¿ù°£ Àα⠰Խù°

°Ô½Ã¹° 111°Ç
   
iptables·Î±× À̹ÌÁöÆÄÀÏ·Î º¯È¯
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2015-02-14 (Åä) 20:11 Á¶È¸ : 4896
±ÛÁÖ¼Ò :
                             

ÀÚ·áÃâó 


Afterglow ´Â psad¿¡ ÀÇÇØ ¸ð´ÏÅ͸µ µÇ°íÀÖ´Â iptables ·Î±×¸Þ¼¼Áö¸¦ ºñÁê¾óÀûÀ¸·Î À̹ÌÁöÇüÅ·Π¸¸µé¾îÁÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù.
½Ã½ºÅÛ³» ³²°ÜÁø iptables ·Î±×¸¦ ±â¹ÝÀ¸·Î  ÇØ´ç ·Î±×¸¦ ½Ã°¢È­Çϱâ ÁÁ°Ô À̹ÌÁöÆÄÀÏ·Î ¸¸µì´Ï´Ù.
¡Ø psad´Â IDS¿Í ºñ½ÁÇÑÇüÅ·Π¿î¿µµÇ¸ç iptables ·Î±× ¸Þ½ÃÁö¸¦ ÀÌ¿ëÇÏ¿© ŽÁö, °æ°í, ±×¸®°í (¼±ÅÃÀûÀ¸·Î) Æ÷Æ® ½ºÄµ°ú °°Àº Àǽɽº·¯¿î Æ®·¡ÇÈÀ» ¸ð´ÏÅ͸µ

Å×½ºÆ®¸¦ À§ÇØ 80¹ø Æ÷Æ®·Î Á¢±ÙÇÏ´Â ¸ðµç Æ÷Æ®¿¡ ´ëÇØ ·Î±×¸¦ ³²±â°í ºÐ¼®Çϵµ·Ï ÇÏ°Ú½À´Ï´Ù.

½Ã½ºÅÛ iptables ·Î±× ³²±â±â
iptables -I RH-Firewall-1-INPUT -p tcp --dport 80 -j LOG --log-prefix "80_ACCESS_LOG:"

¼³Ä¡
# yum install perl
# wget http://search.cpan.org/CPAN/authors/id/E/ER/ERANGEL/Text-CSV-0.5.tar.gz
# tar zxvf Text-CSV-0.5.tar.gz
# cd Text-CSV-0.5
# perl Makefile.PL
# make
# make install
# yum install graphviz
# wget http://downloads.sourceforge.net/project/afterglow/AfterGlow%201.x/1.6.2/afterglow-1.6.2.tar.gz
# tar zxvf afterglow-1.6.2.tar.gz
# cd afterglow
# yum install psad
# touch /var/log/firewall.log
# psad --CSV --CSV-fields "src dst dp sp" --CSV-max 1000 -m /var/log/firewall.log | perl /usr/local/src/afterglow/src/perl/graph/afterglow.pl -c /usr/local/src/afterglow/src/perl/parsers/color.properties | neato -Tjpg -o iptable_graph03.jpg


¾à...5ºÐÁ¤µµ ·Î±×¸¦ ³²±â°í À̹ÌÁö·Î º¯È¯
RED - IP addresses external to the honeynet (attackers, scanners, etc.)
YELLOW - Honeynet IP addresses
BLUE - Port numbers (> 1024)
LIGHTBLUE - Port numbers (<= 1024)



À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.