Click here for "Error Codes for Commercial Air Conditioners".

Rocky Linux8.4 ; Tripwire, Chkrootkit and Snort installed

1.Tripwire Installation

1.1 Download and install

If you get a dependency error, enter the following
again

1-2. initialization

1-3. Configuring Tripwire

1-4. Create a Tripwire configuration file (cryptographically signed version)

1-5. Policy file settings

1-6. Policy file optimization

1-7. Create policy file (cryptographically signed version)

Delete policy file (text version)

1-8. Create a database

Create a database

1-9. Tripwire Periodic Execution Script

①Create a Tripwire autorun script (tripwire.sh)

➁Add Tripwire to cron to be run periodically

Actually.
# If running /var/www/system/tripwire.sh shows no mail command
Do the following

2.chkrootkit installation

2.1 Download and install chkrootkit

2.2 Check chkrootkit

The "/sbin/init" is a false positive, so it's not a problem.

2.3 Create a chkrootkit script and change its permissions

(in this case, create it in /opt, but it is optional).

Set cron to run chkrootkit periodically.

(Startup time can be set arbitrarily.)

3.SNORT Installation

Snort is an open source network intrusion detection system that can perform real-time traffic analysis and packet logging on IP networks.

It can perform "protocol analysis", "content search", and "matching", and can be used to detect a variety of attacks such as "buffer overflow", "stealth port scan", "CGI attack", "SMB probe", "OS fingerprinting attempt", "semantic URL attack", and "server message block probe".

3.1 Install the required libraries.

3.2 Install DAQ

3.3 Install Snort OpenAppID

3.4 Install a temporary release file to use the RPC library

3.5 Download and install SNORT.

3.6 Remove the temporary release file installed in 3.3.

3.7 SNORT user and group creation

3.8 Create SNORT directory and rule files

3.9 PulledPork rule management policy

3.10 Build the PulledPork configuration file.

3.11 Create a PulledPork disabled rule file

3.12 Run the PulledPork script.

3.13 Build the Snort threshold file

3.14 Build the local rule file

3.15 Build the capture filter file.

3.16 Build the ipvar include file

 3.17 Snort configuration file editing

3.18 Creating the Snort Service

3.19 Create a Snort log rotation configuration file

3.20 Create a Snort rule update script

3.21 Periodic execution of Snort rule update script

タイトルとURLをコピーしました