Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- security:ips:suricata [2021/05/06 08:19] – angelegt rsi
+++ security:ips:suricata [2021/05/06 17:39] (aktuell) – rsi
@@ Zeile 1: / Zeile 1: @@
+====== Commands ======
+<code>
+ssh firewall
+sudo vi /etc/suricata/rules/suricata.rules
+sudo service suricata restart
+tail -f /var/log/suricata/eve.json
+tail -f /var/log/suricata/fast.log
+tail -f /var/log/suricata/suricata-start.log
+tail -f /var/log/suricata/suricata.log
+</code>
 ====== Suricata Rules ======
 ===== Directory Traversal =====
-alert http any any -> 192.168.6.4 80 (msg:"Directory traversal attempt"; flow:to_server,established; content:"/..%2f/"; http_raw_uri; classtype:web-application-attack; sid:1000001; rev:1;)
+<code>
-drop http any any -> 192.168.6.4 80 (msg:"Directory traversal attempt"; flow:to_server,established; content:"/..%2f/"; http_raw_uri; classtype:web-application-attack; sid:1000001; rev:1;)
+drop http any any -> 192.168.10.2 80 (msg:"Directory traversal attempt"; content:"name=..%2F"; classtype:web-application-attack; sid:1000001; rev:1;)
+</code>
-==== Webshell ====
+===== Webshell =====
+<code>
+drop http any any -> 192.168.10.2 80 (msg:"Webshell attempt"; content:"/images.php?id="; classtype:web-application-attack; sid:1000011; rev:1;)
+</code>