https://wiki.hkfree.org/index.php?title=IDS_SELKS_5_s_MikroTik_CCR_na_b%C3%A1zi_Packet_Sniffer&feed=atom&action=history
IDS SELKS 5 s MikroTik CCR na bázi Packet Sniffer - Historie editací
2024-03-28T22:29:08Z
Historie editací této stránky
MediaWiki 1.34.1
https://wiki.hkfree.org/index.php?title=IDS_SELKS_5_s_MikroTik_CCR_na_b%C3%A1zi_Packet_Sniffer&diff=13648&oldid=prev
Bkralik: Lehka zmena stylu
2019-01-31T11:10:39Z
<p>Lehka zmena stylu</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="cs">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Starší verze</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Verze z 31. 1. 2019, 11:10</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l17" >Řádek 17:</td>
<td colspan="2" class="diff-lineno">Řádek 17:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>7) zakládám script: <code>nano ~/trigger/tap.sh</code>, který využívá '''tcpreplay''' na vytvořeném ''dummy'':</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>7) zakládám script: <code>nano ~/trigger/tap.sh</code>, který využívá '''tcpreplay''' na vytvořeném ''dummy'':</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><<del class="diffchange diffchange-inline">code</del>>#!/bin/bash<del class="diffchange diffchange-inline"><br></del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><<ins class="diffchange diffchange-inline">source lang="bash"</ins>></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"></code></del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>#!/bin/bash</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>/sbin/modprobe dummy</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"><code></del>/sbin/modprobe dummy<del class="diffchange diffchange-inline"></code></del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>/sbin/ip link set name eth10 dev dummy0</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>/sbin/ifconfig eth10 192.168.42.42</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"><code></del>/sbin/ip link set name eth10 dev dummy0<del class="diffchange diffchange-inline"></code></del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>/usr/bin/screen -dm -S tzsp2pcap bash -c "/usr/local/sbin/tzsp2pcap -f | /usr/bin/tcpreplay --topspeed -i eth10 -"</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></<ins class="diffchange diffchange-inline">source</ins>></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"><code></del>/sbin/ifconfig eth10 192.168.42.42<del class="diffchange diffchange-inline"></code></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"><code></del>/usr/bin/screen -dm -S tzsp2pcap bash -c "/usr/local/sbin/tzsp2pcap -f | /usr/bin/tcpreplay --topspeed -i eth10 -"</<del class="diffchange diffchange-inline">code</del>></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>8) <code>chmod +x ~/trigger/tap.sh</code></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>8) <code>chmod +x ~/trigger/tap.sh</code></div></td></tr>
</table>
Bkralik
https://wiki.hkfree.org/index.php?title=IDS_SELKS_5_s_MikroTik_CCR_na_b%C3%A1zi_Packet_Sniffer&diff=13647&oldid=prev
PaTaNiNho v 31. 1. 2019, 11:00
2019-01-31T11:00:03Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="cs">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Starší verze</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Verze z 31. 1. 2019, 11:00</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l7" >Řádek 7:</td>
<td colspan="2" class="diff-lineno">Řádek 7:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>2) Packet Sniffer v rOS používá ke streamování TZSP UDP protokol, se kterým '''Suricata''' (Snort) nedokáže pracovat</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>2) Packet Sniffer v rOS používá ke streamování TZSP UDP protokol, se kterým '''Suricata''' (Snort) nedokáže pracovat</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>3) existuje ultilita '''<del class="diffchange diffchange-inline">tzsp2pca</del>''' - https://github.com/thefloweringash/tzsp2pcap (<code>git clone</code>)</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>3) existuje ultilita '''<ins class="diffchange diffchange-inline">tzsp2pcap</ins>''' - https://github.com/thefloweringash/tzsp2pcap (<code>git clone</code>)</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>4) pro kompilaci instaluji: <code>apt-get install build-essential libpcap0.8-dev</code></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>4) pro kompilaci instaluji: <code>apt-get install build-essential libpcap0.8-dev</code></div></td></tr>
</table>
PaTaNiNho
https://wiki.hkfree.org/index.php?title=IDS_SELKS_5_s_MikroTik_CCR_na_b%C3%A1zi_Packet_Sniffer&diff=13646&oldid=prev
PaTaNiNho: informace o screen
2019-01-31T10:52:03Z
<p>informace o screen</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="cs">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Starší verze</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Verze z 31. 1. 2019, 10:52</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l32" >Řádek 32:</td>
<td colspan="2" class="diff-lineno">Řádek 32:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>9) dle návodu na https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1 spouštím <code>selks-first-time-setup_stamus.sh</code> a nastavuji jako sledovací síťovku '''eth10''' (vytvořená z dummy)</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>9) dle návodu na https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1 spouštím <code>selks-first-time-setup_stamus.sh</code> a nastavuji jako sledovací síťovku '''eth10''' (vytvořená z dummy)</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>10) spouštím svůj <code>./tap.sh</code> script</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>10) spouštím svůj <code>./tap.sh</code> script <ins class="diffchange diffchange-inline">(vytvoří session ve ''screen'' - možno zkontrolovat pomocí <code>screen -ls</code> či přímo <code>screen -r</code>)</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>11) pomocí winbox na rOS: '''Tools > Packet Sniffer''' - ''Streaming'' > ''Streaming Enabled'' ON a ''Server'' IP na IDS - pak spustím pomocí '''START'''</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>11) pomocí winbox na rOS: '''Tools > Packet Sniffer''' - ''Streaming'' > ''Streaming Enabled'' ON a ''Server'' IP na IDS - pak spustím pomocí '''START'''</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>12) výstup by měl být funkční a viditelný v https na IDS server (viz https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1)</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>12) výstup by měl být funkční a viditelný v https na IDS server (viz https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1)</div></td></tr>
</table>
PaTaNiNho
https://wiki.hkfree.org/index.php?title=IDS_SELKS_5_s_MikroTik_CCR_na_b%C3%A1zi_Packet_Sniffer&diff=13644&oldid=prev
PaTaNiNho: přidáno několik podrobnějších kroků pro konfigurace
2019-01-31T10:46:24Z
<p>přidáno několik podrobnějších kroků pro konfigurace</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="cs">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Starší verze</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Verze z 31. 1. 2019, 10:46</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l28" >Řádek 28:</td>
<td colspan="2" class="diff-lineno">Řádek 28:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>/usr/bin/screen -dm -S tzsp2pcap bash -c "/usr/local/sbin/tzsp2pcap -f | /usr/bin/tcpreplay --topspeed -i eth10 -"</code></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>/usr/bin/screen -dm -S tzsp2pcap bash -c "/usr/local/sbin/tzsp2pcap -f | /usr/bin/tcpreplay --topspeed -i eth10 -"</code></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>8) <del class="diffchange diffchange-inline">dle návodu na https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1 spouštím </del><code><del class="diffchange diffchange-inline">selks-first-time-setup_stamus</del>.sh</code> <del class="diffchange diffchange-inline">a nastavuji jako sledovací síťovku '''eth10''' (vytvořená z dummy)</del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>8) <code><ins class="diffchange diffchange-inline">chmod +x ~/trigger/tap</ins>.sh</code></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>9) <del class="diffchange diffchange-inline">pomocí winbox </del>na <del class="diffchange diffchange-inline">rOS</del>: <del class="diffchange diffchange-inline">'''Tools </del>> <del class="diffchange diffchange-inline">Packet Sniffer''' </del>- <del class="diffchange diffchange-inline">''Streaming'' </del>> <del class="diffchange diffchange-inline">''Streaming Enabled'' ON </del>a <del class="diffchange diffchange-inline">''Server'' IP na IDS - pak spustím pomocí </del>'''<del class="diffchange diffchange-inline">START</del>'''</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>9) <ins class="diffchange diffchange-inline">dle návodu </ins>na <ins class="diffchange diffchange-inline">https</ins>:<ins class="diffchange diffchange-inline">//github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1 spouštím <code</ins>><ins class="diffchange diffchange-inline">selks-first-time</ins>-<ins class="diffchange diffchange-inline">setup_stamus.sh</code</ins>> a <ins class="diffchange diffchange-inline">nastavuji jako sledovací síťovku </ins>'''<ins class="diffchange diffchange-inline">eth10</ins>''' <ins class="diffchange diffchange-inline">(vytvořená z dummy)</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>10) výstup by měl být funkční a viditelný v https na IDS server (viz https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1)</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>10<ins class="diffchange diffchange-inline">) spouštím svůj <code>./tap.sh</code> script</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">11) pomocí winbox na rOS: '''Tools > Packet Sniffer''' - ''Streaming'' > ''Streaming Enabled'' ON a ''Server'' IP na IDS - pak spustím pomocí '''START'''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">12</ins>) výstup by měl být funkční a viditelný v https na IDS server (viz https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1)</div></td></tr>
</table>
PaTaNiNho
https://wiki.hkfree.org/index.php?title=IDS_SELKS_5_s_MikroTik_CCR_na_b%C3%A1zi_Packet_Sniffer&diff=13643&oldid=prev
PaTaNiNho: přidání odkazu na LVM zde na wiki
2019-01-31T10:42:04Z
<p>přidání odkazu na LVM zde na wiki</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="cs">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Starší verze</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Verze z 31. 1. 2019, 10:42</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l3" >Řádek 3:</td>
<td colspan="2" class="diff-lineno">Řádek 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Kdyby si s tím chtěl někdo v budoucnu také hrát, uvádím zde pár kroků, jak jsem postupoval:</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Kdyby si s tím chtěl někdo v budoucnu také hrát, uvádím zde pár kroků, jak jsem postupoval:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>1) samotná instalace '''SELKS''' (virtual 2CPUs, 6GB RAM, 2x 60 GB HDD - nastaven SW RAID1 a LVM)</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>1) samotná instalace '''SELKS''' (virtual 2CPUs, 6GB RAM, 2x 60 GB HDD - nastaven SW RAID1 a <ins class="diffchange diffchange-inline">[[</ins>LVM <ins class="diffchange diffchange-inline">- Logical Volume Management|LVM]]</ins>)</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>2) Packet Sniffer v rOS používá ke streamování TZSP UDP protokol, se kterým '''Suricata''' (Snort) nedokáže pracovat</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>2) Packet Sniffer v rOS používá ke streamování TZSP UDP protokol, se kterým '''Suricata''' (Snort) nedokáže pracovat</div></td></tr>
</table>
PaTaNiNho
https://wiki.hkfree.org/index.php?title=IDS_SELKS_5_s_MikroTik_CCR_na_b%C3%A1zi_Packet_Sniffer&diff=13642&oldid=prev
PaTaNiNho: první verze návody
2019-01-31T10:36:10Z
<p>první verze návody</p>
<p><b>Nová stránka</b></p><div>Uvádím stručný návod pro rozjetí IDS na bázi SELKS (https://github.com/StamusNetworks/SELKS) skrze ten mikroťácký '''Packet Sniffer'''. Je to tedy pro případ, kdy není možné použít doporučovaný ''Port Mirroring'', který funguje na úrovni switchů. Více o této problematice naleznete kupříkladu zde: http://www.mikrotikminute.com/how-to-do-a-packet-capture-with-mikrotik-routers-part-2/.<br />
<br />
Kdyby si s tím chtěl někdo v budoucnu také hrát, uvádím zde pár kroků, jak jsem postupoval:<br />
<br />
1) samotná instalace '''SELKS''' (virtual 2CPUs, 6GB RAM, 2x 60 GB HDD - nastaven SW RAID1 a LVM)<br />
<br />
2) Packet Sniffer v rOS používá ke streamování TZSP UDP protokol, se kterým '''Suricata''' (Snort) nedokáže pracovat<br />
<br />
3) existuje ultilita '''tzsp2pca''' - https://github.com/thefloweringash/tzsp2pcap (<code>git clone</code>)<br />
<br />
4) pro kompilaci instaluji: <code>apt-get install build-essential libpcap0.8-dev</code><br />
<br />
5) kompiluji: <code>cc -std=gnu99 -o tzsp2pcap -Wall -Wextra -pedantic -O2 -lpcap tzsp2pcap.c</code><br />
<br />
6) výsledný '''tzsp2pcap''' přesouvám: <code>mv tzsp2pcap /usr/local/sbin/</code><br />
<br />
7) zakládám script: <code>nano ~/trigger/tap.sh</code>, který využívá '''tcpreplay''' na vytvořeném ''dummy'':<br />
<br />
<code>#!/bin/bash<br><br />
</code><br />
<br />
<code>/sbin/modprobe dummy</code><br />
<br />
<code>/sbin/ip link set name eth10 dev dummy0</code><br />
<br />
<code>/sbin/ifconfig eth10 192.168.42.42</code><br />
<br />
<code>/usr/bin/screen -dm -S tzsp2pcap bash -c "/usr/local/sbin/tzsp2pcap -f | /usr/bin/tcpreplay --topspeed -i eth10 -"</code><br />
<br />
8) dle návodu na https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1 spouštím <code>selks-first-time-setup_stamus.sh</code> a nastavuji jako sledovací síťovku '''eth10''' (vytvořená z dummy)<br />
<br />
9) pomocí winbox na rOS: '''Tools > Packet Sniffer''' - ''Streaming'' > ''Streaming Enabled'' ON a ''Server'' IP na IDS - pak spustím pomocí '''START'''<br />
<br />
10) výstup by měl být funkční a viditelný v https na IDS server (viz https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1)</div>
PaTaNiNho