Logs

665 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
665
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Dmesg – messages from kernel
  • Logs

    1. 1. Big brother is watching you Stefan FODOR(backb0ne fl00d3r ) 13 th of May Log
    2. 2. Overview <ul><li>What is?
    3. 3. Example..
    4. 4. Iptables and logs
    5. 5. Introducing snort
    6. 6. Live Demo?
    7. 7. Question? </li></ul>
    8. 8. What are Log Files? <ul><li>Records an event </li><ul><ul><li>Normal behavior
    9. 9. Warning
    10. 10. Errors
    11. 11. Other anomalies </li></ul></ul><li>Data usually saved </li><ul><ul><li>Date+time
    12. 12. Code
    13. 13. Error/warning message
    14. 14. Program or user who generated it </li></ul></ul><li>Used to </li><ul><ul><li>Debug
    15. 15. Trace errors
    16. 16. Check for intrusions
    17. 17. Statistics </li></ul></ul></ul>
    18. 18. /var/log
    19. 19. /var/log Kernel Logs Log, warn, err dmesg Web server apt logrotate
    20. 20. For the untrained eyes
    21. 21. For the trained eyes File dependency – legit request Legit request SQL injection? ?
    22. 22. iptables and log files <ul><li>$ iptables -A INPUT -j LOG --log-level 4
    23. 23. Store iptables logs to /var/log/iptables.log
    24. 24. $ nmap 192.168.1.20 </li></ul>
    25. 25. Nmap and iptables
    26. 26. Snort and log files <ul><li>Installed snort
    27. 27. Set rules for nmap
    28. 28. Configured log file
    29. 29. BASE “interface”
    30. 30. Run nmap </li></ul>
    31. 31. Regular Nmap Scan
    32. 32. Stealth Scan + OS Det
    33. 33. Live Demo? (As needed)
    34. 34. Questions?

    ×