\u4fb5\u5165\u691c\u77e5\u30b7\u30b9\u30c6\u30e0\uff1aInstrusion Detection System\u3000\u306e\u4e8b\u3089\u3057\u3044\u3002\u30db\u30b9\u30c8\u578bIDS\u3068\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u578bIDS\u306e\uff12\u3064\u304c\u3042\u308b\u3089\u3057\u3044\u304c\u3001\u4eca\u56de\u306eSnort\u306f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u578b\u306eIDS\u3060\u3002<\/p>\n
\u30db\u30b9\u30c8\u578b\u306eIDS\u306f\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3084\u30d5\u30a1\u30a4\u30eb\u6539\u3056\u3093\u3092\u691c\u77e5\u3059\u308b\u3002\u3068\u3044\u3046\u4e8b\u3067\u524d\u56de\u306eTripwire\u3082IDS\u306e\u4e00\u7a2e\u3068\u3044\u3046\u4e8b\u3089\u3057\u3044\u3002\u306a\u308b\u307b\u308d\u3002<\/p>\n
\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u578b\u306eIDS\u3067\u3042\u308bSnort\u306fTCP\u30fbUDP\u30fbIP\u306a\u3069\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u89e3\u6790\u304c\u53ef\u80fd\u3002\u30b7\u30b0\u30cd\u30c1\u30e3\u3068\u3044\u3046\u30eb\u30fc\u30eb\u3092\u8a2d\u5b9a\u3057\u3066\u691c\u77e5\u3092\u884c\u3046\u3089\u3057\u3044\u3002\u30b7\u30b0\u30cd\u30c1\u30e3\u306f\u30eb\u30fc\u30eb\u30d8\u30c3\u30c0\u3068\u30eb\u30fc\u30eb\u30dc\u30c7\u30a3\u3067\u69cb\u6210\u3055\u308c\u308b\u3002<\/p>\n
\u5168\u304f\u4f7f\u3063\u305f\u4e8b\u3082\u306a\u3044\u306e\u3067\u3001\u3069\u3093\u306a\u3082\u306e\u304b\u3082\u60f3\u50cf\u3064\u304b\u306a\u3044\u3002\u3053\u3093\u306a\u6642\u306f\u89e6\u3063\u3066\u307f\u308b\u306e\u304c\u4e00\u756a\u65e9\u3044\u3002\u306a\u3093\u3068\u306a\u304f\u4eca\u56de\u306eSnort\u306f\u308f\u308a\u3068\u304d\u3063\u3061\u308a\u3084\u308d\u3046\u3068\u601d\u3063\u3066\u3044\u308b\u3002\u304d\u3063\u3061\u308a\u3084\u3063\u305f\u6240\u306f\u8a66\u9a13\u306b\u3042\u307e\u308a\u51fa\u306a\u3044\u3068\u3044\u3046\u30b8\u30f3\u30af\u30b9\u304c\u3042\u308b\u3051\u308c\u3069\u30fb\u30fb\u30fb\u3002<\/p>\n
\u53c2\u8003\u30b5\u30a4\u30c8 \u30d0\u30fc\u30b8\u30e7\u30f3\u3082\u5909\u308f\u3063\u3066\u3044\u308b\u306e\u3067\u3001\u7d06\u4f59\u66f2\u6298\u306f\u3042\u308a\u307e\u3057\u305f\u304c\u4f55\u3068\u304b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306f\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002 RPM\u4f5c\u6210\u306b\u5fc5\u8981\u306a\u3082\u306e\u3068\u304b\u3001\u4f55\u3084\u3089\u5fc5\u8981\u3060\u3063\u305f\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u4e0b\u306e\u3068\u304a\u308a\u3002<\/p>\n \u306a\u3093\u3060\u304b\u3093\u3060\u3067\u4e0a\u624b\u304f\u3044\u304d\u307e\u3057\u305f\u3002<\/p>\n \u3067\u304d\u305f\u30fc\u3068\u601d\u3063\u3066\u305f\u3051\u308c\u3069\u826f\u304f\u307f\u308b\u3068\u53c2\u8003\u30b5\u30a4\u30c8\u3068\u540c\u3058–with mysql\u3092\u4ed8\u3051\u305f\u306e\u306brpm\u304c\u51fa\u6765\u3066\u3044\u306a\u3044\u69d8\u5b50\u3002 \u53c2\u8003\u30b5\u30a4\u30c8 \u4e0a\u8a18\u306e\u30b5\u30a4\u30c8\u306a\u3069\u3092\u898b\u308b\u3068\u3001snort-2.9.3\u304b\u3089\u3067\u304d\u306a\u304f\u306a\u3063\u305f\u6a21\u69d8\u3002 <\/p>\n \u72ac\u3055\u3093\u304b\u8c5a\u3055\u3093\u304b\u5206\u304b\u3089\u306a\u3044\u3051\u3069\u3001\u30ed\u30b4\u304c\u51fa\u3066Tcpdump\u306e\u3088\u3046\u306bssh\u306e\u30d1\u30b1\u30c3\u30c8\u304c\u3056\uff5e\u3063\u3068\u6d41\u308c\u308b\u3002\u9055\u3046\u306e\u306f\u6700\u5f8c\u3067Ctrl+c\u3067\u6b62\u3081\u308b\u3068\u8272\u3005\u3068\u60c5\u5831\u304c\u8868\u793a\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n \u3046\u3093\u3001\u307e\u3041\u3053\u3093\u306a\u611f\u3058\u3067\u3044\u3044\u304b\u306a\u3002\u691c\u77e5\u30b7\u30b9\u30c6\u30e0\u306f\u307e\u3060\u5148\u3067\u3084\u308b\u3068\u3057\u3066\u3001\u4e00\u5fdc\u30b3\u30de\u30f3\u30c9\u3067\u3082\u30aa\u30d7\u30b7\u30e7\u30f3\u306f\u5e7e\u3064\u304b\u3042\u308b\u3088\u3046\u3067\u3059\u3002\u8f09\u305b\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n -a \u00a0\u00a0 \u00a0ARP\u30d1\u30b1\u30c3\u30c8\u3092\u8868\u793a \u767b\u9332\u3057\u306a\u304f\u3066\u3082\u5229\u7528\u3067\u304d\u308b\u3063\u307d\u3044\u30eb\u30fc\u30eb\u304c\u3042\u3063\u305f\u306e\u3067\u9069\u7528\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n \u7d50\u69cb\u5927\u304d\u3044\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3060\u30fb\u30fb\u30fb<\/p>\n \u9577\u3044\u306a\u3041\u3068\u8a00\u3063\u3066\u3082\u5168\u90e8\u4fee\u6b63\u304c\u5fc5\u8981\u3068\u3044\u3046\u8a33\u3067\u306f\u306a\u3044\u3067\u3057\u3087\u3046\u3057\u3001Step1\u304b\u3089\u9806\u756a\u306b\u898b\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n conf\u30d5\u30a1\u30a4\u30eb\u306f\u53c2\u8003\u30b5\u30a4\u30c8\u306b\u7fd2\u3044\u306a\u304c\u3089\u9032\u3081\u307e\u3059\u3002<\/p>\n \u7d9a\u3044\u3066sysconfig\u76f4\u4e0b<\/p>\n \u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3057\u3066DB\u3078\u51fa\u529b\u3059\u308b\u3088\u3046\u306b\u3059\u308b\u3002<\/p>\n \u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u306f\u305a<\/p>\n \u306a\u306e\u3067<\/p>\n \u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u307e\u3059\u3002<\/p>\n \u5909\u66f4\u3059\u308b\u3068\u3053\u308d\u306f\u4ee5\u4e0b<\/p>\n \u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u3082\u3046\u3044\u3063\u3061\u3087\u3002<\/p>\n \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306f\u3053\u306e\u65b9\u6cd5\u3067\u3002<\/p>\n \u30c6\u30fc\u30d6\u30eb\u304c\u51fa\u6765\u305f\u304b\u30c1\u30a7\u30c3\u30af\u3002<\/p>\n \u3067\u306f\u52d5\u304b\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n \u5931\u6557(*\u00b4\u03c9\uff40)<\/p>\n \u3067\u306f\u52d5\u304b\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n \u5931\u6557(*\u00b4\u03c9\uff40)<\/p>\n \u3067\u306f\u52d5\u304b\u3057\uff54miahfdal<\/p>\n \u5931\u6557(*\u00b4\u03c9\uff40)<\/p>\n \u30ae\u30ae\u30ae\u3002localrules\u3092\u3059\u3079\u3066\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3057\u307e\u3057\u305f\u3002<\/p>\n \u305d\u306e\u4ed6\u3001\u7de8\u96c6\u7b87\u6240<\/p>\n \u3088\u304f\u898b\u308b\u3068\u53c2\u8003\u30b5\u30a4\u30c8\u306b\u3082\u3053\u306e\u8fba\u306e\u3053\u3068\u306f\u66f8\u3044\u3066\u3042\u308a\u307e\u3057\u305f\u3002 \u52d5\u3044\u305f\uff5e<\/span>\u3068\u601d\u3063\u305f\u3089\u5225\u306e\u610f\u5473\u3067\u52d5\u304b\u306a\u304f\u306a\u308b\u30fb\u30fb\u30fb \u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3044\u3058\u3063\u3066\u3082\u3046\u307e\u304f\u3044\u304b\u306a\u3044\u30fb\u30fb\u30fb \u7d50\u8ad6\u3092\u8a00\u3046\u3068\u3001\u6700\u5f8c\u306f\u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4fee\u6b63\u3057\u3066\u4e0a\u624b\u304f\u3044\u3063\u305f\u306e\u3067\u3057\u305f\u3002 \u53c2\u8003\u30b5\u30a4\u30c8 \u3061\u3087\u3068\u7aef\u6298\u3063\u3066\u307e\u3059\u304c\u3001\u307b\u307c\u307b\u307c\u53c2\u8003\u30b5\u30a4\u30c8\u306e\u901a\u308a\u3067\u3001\u4ed6\u306b\u3055\u3063\u304d\u66f8\u3044\u305f\u3068\u304a\u308a\u3001snort\u306e\u30d1\u30b9\u3068barnyard2\u306e\u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u5c11\u3057\u3044\u3058\u308a\u307e\u3059\u305f\u3002 \u30c6\u30b9\u30c8\u3067\u52d5\u304b\u3057\u3066\u305fICMP\u306e\u30ed\u30b0\u304c\u84c4\u7a4d\u3055\u308c\u3066\u3044\u305f\u306e\u3067\u554f\u984c\u306a\u3044\u3088\u3046\u3060\u3002<\/p>\n \u3067\u306fcommunity.rules\u3092\u767b\u9332\u3057\u3066\u30ea\u30b9\u30bf\u30fc\u30c8\u3057\u3088\u3046\u3002<\/p>\n \u3061\u3083\u3093\u3068\u52d5\u3044\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n MyIsam\u3067\u3067\u304d\u3066\u3044\u305f(\u00b4\u30fb\u03c9\u30fb`) \u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306fMyIsam\u306a\u306e\u304b\u3002\u307e\u3041\u3001\u3044\u3044\u304b\u3002<\/p>\n <\/p>\n
\nCentOS\u3067\u81ea\u5b85\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9<\/a><\/p>\n
\n\u307e\u305a\u306f\u516c\u5f0f\u30b5\u30a4\u30c8\u304b\u3089Snort\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3002<\/p>\nwget https:\/\/www.snort.org\/downloads\/snort\/snort-2.9.7.0.tar.gz<\/pre>\n
yum -y install libpcap-devel\r\nyum --enablerepo=epel install libdnet libpcap\r\nyum install libc.so.6\r\nyum -y install libpcap.so.1\r\nyum -y install mysql-bench php-pear<\/span><\/pre>\n\u53c2\u8003\u30b5\u30a4\u30c8\u306b\u7fd2\u3063\u3066rpm\u5316\u3057\u3066\u5165\u308c\u307e\u3059\u3002\r\n# rpmbuild -tb --clean --with mysql snort-2.9.7.0.tar.gz<\/pre>\n
daq\u306f\u63a2\u3057\u3066\u304d\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u3002\r\n# rpm -ivh daq-2.0.2-1.centos6.x86_64.rpm\r\n\u6e96\u5099\u4e2d...\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ########################################### [100%]\r\n\u00a0\u00a0 1:daq\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ########################################### [100%]\r\n\r\n\r\n\u51fa\u6765\u4e0a\u304c\u3063\u305frpm\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3057\u305f\u3002\r\n# rpm -ivh \/root\/rpmbuild\/RPMS\/x86_64\/snort-2.9.7.0-1.x86_64.rpm\r\n\u6e96\u5099\u4e2d...\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ########################################### [100%]\r\n\u00a0\u00a0 1:snort\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ########################################### [100%]<\/pre>\n
\u304a\u3084\u3001MySQL\u306erpm\u304c\u3067\u304d\u3066\u306a\u3044<\/h2>\n
\nspec\u30d5\u30a1\u30a4\u30eb\u3092\u78ba\u8a8d\u3059\u308b\u3068mysql\u306e\u8a18\u8ff0\u304c\u306a\u304f\u306a\u3063\u305f\u3088\u3046\u3060\u3002\u904e\u53bb\u306b\u9061\u3063\u30662.9.1.1\u3067\u3088\u3046\u3084\u304f\u898b\u3064\u3051\u305f\u3002<\/p>\n# grep mysql snort-2.9.7.0\/rpm\/snort.spec<\/pre>\n
# grep mysql snort-2.9.3.1\/rpm\/snort.spec<\/pre>\n
# grep mysql snort-2.9.1.1\/rpm\/snort.spec\r\n#\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --with mysql\r\n# Default of no MySQL, but --with mysql will enable it\r\n%define mysql 0\r\n%{?_with_mysql:%define mysql 1}\r\n\u00a0 %define mysql 1\r\n%package mysql\r\n%if %{mysql}<\/pre>\n
\n\u3082\u3082\u30fc\u3044\u9bd6\u899a\u66f8<\/a><\/p>\n
\n\u66f8\u304d\u51fa\u3057\u5148\u306b\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u5229\u7528\u3059\u308b\u306e\u306f\u4ed6\u306b\u3082\u65b9\u6cd5\u304c\u3042\u308b\u3088\u3046\u306a\u306e\u3067\u3001stable\u306e\u6700\u65b02.9.7\u3067\u9032\u3081\u308b\u3053\u3068\u306b\u3057\u307e\u3059\u3002<\/p>\n\u307e\u3001\u52d5\u304b\u3057\u3066\u307f\u3088\u3046\u3002<\/h2>\n
# snort\r\n\r\nRunning in packet dump mode\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --== Initializing Snort ==--\r\nInitializing Output Plugins!\r\npcap DAQ configured to passive.\r\nAcquiring network traffic from \"eth0\".\r\nDecoding Ethernet\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --== Initialization Complete ==--\r\n\r\n\u00a0\u00a0 ,,_\u00a0\u00a0\u00a0\u00a0 -*> Snort! <*-\r\n\u00a0 o\"\u00a0 )~\u00a0\u00a0 Version 2.9.7.0 GRE (Build 149)\r\n\u00a0\u00a0 ''''\u00a0\u00a0\u00a0 By Martin Roesch & The Snort Team: http:\/\/www.snort.org\/contact#team\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Copyright (C) 2014 Cisco and\/or its affiliates. All rights reserved.\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Copyright (C) 1998-2013 Sourcefire, Inc., et al.\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Using libpcap version 1.4.0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Using PCRE version: 7.8 2008-09-05\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Using ZLIB version: 1.2.3<\/pre>\n
===============================================================================\r\nRun time for packet processing was 0.623684 seconds\r\nSnort processed 249 packets.\r\nSnort ran for 0 days 0 hours 0 minutes 0 seconds\r\n\u00a0\u00a0 Pkts\/sec:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 249\r\n===============================================================================\r\nMemory usage summary:\r\n\u00a0 Total non-mmapped bytes (arena):\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 806912\r\n\u00a0 Bytes in mapped regions (hblkhd):\u00a0\u00a0\u00a0\u00a0\u00a0 12906496\r\n\u00a0 Total allocated space (uordblks):\u00a0\u00a0\u00a0\u00a0\u00a0 669568\r\n\u00a0 Total free space (fordblks):\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 137344\r\n\u00a0 Topmost releasable block (keepcost):\u00a0\u00a0 132128\r\n===============================================================================\r\nPacket I\/O Totals:\r\n\u00a0\u00a0 Received:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 249\r\n\u00a0\u00a0 Analyzed:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 249 (100.000%)\r\n\u00a0\u00a0\u00a0 Dropped:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 Filtered:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\nOutstanding:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 Injected:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\r\n===============================================================================\r\nBreakdown by protocol (includes rebuilt packets):\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Eth:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 249 (100.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 VLAN:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IP4:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 249 (100.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Frag:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ICMP:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2 (\u00a0 0.803%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TCP:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 246 ( 98.795%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IP6:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 IP6 Ext:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 IP6 Opts:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0 Frag6:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0 ICMP6:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP6:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TCP6:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0 Teredo:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 ICMP-IP:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 IP4\/IP4:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 IP4\/IP6:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 IP6\/IP4:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 IP6\/IP6:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 GRE:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 GRE Eth:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 GRE VLAN:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 GRE IP4:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 GRE IP6:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\nGRE IP6 Ext:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 GRE PPTP:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 GRE ARP:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0 GRE IPX:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 GRE Loop:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 MPLS:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ARP:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPX:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 Eth Loop:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 Eth Disc:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 IP4 Disc:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1 (\u00a0 0.402%)\r\n\u00a0\u00a0 IP6 Disc:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 TCP Disc:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0 UDP Disc:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0 ICMP Disc:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\nAll Discard:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1 (\u00a0 0.402%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0 Other:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\nBad Chk Sum:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 190 ( 76.305%)\r\n\u00a0\u00a0\u00a0 Bad TTL:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0 S5 G 1:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0 S5 G 2:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 (\u00a0 0.000%)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0 Total:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 249\r\n===============================================================================\r\nSnort exiting<\/pre>\n
\n-b \u00a0\u00a0 \u00a0tcpdump\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3067\u30d1\u30b1\u30c3\u30c8\u3092\u8a18\u9332
\n-c \u00a0\u00a0 \u00a0\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u6307\u5b9a
\n-d \u00a0\u00a0 \u00a0\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30ec\u30a4\u30e4\u30fc\u306e\u30c7\u30fc\u30bf\u3092\u30c0\u30f3\u30d7
\n-e \u00a0\u00a0 \u00a0\u30ec\u30a4\u30e4\u30fc\uff12\u306e\u30d1\u30b1\u30c3\u30c8\u30d8\u30c3\u30c0\u3092\u30c0\u30f3\u30d7
\n-l \u00a0\u00a0 \u00a0\u30ed\u30b0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u6307\u5b9a
\n-L \u00a0\u00a0 \u00a0\u30d0\u30a4\u30ca\u30ea\u51fa\u529b\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u6307\u5b9a
\n-T \u00a0\u00a0 \u00a0Snort\u306e\u30c6\u30b9\u30c8\u30e2\u30fc\u30c9
\n-u \u00a0\u00a0 \u00a0\u521d\u671f\u5316\u5f8c\u306bSnort\u3092\u6307\u5b9a\u3057\u305f\u30e6\u30fc\u30b6\u30fc\u3067\u5b9f\u884c<\/p>\n\u30eb\u30fc\u30eb\u3092DL\u3057\u3066\u307f\u308b<\/h2>\n
# wget https:\/\/www.snort.org\/downloads\/community\/community-rules.tar.gz\r\n# tar zxvf community-rules.tar.gz\r\n# cp -r community.rules\/* \/etc\/snort\/rules\r\n# cat \/etc\/snort\/rules\/community.rules<\/pre>\n
\u8a2d\u5b9a\u306b\u9032\u3080<\/h2>\n
# wc -l \/etc\/snort\/snort.conf\r\n688 \/etc\/snort\/snort.conf<\/pre>\n
# ls \/etc\/snort\/\r\nclassification.config\u00a0 reference.config\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snort.conf\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 unicode.map\r\ngen-msg.map\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 rules\/\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 threshold.conf<\/pre>\n
# vi \/etc\/snort\/snort.conf<\/pre>\n
# Setup the network addresses you are protecting\r\n -ipvar HOME_NET any\r\n +#ipvar HOME_NET any\r\n +ipvar HOME_NET 192.168.0.0\/24<\/pre>\n
# Set up the external network addresses. Leave as \"any\" in most situations\r\n -ipvar EXTERNAL_NET any\r\n +#ipvar EXTERNAL_NET any\r\n +ipvar EXTERNAL_NET !$HOME_NET<\/pre>\n
# \u3069\u3093\u3060\u3051\u30fc\u3002\r\n# List of ports you run web servers on\r\n\u00a0#portvar HTTP_PORTS [80,81,311,383,591,593,901,1220,1414,1741,1830,2301,2381,2809,3037,3128,3702\u00a0\u00a0\u00a0 ,4343,4848,5250,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8085,8088,8090,\u00a0\u00a0\u00a0 8118,8123,8180,8181,8243,8280,8300,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,34443\u00a0\u00a0\u00a0 ,34444,41080,50002,55555]\r\n\u00a0portvar HTTP_PORTS 80<\/pre>\n
# Linux\u7248\u3092\u843d\u3068\u3057\u305f\u306f\u305a\u3060\u3051\u3069\u3001Windows\u3089\u3057\u3044\u3002\r\n286 #preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \\\r\n287 preprocessor stream5_tcp: policy linux, detect_anomalies, require_3whs 180, \\<\/pre>\n
\u30b3\u30fc\u30c9\u30da\u30fc\u30b81252\uff1a\u30e9\u30c6\u30f3\u3000\u304b\u3089\u3000\u30b3\u30fc\u30c8\u30da\u30fc\u30b8932\uff1aShift-jis\u306b\u5909\u66f4\u3068\u601d\u308f\u308c\u3002\r\n301 # preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decomp\u00a0\u00a0\u00a0 ress_depth 65535\r\n302 preprocessor http_inspect: global iis_unicode_map unicode.map 932 compress_depth 65535 decompres\u00a0\u00a0\u00a0 s_depth 65535<\/pre>\n
#ALERTMODE=fast<\/pre>\n
\u00a0\u3067\u306f\u3067\u306fBarnyard2\u3068\u3084\u3089\u3092\u5165\u308c\u3066\u307f\u3088\u3046\u304b<\/h2>\n
# git clone https:\/\/github.com\/firnsy\/barnyard2.git\r\nInitialized empty Git repository in \/usr\/local\/src\/barnyard2\/.git\/\r\nremote: Counting objects: 1071, done.\r\nremote: Total 1071 (delta 0), reused 0 (delta 0)\r\nReceiving objects: 100% (1071\/1071), 1.02 MiB | 271 KiB\/s, done.\r\nResolving deltas: 100% (690\/690), done.\r\n# cd barnyard2\r\n# .\/autogen.sh\r\n\r\nYou can now run \".\/configure\" and then \"make\".<\/pre>\n
# mysql -V\r\nmysql\u00a0 Ver 14.14 Distrib 5.1.73, for redhat-linux-gnu (x86_64) using readline 5.1\r\n# whereis mysql\r\nmysql: \/usr\/bin\/mysql \/usr\/lib64\/mysql \/usr\/include\/mysql \/usr\/share\/mysql \/usr\/share\/man\/man1\/mysql.1.gz<\/pre>\n
.\/configure --with-mysql --with-mysql-libraries=\/usr\/lib64\/mysql\/<\/pre>\n
make && make install<\/pre>\n
# cp etc\/barnyard2.conf \/etc\/snort<\/pre>\n
# vi \/etc\/snort\/barnyard2.conf<\/pre>\n
348 #\u00a0\u00a0 output database: log, mysql, user=root password=test dbname=db host=localhost\r\n349 output database: log, mysql, user=snort password=snort dbname=snort_log host=localhost<\/pre>\n
cd \/usr\/local\/src\/barnyard2\/rpm<\/pre>\n
# install -m0755 barnyard2 \/etc\/rc.d\/init.d\/barnyrad2\r\n# ls -l \/etc\/rc.d\/init.d\/barnyrad2\r\n-rwxr-xr-x. 1 root root 1748 10\u6708 31 01:01 2014 \/etc\/rc.d\/init.d\/barnyrad2\r\n# install -m0644 barnyard2.config \/etc\/sysconfig\/barnyrad2\r\n# ls -l \/etc\/sysconfig\/barnyrad2\r\n-rw-r--r--. 1 root root 248 10\u6708 31 01:01 2014 \/etc\/sysconfig\/barnyrad2<\/pre>\n
# locate barnyard2 | grep create_mysql\r\n\/usr\/local\/src\/barnyard2\/schemas\/create_mysql<\/pre>\n
mysql> grant INSERT,SELECT on snort_log.* to snort@localhost;\r\nQuery OK, 0 rows affected (0.01 sec)<\/pre>\n
# mysql -u root snort_log < create_mysql<\/pre>\n
mysql> show tables;\r\n+---------------------+\r\n| Tables_in_snort_log |\r\n+---------------------+\r\n| data\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| detail\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| encoding\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| event\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| icmphdr\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| iphdr\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| opt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| reference\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| reference_system\u00a0\u00a0\u00a0 |\r\n| schema\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| sensor\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| sig_class\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| sig_reference\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| signature\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| tcphdr\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| udphdr\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n+---------------------+\r\n16 rows in set (0.00 sec)<\/pre>\n
Oct 31 01:06:39 \"01 snort[10324]: FATAL ERROR: \/etc\/snort\/snort.conf(256) Could not stat dynamic module path \"\/usr\/local\/lib\/snort_dynamicrules\": No such file or directory.#012<\/pre>\n
# mkdir -p \/usr\/local\/lib\/snort_dynamicrules\r\n# chown -R snort:snort \/usr\/local\/lib\/snort_dynamicrules\r\n# chmod -R 700 \/usr\/local\/lib\/snort_dynamicrules<\/pre>\n
Oct 31 01:10:44 \"01 snort[10782]: FATAL ERROR: \/etc\/snort\/\/etc\/snort\/rules\/local.rules(0) Unable to open rules file \"\/etc\/snort\/\/etc\/snort\/rules\/local.rules\": No such file or directory.#012<\/pre>\n
# cp -p\u00a0 \/etc\/snort\/rules\/community.rules \/etc\/snort\/rules\/local.rules<\/pre>\n
Oct 31 01:15:01 \"01 snort[11205]: FATAL ERROR: \/etc\/snort\/\/etc\/snort\/rules\/app-detect.rules(0) Unable to open rules file \"\/etc\/snort\/\/etc\/snort\/rules\/app-detect.rules\": No such file or directory.#012<\/pre>\n
# vi \/etc\/sysconfig\/snort\r\n# LOGDIR=\/var\/log\/snort<\/pre>\n
# vi \/etc\/snort\/barnyard2.conf\r\n\r\n54 #config logdir: \/tmp\r\n55 config logdir: \/var\/log\/snort_log\r\n71 #config hostname:\u00a0\u00a0 thor\r\n72 #config interface:\u00a0 eth0\r\n73 config hostname:\u00a0\u00a0 localhost\r\n74 config interface:\u00a0 eth0<\/pre>\n
# mkdir \/var\/log\/snort_log\r\n# chmod 666 \/var\/log\/snort_log<\/pre>\n
# chmod 666 \/var\/log\/snort_log\r\n# touch \/var\/log\/snort\/snort_log.waldo<\/pre>\n
\n\u30de\u30cb\u30e5\u30a2\u30eb\u306f\u826f\u304f\u8aad\u3082\u3046\u306a(\u00b4\u30fb\u03c9\u30fb`)<\/p>\n# touch \/etc\/snort\/rules\/white_list.rules\r\n# touch \/etc\/snort\/rules\/brack_list.rules<\/pre>\n
515\u00a0\u00a0\u00a0 #whitelist $WHITE_LIST_PATH\/white_list.rules,\r\n516\u00a0\u00a0\u00a0 #blacklist $BLACK_LIST_PATH\/black_list.rules\r\n517\u00a0\u00a0\u00a0 whitelist \/etc\/snort\/rules\/white_list.rules, \\\r\n518\u00a0\u00a0\u00a0 blacklist \/etc\/snort\/rules\/\/black_list.rules<\/pre>\n
DB\u3092\u4f5c\u308a\u76f4\u3057\u3066\u7d42\u308f\u308a\u307e\u3057\u305f\u3002\r\n# mysql -D snort -u root < \/usr\/local\/src\/barnyard2\/schemas\/create_mysql<\/pre>\n
# .\/barnyard2 -c \/etc\/snort\/barnyard2.conf -d \/var\/log\/snort -f merged.log -w \/var\/log\/snort\/barnyard2.waldo\r\n Running in Continuous mode<\/pre>\n
--== Initializing Barnyard2 ==--\r\n Initializing Input Plugins!\r\n Initializing Output Plugins!\r\n Parsing config file \"\/etc\/snort\/barnyard2.conf\"<\/pre>\n
+[ Signature Suppress list ]+\r\n ----------------------------\r\n +[No entry in Signature Suppress List]+\r\n ----------------------------\r\n +[ Signature Suppress list ]+<\/pre>\n
Barnyard2 spooler: Event cache size set to [2048]\r\n Log directory = \/var\/log\/barnyard2\r\n INFO database: Defaulting Reconnect\/Transaction Error limit to 10\r\n INFO database: Defaulting Reconnect sleep time to 5 second\r\n [ClassificationPullDataStore()]: No Classification found in database ...\r\n [SignaturePullDataStore()]: No signature found in database ...<\/pre>\n
--== Initialization Complete ==--\r\n\u3000______\u00a0\u00a0 -*> Barnyard2 <*-\r\n \/ ,,_\u00a0 \\\u00a0 Version 2.1.13 (Build 327)\r\n |o\"\u00a0 )~|\u00a0 By Ian Firns (SecurixLive): http:\/\/www.securixlive.com\/\r\n + '''' +\u00a0 (C) Copyright 2008-2013 Ian Firns <firnsy@securixlive.com>\r\nWARNING: Ignoring corrupt\/truncated waldofile '\/var\/log\/snort\/barnyard2.waldo'\r\n Waiting for new spool file<\/pre>\n
\n\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u30c7\u30fc\u30e2\u30f3\u3067\u306e\u8d77\u52d5\u304c\u3067\u304d\u306a\u3044\u3089\u3057\u3044\u3002<\/p>\n# service barnyard2 start\r\nSnort Output Processor (barnyard2) \u3092\u8d77\u52d5\u4e2d: \/bin\/bash: barnyard2: \u30b3\u30de\u30f3\u30c9\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\u5931\u6557]\r\n# whereis barnyard2\r\nbarnyard2: \/usr\/local\/bin\/barnyard2 \/usr\/local\/etc\/barnyard2.conf\r\n# vi \/etc\/init.d\/barnyard2<\/pre>\n
\n\u3044\u3058\u3063\u3066\u305f\u3089\u30a8\u30e9\u30fc\u306e\u5410\u304d\u65b9\u3082\u304a\u304b\u3057\u304f\u306a\u3063\u3066\u3057\u307e\u3063\u305f\u306e\u3067\u6cbb\u3057\u3088\u3046\u304c\u306a\u304f\u306a\u3063\u3061\u3063\u305f\u3002<\/p>\n\u3082\u30461\u56de\uff01\u3000Barnyard2\u3068\u3084\u3089\u3092\u5165\u308c\u3066\u307f\u3088\u3046\u304b<\/h2>\n
\n(*\u00b4\u03c9\uff40)<\/p>\n
\nThe Hacker Chronicles<\/a>
\nSnort, Barnyard2, Snorby and PulledPork Install on CentOS 6.5<\/a><\/p>\n# mkdir cd \/usr\/local\/src\/snort\r\n# cd \/usr\/local\/src\/snort\r\n# git clone https:\/\/github.com\/firnsy\/barnyard2.git barnyard2\r\nInitialized empty Git repository in \/usr\/local\/src\/snort\/barnyard2\/.git\/\r\nremote: Counting objects: 1071, done.\r\nremote: Total 1071 (delta 0), reused 0 (delta 0)\r\nReceiving objects: 100% (1071\/1071), 1.02 MiB | 389 KiB\/s, done.\r\nResolving deltas: 100% (690\/690), done.\r\n# cd barnyard2<\/pre>\n
.\/autogen.sh\r\n# .\/configure --with-mysql --with-mysql-libraries=\/usr\/lib64\/mysql\r\nmake && make install\r\n# cp rpm\/barnyard2 \/etc\/init.d\/\r\ncp: `\/etc\/init.d\/barnyard2' \u3092\u4e0a\u66f8\u304d\u3057\u3066\u3082\u3088\u308d\u3057\u3044\u3067\u3059\u304b(yes\/no)? yes\r\n#\r\n# chmod +x \/etc\/init.d\/barnyard2\r\n# cp rpm\/barnyard2.config \/etc\/sysconfig\/barnyard2\r\ncp: `\/etc\/sysconfig\/barnyard2' \u3092\u4e0a\u66f8\u304d\u3057\u3066\u3082\u3088\u308d\u3057\u3044\u3067\u3059\u304b(yes\/no)?\r\n# cp rpm\/barnyard2.config \/etc\/sysconfig\/barnyard2\r\ncp: `\/etc\/sysconfig\/barnyard2' \u3092\u4e0a\u66f8\u304d\u3057\u3066\u3082\u3088\u308d\u3057\u3044\u3067\u3059\u304b(yes\/no)? yes\r\n#<\/pre>\n
\n\u3093\u3067\u3001\u3084\u3063\u3068\u901a\u3063\u305f\u3088\u3046\u3067\u3059\u3002\u3084\u308c\u3084\u308c\u3060\u3088\u3002<\/p>\n#BARNYARD_OPTS=\"-D -c $CONF -d $SNORTDIR\/${INT} -w $WALDO_FILE -L $SNORTDIR\/${INT} -a $ARCHIVEDIR -f $LOG_FILE -X $PIDFILE $EXTRA_ARGS\"\r\nBARNYARD_OPTS=\"-D -c \/etc\/snort\/barnyard2.conf -d \/var\/log\/snort -f merged.log -w \/var\/log\/snort\/barnyard2.waldo -l $SNORTDIR\/${INT} -a $ARCHIVEDIR -f $LOG_FILE -X $PIDFILE $EXTRA_ARGS\"\r\ndaemon $prog $BARNYARD_OPTS<\/pre>\nsnort \u3092\u8d77\u52d5\u4e2d: Spawning daemon child...\r\nMy daemon child 7710 lives...\r\nDaemon parent exiting (0)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\u00a0 OK\u00a0 ]<\/pre>\n
# service barnyard2 start\r\nSnort Output Processor (barnyard2) \u3092\u8d77\u52d5\u4e2d:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\u00a0 OK\u00a0 ]<\/pre>\n
# vi \/etc\/snort\/snort.conf\r\ninclude $RULE_PATH\/community.rules\r\n\r\n# service barnyard2 restart\r\nSnort Output Processor (barnyard2) \u3092\u505c\u6b62\u4e2d:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\u00a0 OK\u00a0 ]\r\nSnort Output Processor (barnyard2) \u3092\u8d77\u52d5\u4e2d:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\u00a0 OK\u00a0 ]\r\n# service snortd restart\r\nsnort \u3092\u505c\u6b62\u4e2d:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\u00a0 OK\u00a0 ]\r\nsnort \u3092\u8d77\u52d5\u4e2d: Spawning daemon child...\r\nMy daemon child 9381 lives...\r\nDaemon parent exiting (0)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\u00a0 OK\u00a0 ]<\/pre>\n
** ORIGINAL DATAGRAM DUMP:\r\n117.41.229.139:7971 -> 133.242.178.136:9200\r\nTCP TTL:110 TOS:0x0 ID:256 IpLen:20 DgmLen:40\r\nSeq: 0x1E230000\r\n(12 more bytes of original packet)\r\n** END OF DUMP<\/pre>\n
\n\u305d\u3046\u3044\u3048\u3070\u3001\u30c6\u30fc\u30d6\u30eb\u306e\u4f5c\u6210\u306f\u4ed8\u5c5e\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3060\u3063\u305f\u306a\u3041\u3002<\/p>\nmysql> show table status;\r\n+------------------+--------+---------+------------+------+----------------+-------------+------------------+--------------+-----------+----------------+---------------------+---------------------+------------+-----------------+----------+----------------+---------+\r\n| Name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | Engine | Version | Row_format | Rows | Avg_row_length | Data_length | Max_data_length\u00a0 | Index_length | Data_free | Auto_increment | Create_time\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | Update_time\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | Check_time | Collation\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | Checksum | Create_options | Comment |\r\n+------------------+--------+---------+------------+------+----------------+-------------+------------------+--------------+-----------+----------------+---------------------+---------------------+------------+-----------------+----------+----------------+---------+\r\n| data\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | MyISAM |\u00a0\u00a0\u00a0\u00a0\u00a0 10 | Dynamic\u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0 0 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 |\u00a0 281474976710655 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1024 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 NULL | 2014-10-31 02:45:48 | 2014-10-31 02:45:48 | NULL\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | utf8_general_ci |\u00a0\u00a0\u00a0\u00a0 NULL |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| detail\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | MyISAM |\u00a0\u00a0\u00a0\u00a0\u00a0 10 | Dynamic\u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0 2 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 20 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 40 |\u00a0 281474976710655 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2048 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 NULL | 2014-10-31 02:45:48 | 2014-10-31 02:45:48 | NULL\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | utf8_general_ci |\u00a0\u00a0\u00a0\u00a0 NULL |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n| encoding<\/pre>\n