Home >Operation and Maintenance >Linux Operation and Maintenance >How to Protect CentOS Servers Using Network Intrusion Detection Systems (NIDS)
How to use Network Intrusion Detection System (NIDS) to protect CentOS servers
Introduction:
In modern network environments, server security is crucial. Attackers use a variety of means to try to break into our servers and steal sensitive data or compromise systems. To ensure server security, we can use a Network Intrusion Detection System (NIDS) for real-time monitoring and detection of potential attacks.
This article will introduce how to configure and use NIDS on CentOS server to protect the server.
Step 1: Install and configure SNORT
SNORT is an open source intrusion detection system that we can use to monitor network traffic and detect possible attacks. First, we need to install SNORT.
yum install epel-release yum install snort
cp /etc/snort/snort.conf /etc/snort/snort.conf.backup vim /etc/snort/snort.conf
include $RULE_PATH/local.rules include $RULE_PATH/snort.rules include $RULE_PATH/community.rules
Step 2: Configure NIDS rules
In SNORT, rules are used to define the types of attacks we wish to detect. We can use an existing rule set or create custom rules.
cd /etc/snort/rules/
wget https://www.snort.org/downloads/community/community-rules.tar.gz tar -xvf community-rules.tar.gz
vim custom.rules
alert tcp any any -> any any (msg:"Possible SSH brute force attack"; flow:from_client,established; content:"SSH-"; threshold:type limit, track by_src, count 5, seconds 60; sid:10001; rev:1;)
Step 3: Start SNORT and monitor traffic
After configuring SNORT and rules, we can start SNORT and start monitoring traffic.
snort -A console -c /etc/snort/snort.conf -i eth0
Among them, -A console specifies to output the alert message to the console, -c /etc/snort/snort .conf specifies to use the SNORT configuration file we configured previously, and -i eth0 specifies the network interface to be monitored.
Step 4: Set up SNORT alarm notification
In order to get the alarm message in time, we can use the email notification function to send the alarm message to our email address.
yum install barnyard2 yum install sendmail
cp /etc/barnyard2/barnyard2.conf /etc/barnyard2/barnyard2.conf.backup vim /etc/barnyard2/barnyard2.conf
output alert_syslog_full output database: log, mysql, user=snort password=snort dbname=snort host=localhost output alert_fast: snort.alert config reference_file: reference.config config classification_file:classification.config config gen_file: gen-msg.map config sid_file: sid-msg.map
output alert_full: alert.full output log_unified2: filename unified2.log, limit 128 output smtp: email@example.com
barnyard2 -c /etc/barnyard2/barnyard2.conf -d /var/log/snort/
Conclusion:
It is very important to protect our CentOS servers by deploying a Network Intrusion Detection System (NIDS). We can use SNORT to monitor network traffic and detect potential attacks. By following the steps in this article, we can configure SNORT and set up rules to monitor and protect our servers. In addition, we can also use the email notification function to obtain alert messages in time.
The above is the detailed content of How to Protect CentOS Servers Using Network Intrusion Detection Systems (NIDS). For more information, please follow other related articles on the PHP Chinese website!