Professional Documents
Culture Documents
Ferramentas de Diagnstico
de Segurana
Prof. Humberto Caetano
Faculdade Santo Agostinho
Ps-Graduao em Redes de Computadores
Tripwire
2015
2.19
Tripwire
Instalando o Tripwire
2015
3.19
Tripwire
2015
4.19
Configurando o Tripwire
2015
5.19
Configurando o Tripwire
2015
6.19
Configurando o Tripwire
2015
7.19
Configurando o Tripwire
# tripwire --check
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
2015
8.19
Nessus
2015
9.19
Instalando
http://www.tenable.com/download/
# dpkg -i Nessus-5.0.1-debian6_i386.deb
# /etc/init.d/nessusd start
2015
10.19
SNORT
2015
11.19
SNORT
Virtudes do SNORT
2015
Extremamente Flexvel:
Anomalias no Protocolo.
Anomalias no Comportamento.
Velocidade de Inovao.
Velocidade de Refinamento.
12.19
SNORT
Fraquezas do SNORT
Performance Modesta:
2015
Configurao do Sensor.
Gerenciamento de Regras.
13.19
2015
Instalao
14.19
2015
Instalao
# vim /etc/snort/snort.conf
15.19
2015
# vim /etc/snort/rules/local.rules
alert icmp $EXTERNAL_NET any ->
$HOME_NET any (msg:"ICMP Test NOW!!!";
classtype:not-suspicious; sid:1000001; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET
80 (msg:"HTTP Test NOW!!!"; classtype:notsuspicious; sid:1000002; rev:1;)
Humberto Caetano @FSA
Ps Graduao em Redes de Computadores
16.19
# snort -i eth0 -v
(Analisando as configuraes)
2015
17.19
2015
# ping IP.IP.IP.IP
# telnet IP.IP.IP.IP 80
18.19
2015
# ls -lt /var/log/snort
# cd /var/log/snort
# tcpdump -n -e -r tcpdump.log.[data_captura]
19.19