin.com/in/ahmedelarabawy
This document provides instructions for configuring BitLocker drive encryption to store recovery information in Active Directory. It involves enabling a startup PIN through Group Policy settings, configuring Active Directory to store BitLocker recovery information by modifying GPO settings linked to the relevant OU, and ensuring machines download updated policies by rebooting prior to encryption.
The document contains questions and answers about maintaining and configuring Resource and Reservation (R&R) databases in IBM Lotus Notes and Domino. Key points addressed include:
- Running regular maintenance agents like Autoreminder and Purge Documents to keep the R&R database running efficiently.
- Renaming rooms and resources, and how that impacts existing reservations.
- Hiding rooms from users' booking options.
- Best practices for setting up multiple R&R databases across different servers.
Este documento describe cómo configurar un servidor proxy en Endian para restringir el acceso a sitios web específicos para diferentes usuarios. Se explica cómo habilitar el proxy HTTP, establecer las políticas de filtrado, crear perfiles de usuario con sitios bloqueados, agregar usuarios y grupos, y aplicar las reglas de acceso. Finalmente, se prueba el proxy restringiendo el acceso a YouTube y Hotmail para un usuario en particular.
Linux is an operating system similar to Unix. The document lists and describes 27 common Linux commands, including commands for listing files (ls), removing files and directories (rm, rmdir), viewing file contents (cat, more, less), navigating and creating directories (cd, mkdir), moving and copying files (mv, cp), searching files (grep), counting characters (wc), checking the current working directory (pwd), getting command help (man), finding files and programs (whereis, find, locate), editing files (vi, emacs), connecting remotely (telnet, ssh), checking network status (netstat, ifconfig), getting information about internet hosts (whois, nslookup, dig, finger), testing network connectivity
This document provides instructions for configuring LDAP and SAMBA to integrate Linux and Windows networks. It describes installing and configuring OpenLDAP to set up the LDAP directory and backend, then loading schemas and creating the administrator entry. Configuration files for the LDAP client are also edited to point to the LDAP server. The objective is to enable compatibility between Linux and Windows systems through Samba using users from the LDAP directory tree.
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSCody Thomas
Kerberos on macOS with and without Active Directory (AD). Where are attacks possible in Kerberos and how does the LKDC (Local Key Distribution Center) come into play.
Presented at Objective By The Sea (OBTS) 3.0 in Maui, Hawaii March 2020
This lecture discusses the different techniques used to install, uninstall and upgrade software packages in Linux and the associated tools
Video for this lecture on youtube:
http://www.youtube.com/watch?v=pFqdupd9wKk
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
Ahmed ElArabawy
- https://www.linkedin.com/in/ahmedelarabawy
This document provides instructions for configuring BitLocker drive encryption to store recovery information in Active Directory. It involves enabling a startup PIN through Group Policy settings, configuring Active Directory to store BitLocker recovery information by modifying GPO settings linked to the relevant OU, and ensuring machines download updated policies by rebooting prior to encryption.
The document contains questions and answers about maintaining and configuring Resource and Reservation (R&R) databases in IBM Lotus Notes and Domino. Key points addressed include:
- Running regular maintenance agents like Autoreminder and Purge Documents to keep the R&R database running efficiently.
- Renaming rooms and resources, and how that impacts existing reservations.
- Hiding rooms from users' booking options.
- Best practices for setting up multiple R&R databases across different servers.
Este documento describe cómo configurar un servidor proxy en Endian para restringir el acceso a sitios web específicos para diferentes usuarios. Se explica cómo habilitar el proxy HTTP, establecer las políticas de filtrado, crear perfiles de usuario con sitios bloqueados, agregar usuarios y grupos, y aplicar las reglas de acceso. Finalmente, se prueba el proxy restringiendo el acceso a YouTube y Hotmail para un usuario en particular.
Linux is an operating system similar to Unix. The document lists and describes 27 common Linux commands, including commands for listing files (ls), removing files and directories (rm, rmdir), viewing file contents (cat, more, less), navigating and creating directories (cd, mkdir), moving and copying files (mv, cp), searching files (grep), counting characters (wc), checking the current working directory (pwd), getting command help (man), finding files and programs (whereis, find, locate), editing files (vi, emacs), connecting remotely (telnet, ssh), checking network status (netstat, ifconfig), getting information about internet hosts (whois, nslookup, dig, finger), testing network connectivity
This document provides instructions for configuring LDAP and SAMBA to integrate Linux and Windows networks. It describes installing and configuring OpenLDAP to set up the LDAP directory and backend, then loading schemas and creating the administrator entry. Configuration files for the LDAP client are also edited to point to the LDAP server. The objective is to enable compatibility between Linux and Windows systems through Samba using users from the LDAP directory tree.
Mikrotik Hotspot With Queue Tree BW Managementgopartheredbuff
The document discusses how to configure bandwidth management using queue trees on a Mikrotik router for a hotspot network. It provides steps to set up interfaces and IP addresses, enable masquerading and DNS, create hotspot user profiles with packet markings, configure firewall mangle rules for packet marking, and build a queue tree with bandwidth limits for different user groups and traffic directions. Screenshots are included to illustrate the hotspot user profile, mangle rules, and queue tree configurations.
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITMd. Abdul Barek
This document provides instructions for creating a starter Group Policy Object (GPO) in 7 steps: 1) Open the Group Policy Management tool; 2) Expand the forest and domain; 3) Right click to create a new GPO or folder; 4) Name the new GPO; 5) Edit the GPO assignment; 6) Configure user configuration settings like the desktop; 7) Enable settings and apply the policy. It also describes how to back up an existing GPO and restore it from the backup.
Servidor DNS Dinámico en Ubuntu Server 16.04 LTSDiego Montiel
Este documento proporciona instrucciones para configurar un servidor DNS dinámico y DHCP en Ubuntu Server 16.04. Incluye pasos como instalar paquetes necesarios como bind9 e isc-dhcp-server, crear zonas DNS, configurar el servicio DHCP e integrarlo con DNS, y probar la resolución de nombres.
John David Hammond is a recent graduate from Auburn University with a Bachelor's degree in Hotel and Restaurant Management and a minor in Business. He has over 5 years of experience in food service management, including his current role as Floor Manager at Pappadeaux Seafood Kitchen in Birmingham, Alabama. Hammond has also held internships at Triple Creek Ranch in Montana and certifications in hotel analytics, food safety, and digital marketing. He aims to cultivate open communication and service-minded leadership.
Engage.UG 2022 - Domino TOTP/2FA - Best Practices and PitfallsMilan Matejic
This document discusses best practices and pitfalls for implementing Time-based One-Time Password (TOTP) two-factor authentication (2FA) with HCL Domino. It covers topics such as motivation, terminology, how TOTP works, prerequisites, setup instructions, user and administrator workflows, troubleshooting, questions and answers, and references. The document provides detailed steps for configuring TOTP authentication for both Domino servers and Traveler mobile clients.
Linux'a Giris ve VirtualBox a Ubuntu KurulumuAhmet Gürel
Bu döküman Linux nedir neden tercih edilir gibi sorulara cevap arayanlara kısa bir bilgilendirmeden sonra Sanal makinaya Linux Ubuntu dağıtımının kurulumunu göstererek genel linux terminal ve komutlarının anlatımıyla son bulmaktadır.Lİnux ve özgür yazılım farkındalığını artırmak için giriş seviyesinde bir dökumandır.İşinize yaraması dileğiyle iyi çalışmalar.Soru,görüş ve önerileriniz için ahmet@gurelahmet.com a mail atabilirsiniz.
Dynamic ARP inspection (DAI) is a security feature that prevents man-in-the-middle attacks by validating ARP packets. It relies on DHCP snooping to build a database of valid IP-MAC address bindings. When enabled, DAI will drop ARP packets that do not match entries in the DHCP snooping database, preventing ARP poisoning attacks. The document then demonstrates configuring and testing DAI on a switch to block an ARP poisoning attempt by a rogue workstation.
The document discusses the Linux booting process. It begins with the BIOS loading the master boot record (MBR) from the hard disk. The MBR then loads the boot loader like GRUB or LILO. The boot loader loads the Linux kernel into memory and passes control to it. The kernel initializes hardware and loads drivers. It then launches the init process which starts essential system processes and moves the system to the default runlevel based on the /etc/inittab file.
This document provides an overview of the basics of Linux, including its key components and common commands. It describes Linux as an open source, Unix-based operating system developed by the community. The core component is the Linux kernel, which uses a monolithic microkernel design. Common shells for the user interface include BASH, SH, and KSH. Basic commands covered include ls, cd, pwd, echo, cat, cp, mv, mkdir, rm, and tar for archiving and compressing files. The document also discusses file permissions and ownership, represented using octal notation, and crontab for scheduling tasks.
The document discusses File Transfer Protocol (FTP), Network File System (NFS), and Samba server configuration. It provides details on FTP such as its history, components, modes, and how to configure an FTP server in Linux. It describes NFS including its history, versions, configuration files, and steps to configure NFS client and server. It also explains Samba, its components, purpose, and how to configure a Samba server using both command line and graphical tools.
Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers.
In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
This document provides a 15 minute crash course on OMD (Open Monitoring Distribution) and Check_MK. It discusses what OMD and Check_MK are, the data collection process, how to deploy OMD and the Check_MK agent, and provides recommendations. OMD is not a Linux distribution but a set of tools for running multiple monitoring instances per host with separate users. Check_MK is a Nagios addon that provides automatic service detection, hierarchical configuration, and high performance passive checks. It then outlines how to install OMD, install and configure the Check_MK agent, create an OMD instance, and access the multisite interface. Security recommendations include filtering iptables to only allow traffic from the monitoring server.
Administración de usuarios y permisos de archivos en ubunturiveravega12
Este documento describe la administración de usuarios y permisos de archivos/carpetas en Ubuntu 15.04. Explica cómo añadir y eliminar usuarios y grupos, y modificar sus características. También cubre la creación y modificación de permisos de archivos y carpetas usando comandos como chmod, chown, y chgrp. Finalmente, incluye ejemplos prácticos de cómo administrar estos permisos y usuarios.
Dokumen tersebut memberikan instruksi untuk mengkonfigurasi server virtual CentOS dengan menginstal dan mengkonfigurasi jaringan, user baru, MySQL, Apache, PHP, dan PHPMyAdmin.
Mikrotik Hotspot With Queue Tree BW Managementgopartheredbuff
The document discusses how to configure bandwidth management using queue trees on a Mikrotik router for a hotspot network. It provides steps to set up interfaces and IP addresses, enable masquerading and DNS, create hotspot user profiles with packet markings, configure firewall mangle rules for packet marking, and build a queue tree with bandwidth limits for different user groups and traffic directions. Screenshots are included to illustrate the hotspot user profile, mangle rules, and queue tree configurations.
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITMd. Abdul Barek
This document provides instructions for creating a starter Group Policy Object (GPO) in 7 steps: 1) Open the Group Policy Management tool; 2) Expand the forest and domain; 3) Right click to create a new GPO or folder; 4) Name the new GPO; 5) Edit the GPO assignment; 6) Configure user configuration settings like the desktop; 7) Enable settings and apply the policy. It also describes how to back up an existing GPO and restore it from the backup.
Servidor DNS Dinámico en Ubuntu Server 16.04 LTSDiego Montiel
Este documento proporciona instrucciones para configurar un servidor DNS dinámico y DHCP en Ubuntu Server 16.04. Incluye pasos como instalar paquetes necesarios como bind9 e isc-dhcp-server, crear zonas DNS, configurar el servicio DHCP e integrarlo con DNS, y probar la resolución de nombres.
John David Hammond is a recent graduate from Auburn University with a Bachelor's degree in Hotel and Restaurant Management and a minor in Business. He has over 5 years of experience in food service management, including his current role as Floor Manager at Pappadeaux Seafood Kitchen in Birmingham, Alabama. Hammond has also held internships at Triple Creek Ranch in Montana and certifications in hotel analytics, food safety, and digital marketing. He aims to cultivate open communication and service-minded leadership.
Engage.UG 2022 - Domino TOTP/2FA - Best Practices and PitfallsMilan Matejic
This document discusses best practices and pitfalls for implementing Time-based One-Time Password (TOTP) two-factor authentication (2FA) with HCL Domino. It covers topics such as motivation, terminology, how TOTP works, prerequisites, setup instructions, user and administrator workflows, troubleshooting, questions and answers, and references. The document provides detailed steps for configuring TOTP authentication for both Domino servers and Traveler mobile clients.
Linux'a Giris ve VirtualBox a Ubuntu KurulumuAhmet Gürel
Bu döküman Linux nedir neden tercih edilir gibi sorulara cevap arayanlara kısa bir bilgilendirmeden sonra Sanal makinaya Linux Ubuntu dağıtımının kurulumunu göstererek genel linux terminal ve komutlarının anlatımıyla son bulmaktadır.Lİnux ve özgür yazılım farkındalığını artırmak için giriş seviyesinde bir dökumandır.İşinize yaraması dileğiyle iyi çalışmalar.Soru,görüş ve önerileriniz için ahmet@gurelahmet.com a mail atabilirsiniz.
Dynamic ARP inspection (DAI) is a security feature that prevents man-in-the-middle attacks by validating ARP packets. It relies on DHCP snooping to build a database of valid IP-MAC address bindings. When enabled, DAI will drop ARP packets that do not match entries in the DHCP snooping database, preventing ARP poisoning attacks. The document then demonstrates configuring and testing DAI on a switch to block an ARP poisoning attempt by a rogue workstation.
The document discusses the Linux booting process. It begins with the BIOS loading the master boot record (MBR) from the hard disk. The MBR then loads the boot loader like GRUB or LILO. The boot loader loads the Linux kernel into memory and passes control to it. The kernel initializes hardware and loads drivers. It then launches the init process which starts essential system processes and moves the system to the default runlevel based on the /etc/inittab file.
This document provides an overview of the basics of Linux, including its key components and common commands. It describes Linux as an open source, Unix-based operating system developed by the community. The core component is the Linux kernel, which uses a monolithic microkernel design. Common shells for the user interface include BASH, SH, and KSH. Basic commands covered include ls, cd, pwd, echo, cat, cp, mv, mkdir, rm, and tar for archiving and compressing files. The document also discusses file permissions and ownership, represented using octal notation, and crontab for scheduling tasks.
The document discusses File Transfer Protocol (FTP), Network File System (NFS), and Samba server configuration. It provides details on FTP such as its history, components, modes, and how to configure an FTP server in Linux. It describes NFS including its history, versions, configuration files, and steps to configure NFS client and server. It also explains Samba, its components, purpose, and how to configure a Samba server using both command line and graphical tools.
Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers.
In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
This document provides a 15 minute crash course on OMD (Open Monitoring Distribution) and Check_MK. It discusses what OMD and Check_MK are, the data collection process, how to deploy OMD and the Check_MK agent, and provides recommendations. OMD is not a Linux distribution but a set of tools for running multiple monitoring instances per host with separate users. Check_MK is a Nagios addon that provides automatic service detection, hierarchical configuration, and high performance passive checks. It then outlines how to install OMD, install and configure the Check_MK agent, create an OMD instance, and access the multisite interface. Security recommendations include filtering iptables to only allow traffic from the monitoring server.
Administración de usuarios y permisos de archivos en ubunturiveravega12
Este documento describe la administración de usuarios y permisos de archivos/carpetas en Ubuntu 15.04. Explica cómo añadir y eliminar usuarios y grupos, y modificar sus características. También cubre la creación y modificación de permisos de archivos y carpetas usando comandos como chmod, chown, y chgrp. Finalmente, incluye ejemplos prácticos de cómo administrar estos permisos y usuarios.
Dokumen tersebut memberikan instruksi untuk mengkonfigurasi server virtual CentOS dengan menginstal dan mengkonfigurasi jaringan, user baru, MySQL, Apache, PHP, dan PHPMyAdmin.
Dokumen tersebut memberikan instruksi lengkap untuk menginstal CentOS 6.4, termasuk mengatur bios, memasukkan DVD instalasi, memilih bahasa, waktu, dan pengaturan jaringan. Instruksi selanjutnya menjelaskan cara instalasi LAMP server, PostgreSQL, SSH, dan konfigurasi lainnya.
Dokumen tersebut memberikan panduan lengkap tentang konfigurasi server PC, router, DHCP, DNS, web server, proxy server, NTP, mail server dan webmail server, serta firewall pada Debian. Termasuk langkah-langkah instalasi paket, editing berkas konfigurasi, dan pengujian konfigurasi untuk memastikan layanan-layanan jaringan berjalan dengan baik.
Tutorial ini memberikan panduan lengkap untuk instalasi Openbravo ERP di Ubuntu server, meliputi instalasi dependensi seperti PostgreSQL, Java, Tomcat, dan Ant; konfigurasi properti Openbravo; kompilasi sumber Openbravo; serta cara backup dan restore menggunakan snapshot.xml.
2013-39. Install Sistem Operasi melalui jaringan dengan ubuntu 10Syiroy Uddin
Dokumen ini menjelaskan cara menginstal sistem operasi Ubuntu 10 melalui jaringan dengan menggunakan tiga paket yaitu Apache, TFTP, dan DHCP Server. Langkah-langkahnya meliputi penyiapan direktori dan konfigurasi DHCP Server untuk mendistribusikan alamat IP secara otomatis ke klien saat booting, serta mengarahkan klien untuk melakukan instalasi seperti proses instalasi Ubuntu biasa.
Teks ini memberikan tutorial singkat tentang cara membuat virtual host di XAMPP Linux untuk membuat beberapa subdomain dari satu domain utama menggunakan satu alamat IP server. Langkah-langkahnya meliputi menginstal dan mengkonfigurasi XAMPP, membuat folder dan file HTML untuk masing-masing subdomain, serta mengkonfigurasi file konfigurasi Apache untuk mengarahkan setiap subdomain ke lokasi file HTML yang sesuai.
Dokumen tersebut memberikan panduan instalasi dan konfigurasi web server Nginx pada sistem operasi Linux Ubuntu. Nginx merupakan alternatif dari Apache yang lebih ringan dalam penggunaan memori dan cepat dalam menangani file statis. Langkah-langkahnya meliputi instalasi Nginx, PHP, MySQL, serta konfigurasi direktori dan modul tambahan.
Dokumen ini memberikan panduan lengkap untuk menginstal dan mengkonfigurasi platform blog open source Ghost dari offline ke online. Langkah-langkahnya meliputi instalasi Node.js, menginstal Ghost secara lokal, menambahkan konten, merubah tema, dan akhirnya mempublikasikan blog Ghost secara online dengan menguploadnya ke server dan mengaksesnya melalui alamat IP publik.
1. Snort IDS dikonfigurasi pada virtual machine dengan interface jaringan eth0 dan eth1 yang diset sebagai bridge dan host-only.
2. Beberapa komponen prasyarat Snort seperti libpcap, PCRE, dan DAQ diinstalasi dari sumber daya.
3. File konfigurasi dan preprocessor dinamis Snort disalin dari folder tarball.
4. Aturan ICMP sederhana ditulis untuk menguji deteksi Snort yang akan menghasilkan peringatan saat melihat pesan echo request dan
Standar instalasi FreeBSD di Institut Manajemen Telkom mencakup 13 poin utama perawatan sistem operasi, termasuk manajemen proses, sumber daya sistem, berkas, disk, jaringan, penjadwalan, dan pengguna. Dokumen ini memberikan panduan lengkap tentang perintah-perintah dasar FreeBSD untuk memantau dan mengelola server.
2013-20. Management Bandwith menggunakan htb pada ubuntu 10.04Syiroy Uddin
Dokumen tersebut memberikan panduan cara mengatur bandwidth antar client menggunakan HTB pada Ubuntu 10.04 dengan langkah-langkah sebagai berikut: (1) menginstall HTB tools, (2) mengkonfigurasi interface jaringan dan HTB, (3) mengatur bandwidth client.
1. Dokumen tersebut memberikan instruksi lengkap untuk mengkonfigurasi Ubuntu Server sebagai router, proxy, dan DHCP server untuk jaringan komputer kecil.
2. Langkah-langkahnya meliputi instalasi Ubuntu Server, konfigurasi kartu jaringan, pengaturan dial-up modem, pemasangan paket tambahan, dan konfigurasi layanan seperti OpenSSH, DHCP, dan NAT routing.
3. Konfigurasi jaringan dilakukan dengan mengedit berkas konfigurasi sepert
Tiga kalimat ringkasan dokumen tersebut adalah:
Dokumen tersebut menjelaskan cara menginstal Nginx dengan dukungan PHP5 dan MySQL pada sistem operasi CentOS 6.5, meliputi penginstalan dan konfigurasi Nginx, PHP-FPM, dan MySQL beserta modul-modul yang dibutuhkan.
Dokumen tersebut menjelaskan cara membangun mesin pencari sendiri menggunakan perangkat lunak sumber terbuka Nutch dan Solr. Langkah-langkahnya meliputi penginstalan Nutch dan Solr, konfigurasi komponen seperti URL bibit dan filter, melakukan penjelajahan web dengan Nutch, memindeks hasilnya ke dalam Solr, serta melakukan pencarian di Solr.
Similar to Tutorial Membangun SNORT Integrasi Terhadap MySQL dan BASE (20)
Tutorial Membangun SNORT Integrasi Terhadap MySQL dan BASE
1. hhttttppss::////bblloogg..mmooddpprr00..bbee
TTuuttoorriiaall MMeemmbbaanngguunn SSNNOORRTT
IInntteeggrraassii TTeerrhhaaddaapp MMyySSQQLL ddaann BBAASSEE
Author: Thomas Ajawaila
Beberapa bulan yang lalu, saya sempat install Denyhosts, sebuah program di sistem
Linux yang melakukan penolakan terhadap host-host yang dianggap melakukan intrusi ke
sebuah sistem. Denyhosts khusus memonitor service SSH, dan mencatatnya dalam
sebuah file hosts.deny apabila diketahui ada host dari luar yang gagal melakukan login
pada service SSH.
Setelah berjalan sampai sekarang, sudah ada sekitar 10-15 host yang masuk dalam daftar
host yang di tolak (hosts.deny). Saya berpikir, bahwa memang banyak intrusi dari luar ke
dalam sistem, namun apakah hanya ke service SSH? Teringat akan IDS (Intrusion
Detection System) yang sangat terkenal Snort, saya iseng-iseng menginstallnya beberapa
hari yang lalu, dan baru sempat saya dokumentasikan sekarang :)
Snort yang akan saya install yang sudah terintegrasi secara web based karena saya juga
mengikutsertakan program BASE (Basic Analysis and Security Engine) dan ADOdb
sebagai tambahan. Dengan adanya BASE, maka akan ada tambahan dalam
mengkonfigurasi web server. Diasumsikan document root untuk web server yaitu:
/var/www/html/ dan IP server adalah 192.168.10.1 menggunakan interface eth0. Baiklah,
sudah bisa dimulai...
Pertama-tama, buat direktori sementara kita untuk mendownload dan kompilasi:
# mkdir /root/snorttemp
# cd /root/snorttemp
Kedua, download file-file yang dibutuhkan:
Snort + Snort Rules
Download Snort versi terbaru (saat artikel ini ditulis versi 2.6.1.1)
# wget http://www.snort.org/dl/current/snort-2.6.1.1.tar.gz
Kita juga butuh rules untuk Snort!
Silakan pergi ke http://www.snort.org/pub-bin/downloads.cgi. Lalu perhatikan
"Sourcefire VRT Certified Rules - The Official Snort Ruleset (unregistered user
release)" (kalo Anda sudah register, silakan download yang "Sourcefire VRT Certified
Rules - The Official Snort Ruleset (registered user release)")
Saya sudah register, jadi harus login dulu kemudian baru bisa download...
2. hhttttppss::////bblloogg..mmooddpprr00..bbee
# wget http://www.snort.org/pub-
bin/downloads.cgi/Download/vrt_os/snortrules-snapshot-
CURRENT.tar.gz
PCRE - Perl Compatible Regular Expressions.
Untuk program BASE, kita butuh PCRE silakan download di http://www.pcre.org/
(yang terbaru saat tulisan ini ditulis adalah versi 6.7)
# wget
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-
6.7.tar.gz
LIBPCAP
Silakan download LIBPCAP di http://www.tcpdump.org/
(yang terbaru saat tulisan ini ditulis adalah versi 0.95)
# wget http://www.tcpdump.org/release/libpcap-0.9.5.tar.gz
BASE (Basic Analysis and Security Engine)
Download BASE di http://secureideas.sourceforge.net/
(versi terbaru saat tulisan ini ditulis adalah versi 1.2.7)
# wget
http://surfnet.dl.sourceforge.net/sourceforge/secureideas/b
ase-1.2.7.tar.gz
ADOdb (ADOdb Database Abstraction Library for PHP (and Python)
Download ADOdb di http://adodb.sourceforge.net/
(versi terbaru saat tulisan ini ditulis adalah adodb-493a-for-php)
# wget
http://surfnet.dl.sourceforge.net/sourceforge/adodb/adodb49
3a.tgz
Kalo sudah di download semua, silakan di ekstrak semuanya:
# tar xzvf snort-2.6.1.1.tar.gz
# tar xzvf snortrules-snapshot-CURRENT.tar.gz
# tar xzvf pcre-6.7.tar.gz
# tar xzvf libpcap-0.9.5.tar.gz
# tar xzvf base-1.2.7.tar.gz
# tar xzvf adodb493a.tgz
3. hhttttppss::////bblloogg..mmooddpprr00..bbee
Kemudian delete file arsipnya:
# rm -rf *gz
Seharusnya isi dari pada direktori snorttemp adalah sebagai berikut:
Sekarang tinggal kompilasi, dimulai dari LIBPCAP...yuk mari :D
LIBPCAP
# cd /root/snorttemp/libpcap-0.9.5
# ./configure
# make && make install
PCRE - Perl Compatible Regular Expressions.
# cd /root/snorttemp/pcre-6.7
# ./configure
# make && make install
SNORT
# cd /root/snorttemp/snort-2.6.1.1
# ./configure --enable-dynamicplugin --with-mysql
# make && make install
Untuk Snort, kita perlu membuat direktori map untuk log dan rulesnya
# mkdir -p /etc/snort/rules
# mkdir /var/log/snort
Selanjutnya, bagian terpenting. Copy seluruh isi ekstrak snortrules ke direktori map
snort:
# cp rules/* /etc/snort/rules/
# cp -rvf so_rules /etc/snort/
# cp -rvf doc /etc/snort/
Yang sangat penting lainnya:
# cd snort-2.6.1.1/etc
# cp * /etc/snort/
4. hhttttppss::////bblloogg..mmooddpprr00..bbee
Edit snort.conf sesuai dengan kebutuhan:
# nano /etc/snort.conf
Lakukan perubahan pada baris-baris berikut:
ganti "var HOME_NET any" jadi "var HOME_NET 192.168.10.0/24"
ganti "var EXTERNAL_NET any" jadi "var EXTERNAL_NET !$HOME_NET"
ganti "var RULE_PATH ../rules" jadi "var RULE_PATH /etc/snort/rules"
Berhubung tadi kita sudah meng-kompile Snort dengan opsi --with-mysql dan memang
integrasi dengan database dibutuhkan untuk program BASE, maka sekarang kita akan
membuat database untuk Snort agar bisa berinteraksi lewat BASE. Temukan baris:
# output database: log, mysql, user=root password=[your pass] dbname=snort
host=local$
dan hilangkan tanda "#"
output database: log, mysql, user=root password=[your pass] dbname=snort
host=local$
Sesuaikan juga username, password dan database yang akan digunakan. BASE akan
melakukan koneksi database menggunakan username, password dan database tersebut.
Pastikan Anda memasukkannya dengan benar. Silakan simpan konfigurasi Anda.
Setting Database untuk SNORT
Silakan buat database untuk snort, terserah dengan apa, namun saya sarankan
menggunakan phpmyadmin, karena lebih mudah dan memiliki tampilan yang
menyenangkan. Jangan lupa untuk menyesuaikan dengan keadaan konfigurasi database
yang sudah kita edit tadi di /etc/snort/snort.conf. Table layout ada di file
create_mysql di direktori
/root/snorttemp/snort-2.6.1.1/schemas.
Kalo sudah jadi, silakan test konfigurasi Snort:
# snort -c /etc/snort/snort.conf
Apabila tidak ada error, berarti SUKSES !! Silakan batalkan test dengan menekan
Ctrl+C.
Memindahkan ADODB dan BASE
ADODB
Kembali ke tempat semula:
5. hhttttppss::////bblloogg..mmooddpprr00..bbee
# cd /root/snorttemp/
Pindahkan direktori ADODB ke root direktori web server:
# mv adodb /var/www/
BASE (Basic Analysis and Security Engine)
Pindakan direktori base-1.2.7 ke direktori web server yang dapat diakses:
# mv base-1.2.7 /var/www/html/
lalu kita pindah ke sana:
# cd /var/www/html/
Agar mudah diakses, ganti namanya menjadi base:
# mv base-1.2.7 base
Ganti permissionnya:
# chmod 757 base
Sampai disini, kita bisa bernafas lega. Yang udah cape, silakan istirahat dulu, kalo
memang udah malam bisa tidur dulu dan lanjutkan besok pagi. Tapi kalo belom, lanjuuutt
!!
BASE Web based Setup
Silakan buka web browser Anda, dan arahkan ke
http://192.168.10.1/base/setup
Kalo tidak ada masalah, akan tampil halaman seperti dibawah ini:
Klik Continue
6. hhttttppss::////bblloogg..mmooddpprr00..bbee
Step 1of 5
Masukkan path ADODB (/var/www/adodb):
Klik Submit Query
Step 2 of 5
Masukkan informasi yang ada, dan biarkan pilihan "Use Archive Database" apa
adanya:
Klik Submit Query
Step 3 of 5
Jika mau, bisa menggunakan pilihan "Use Authentication System" agar lebih aman:
8. hhttttppss::////bblloogg..mmooddpprr00..bbee
Untuk melihat tampilan grafis dari traffic BASE, Anda bisa mendownload Image_Color,
Image_Canvas dan Image_Graph
# pear install Image_Color
# pear install Image_Canvas-alpha
# pear install Image_Graph-alpha
Selesai....
Ganti permission direktori base dari 757 ke 775
# chmod 775 base
Delete juga direktori temporary /root/snorttemp:
# rm -rf /root/snorttemp
Menjalankan SNORT
Untuk menjalankan Snort, silakan jalankan perintah berikut:
# /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g root -
D
9. hhttttppss::////bblloogg..mmooddpprr00..bbee
Silakan tunggu beberapa waktu. Apabila benar, maka pada tampilan BASE akan seperti
ini:
Selesai sudah tutorial ini, semoga menjadi sangat bermanfaat mengingat banyaknya
serangan yang datang mampir ke server saya :)
Links:
BASE : http://secureideas.sourceforge.net
Snort: http://www.snort.org