security:ips:suricata
Inhaltsverzeichnis
Commands
ssh firewall sudo vi /etc/suricata/rules/suricata.rules sudo service suricata restart tail -f /var/log/suricata/eve.json tail -f /var/log/suricata/fast.log tail -f /var/log/suricata/suricata-start.log tail -f /var/log/suricata/suricata.log
Suricata Rules
Directory Traversal
drop http any any -> 192.168.10.2 80 (msg:"Directory traversal attempt"; content:"name=..%2F"; classtype:web-application-attack; sid:1000001; rev:1;)
Webshell
drop http any any -> 192.168.10.2 80 (msg:"Webshell attempt"; content:"/images.php?id="; classtype:web-application-attack; sid:1000011; rev:1;)
security/ips/suricata.txt · Zuletzt geändert: von rsi