Pengenalan | Bro ialah rangka kerja analisis rangkaian sumber terbuka yang memfokuskan pada pemantauan keselamatan rangkaian. Ia adalah hasil penyelidikan selama 15 tahun dan digunakan secara meluas oleh universiti, makmal penyelidikan, pusat superkomputer dan banyak lagi dalam komuniti sains terbuka. Ia dibangunkan terutamanya oleh Institut Sains Komputer Antarabangsa Berkeley dan Pusat Aplikasi Superkomputer Kebangsaan di Universiti Illinois di Urbana-Champaign. |
Ciri-ciri Bro termasuk:
Tutorial ini akan menunjukkan kepada anda cara membina daripada sumber dan memasang Bro pada pelayan Ubuntu 16.04.
PersediaanBro mempunyai banyak fail pergantungan:
Membina dari sumber juga memerlukan:
Mula-mula, pasang semua kebergantungan yang diperlukan dengan melaksanakan arahan berikut:
<span class="com" style="font-family: Consolas, Monaco, monospace;">#</span> <span class="kwd" style="font-family: Consolas, Monaco, monospace;">apt-get</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> install cmake </span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">make</span> <span class="kwd" style="font-family: Consolas, Monaco, monospace;">gcc</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> g</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">++</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> flex bison libpcap</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">-</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dev libssl</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">-</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dev python</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">-</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dev swig zlib1g</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">-</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dev</span>
Bro menggunakan GeoIP untuk geolokasi. Pasang versi IPv4 dan IPv6:
<span class="pln" style="font-family: Consolas, Monaco, monospace;">$ </span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">wget</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> http</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">:</span><span class="com" style="font-family: Consolas, Monaco, monospace;">//geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz</span> <span class="pln" style="font-family: Consolas, Monaco, monospace;">$wget http</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">:</span><span class="com" style="font-family: Consolas, Monaco, monospace;">//geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz</span>
Nyahzip kedua-dua pakej mampat ini:
<span class="pln" style="font-family: Consolas, Monaco, monospace;">$ gzip </span><span class="pun" style="font-family: Consolas, Monaco, monospace;">-</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">d </span><span class="typ" style="font-family: Consolas, Monaco, monospace;">GeoLiteCity</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dat</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">gz</span> <span class="pln" style="font-family: Consolas, Monaco, monospace;">$ gzip </span><span class="pun" style="font-family: Consolas, Monaco, monospace;">-</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">d </span><span class="typ" style="font-family: Consolas, Monaco, monospace;">GeoLiteCityv6</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dat</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">gz</span>
Alihkan fail yang telah dinyahzip ke
/usr/share/GeoIP
Di bawah direktori:
<span class="com" style="font-family: Consolas, Monaco, monospace;">#</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> mvGeoLiteCity</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dat </span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">usr</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">share</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="typ" style="font-family: Consolas, Monaco, monospace;">GeoIP</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="typ" style="font-family: Consolas, Monaco, monospace;">GeoIPCity</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dat</span> <span class="com" style="font-family: Consolas, Monaco, monospace;">#</span> <span class="kwd" style="font-family: Consolas, Monaco, monospace;">mv</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">GeoLiteCityv6</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dat </span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">usr</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">share</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="typ" style="font-family: Consolas, Monaco, monospace;">GeoIP</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="typ" style="font-family: Consolas, Monaco, monospace;">GeoIPCityv6</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">dat</span>
Kini, Bro boleh dibina dari sumber.
Bina BroVersi pembangunan Bro terkini boleh diperolehi melalui repositori "git". Jalankan arahan berikut:
$ git clone --recursive git://git.bro.org/bro
Pergi ke direktori klon dan hanya bina Bro menggunakan arahan berikut:
<span class="pln" style="font-family: Consolas, Monaco, monospace;">$ </span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">cd</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> bro</span> <span class="pln" style="font-family: Consolas, Monaco, monospace;">$ </span><span class="pun" style="font-family: Consolas, Monaco, monospace;">./</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">configure</span> <span class="pln" style="font-family: Consolas, Monaco, monospace;">$ </span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">make</span> make
Arahan mengambil sedikit masa untuk membina semuanya. Masa yang tepat bergantung pada prestasi pelayan.
Skrip "konfigurasi" boleh dilaksanakan dengan beberapa parameter untuk menentukan kebergantungan yang akan dibina, khususnya pilihan "--dengan-*".
Laksanakan dalam direktori "bro" yang diklon:
<span class="com" style="font-family: Consolas, Monaco, monospace;">#</span> <span class="kwd" style="font-family: Consolas, Monaco, monospace;">make</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> install</span>
Laluan pemasangan lalai ialah "/usr/local/bro".
Konfigurasi BroFail konfigurasi Bro terletak dalam direktori "/usr/local/bro/etcV. Terdapat tiga fail di sini:
Buka fail konfigurasi "broctl.cfg":
<span class="com" style="font-family: Consolas, Monaco, monospace;">#</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> $EDITOR </span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">usr</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">local</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">bro</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">etc</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">broctl</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">cfg</span>
Lihat "Mail Options" dan edit baris "MailTo" seperti berikut:
<span class="com" style="font-family: Consolas, Monaco, monospace;">#</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Recipient</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> address </span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">for</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> emails sent out by </span><span class="typ" style="font-family: Consolas, Monaco, monospace;">Bro</span> <span class="kwd" style="font-family: Consolas, Monaco, monospace;">and</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">BroControl</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">MailTo</span> <span class="pun" style="font-family: Consolas, Monaco, monospace;">=</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> admin@example</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">com</span>
Simpan dan tutup. Terdapat banyak pilihan lain, tetapi dalam kebanyakan kes lalai adalah cukup baik.
Pilih nod untuk dipantauDi luar kotak, Bro dikonfigurasikan untuk berjalan dalam mod kendiri. Dalam tutorial ini, kami sedang melakukan pemasangan kendiri, jadi tiada perubahan diperlukan. Walau bagaimanapun, sila lihat juga fail konfigurasi "node.cfg":
<span class="com" style="font-family: Consolas, Monaco, monospace;">#</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> $EDITOR </span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">usr</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">local</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">bro</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">etc</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">node</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">cfg</span>
Dalam bahagian "[bro]", anda sepatutnya melihat sesuatu seperti ini:
<span class="pun" style="font-family: Consolas, Monaco, monospace;">[</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">bro</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">]</span> <span class="pln" style="font-family: Consolas, Monaco, monospace;">type</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">=</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">standalone</span> <span class="pln" style="font-family: Consolas, Monaco, monospace;">host</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">=</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">localhost</span> <span class="kwd" style="font-family: Consolas, Monaco, monospace;">interface</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">=</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">eth0</span>
Sila pastikan "inferface" sepadan dengan antara muka rangkaian awam pelayan Ubuntu 16.04.
Simpan dan keluar.
Fail terakhir untuk diedit ialah "network.cfg". Buka dengan editor teks:
<span class="com" style="font-family: Consolas, Monaco, monospace;">#</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> $EDITOR </span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">usr</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">local</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">bro</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">etc</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">networks</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">cfg</span>
Secara lalai, anda sepatutnya melihat perkara berikut:
<span class="com" style="font-family: Consolas, Monaco, monospace;">#</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">List</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> of </span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">local</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> networks </span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">in</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> CIDR notation</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">,</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> optionally followed by a</span> <span class="com" style="font-family: Consolas, Monaco, monospace;">#</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> descriptive tag</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span> <span class="com" style="font-family: Consolas, Monaco, monospace;">#</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">For</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> example</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">,</span> <span class="str" style="font-family: Consolas, Monaco, monospace;">"10.0.0.0/8"</span> <span class="kwd" style="font-family: Consolas, Monaco, monospace;">or</span> <span class="str" style="font-family: Consolas, Monaco, monospace;">"fe80::/64"</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> are valid prefixes</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span> <span style="font-family: Consolas, Monaco, monospace;"> </span> <span class="lit" style="font-family: Consolas, Monaco, monospace;">10.0</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="lit" style="font-family: Consolas, Monaco, monospace;">0.0</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="lit" style="font-family: Consolas, Monaco, monospace;">8</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Private</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> IP space</span> <span class="lit" style="font-family: Consolas, Monaco, monospace;">172.16</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="lit" style="font-family: Consolas, Monaco, monospace;">0.0</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="lit" style="font-family: Consolas, Monaco, monospace;">12</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Private</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> IP space</span> <span class="lit" style="font-family: Consolas, Monaco, monospace;">192.168</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="lit" style="font-family: Consolas, Monaco, monospace;">0.0</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="lit" style="font-family: Consolas, Monaco, monospace;">16</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Private</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> IP space</span>
Padamkan tiga entri ini (ini hanyalah contoh cara menggunakan fail ini) dan masukkan ruang IP awam dan peribadi pelayan anda dalam format berikut:
<span class="pln" style="font-family: Consolas, Monaco, monospace;">X</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">X</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">X</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">X</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">X </span><span class="typ" style="font-family: Consolas, Monaco, monospace;">Public</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> IP space</span> <span class="pln" style="font-family: Consolas, Monaco, monospace;">X</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">X</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">X</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">.</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">X</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">X </span><span class="typ" style="font-family: Consolas, Monaco, monospace;">Private</span><span class="pln" style="font-family: Consolas, Monaco, monospace;"> IP space</span>
Simpan dan keluar.
Gunakan BroControl untuk menguruskan pemasangan BroMenguruskan Bro memerlukan penggunaan BroControl, yang menyokong kedua-dua shell interaktif dan alatan baris arahan. Mulakan cangkerang ini:
<span class="com" style="font-family: Consolas, Monaco, monospace;"># /usr/</span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">local</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">bro</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">bin</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">broctl</span>
Untuk menggunakan alat baris arahan, hanya hantar argumen kepada arahan sebelumnya, sebagai contoh:
<span class="com" style="font-family: Consolas, Monaco, monospace;"># /usr/</span><span class="kwd" style="font-family: Consolas, Monaco, monospace;">local</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">bro</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">bin</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">/</span><span class="pln" style="font-family: Consolas, Monaco, monospace;">broctl status</span>
Ini akan menyemak status Bro dengan memaparkan output berikut:
<span class="typ" style="font-family: Consolas, Monaco, monospace;">Name</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Type</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Host</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Status</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Pid</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Started</span> <span class="pln" style="font-family: Consolas, Monaco, monospace;">bro standalone localhost running </span><span class="lit" style="font-family: Consolas, Monaco, monospace;">6807</span> <span class="lit" style="font-family: Consolas, Monaco, monospace;">20</span> <span class="typ" style="font-family: Consolas, Monaco, monospace;">Jul</span> <span class="lit" style="font-family: Consolas, Monaco, monospace;">12</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">:</span><span class="lit" style="font-family: Consolas, Monaco, monospace;">30</span><span class="pun" style="font-family: Consolas, Monaco, monospace;">:</span><span class="lit" style="font-family: Consolas, Monaco, monospace;">50</span>
Ini adalah tutorial pemasangan Bro. Kami menggunakan pemasangan berasaskan sumber kerana ia merupakan cara paling cekap untuk mendapatkan versi terkini yang tersedia, tetapi rangka kerja analisis rangkaian juga tersedia untuk dimuat turun dalam format binari pra-bina.
Jumpa lagi lain kali!
Atas ialah kandungan terperinci Mengkonfigurasi Bro pada Ubuntu 16.04: Alat Perkasa untuk Analisis Rangkaian. Untuk maklumat lanjut, sila ikut artikel berkaitan lain di laman web China PHP!