ÀÚ·áÃâó
Afterglow ´Â psad¿¡ ÀÇÇØ ¸ð´ÏÅ͸µ µÇ°íÀÖ´Â iptables ·Î±×¸Þ¼¼Áö¸¦ ºñÁê¾óÀûÀ¸·Î À̹ÌÁöÇüÅ·Π¸¸µé¾îÁÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù.
½Ã½ºÅÛ³» ³²°ÜÁø iptables ·Î±×¸¦ ±â¹ÝÀ¸·Î ÇØ´ç ·Î±×¸¦ ½Ã°¢ÈÇϱâ ÁÁ°Ô À̹ÌÁöÆÄÀÏ·Î ¸¸µì´Ï´Ù.
¡Ø psad´Â IDS¿Í ºñ½ÁÇÑÇüÅ·Π¿î¿µµÇ¸ç iptables ·Î±× ¸Þ½ÃÁö¸¦ ÀÌ¿ëÇÏ¿© ŽÁö, °æ°í, ±×¸®°í (¼±ÅÃÀûÀ¸·Î) Æ÷Æ® ½ºÄµ°ú °°Àº Àǽɽº·¯¿î Æ®·¡ÇÈÀ» ¸ð´ÏÅ͸µ
Å×½ºÆ®¸¦ À§ÇØ 80¹ø Æ÷Æ®·Î Á¢±ÙÇÏ´Â ¸ðµç Æ÷Æ®¿¡ ´ëÇØ ·Î±×¸¦ ³²±â°í ºÐ¼®Çϵµ·Ï ÇÏ°Ú½À´Ï´Ù.
½Ã½ºÅÛ iptables ·Î±× ³²±â±â
# iptables -I RH-Firewall-1-INPUT -p tcp --dport 80 -j LOG --log-prefix "80_ACCESS_LOG:"
¼³Ä¡
# yum install perl
# wget http://search.cpan.org/CPAN/authors/id/E/ER/ERANGEL/Text-CSV-0.5.tar.gz
# tar zxvf Text-CSV-0.5.tar.gz
# cd Text-CSV-0.5
# perl Makefile.PL
# make
# make install
# yum install graphviz
# wget http://downloads.sourceforge.net/project/afterglow/AfterGlow%201.x/1.6.2/afterglow-1.6.2.tar.gz
# tar zxvf afterglow-1.6.2.tar.gz
# cd afterglow
# yum install psad
# touch /var/log/firewall.log
# psad --CSV --CSV-fields "src dst dp sp" --CSV-max 1000 -m /var/log/firewall.log | perl /usr/local/src/afterglow/src/perl/graph/afterglow.pl -c /usr/local/src/afterglow/src/perl/parsers/color.properties | neato -Tjpg -o iptable_graph03.jpg
¾à...5ºÐÁ¤µµ ·Î±×¸¦ ³²±â°í À̹ÌÁö·Î º¯È¯
RED - IP addresses external to the honeynet (attackers, scanners, etc.)
YELLOW - Honeynet IP addresses
BLUE - Port numbers (> 1024)
LIGHTBLUE - Port numbers (<= 1024)