Mwedzi yakati wandei yapfuura takagovana pano pa blog iyo nhau yekusunungurwa kweiyo beta vhezheni yeSnort 3 y Aingova mazuva mashoma apfuura paitove neRC vhezheni yebazi idzva iri rekushandisa.
Kubva Cisco yakazivisa kuumbwa kwemumiriri wekutanga iyo yekudzivirira yekurwisa system Bvuta 3 (inozivikanwawo seiyo Snort ++ chirongwa), icho chave kushanda nekudzima kubva 2005. Iyo yakagadzikana vhezheni yakarongerwa kuburitswa mukati memwedzi.
Snort 3 yakanyatso fungisisa nezvechigadzirwa chigadzirwa uye kugadzirisa patsva dhizaini. Pakati penzvimbo dzakakosha dzebudiriro yeSnort 3: kurerutsa kumisikidzwa uye kuvhurwa kweSnort, kugadzirisa magadzirirwo, kurerutsa mutemo wekusika mutemo, uchiona wega zvibodzwa zvese, uchipa gamba rekuraira mutsara tara, mashandisiro kushingaira
Snort ine dhatabhesi yekurwiswa iyo inogara ichigadziriswa kuburikidza neinternet. Vashandisi vanogona kugadzira masiginecha anoenderana nehunhu hwekurwiswa kwenetiweki uye vozviisa kuSnort's siginecha tsamba yekutumira, hunhu hwenzvimbo iyi nekugovana kwaita kuti Snort ive yeanonyanya kufarirwa, kumusoro-uye-uye anozivikanwa netiweki-based IDS. Yakasimba mizhinji-yakapetwa neyakagovaniswa kuwana kweakasiyana maanodzora kune imwechete kugadzirisa.
Ndedzipi shanduko dziri muCR?
Shanduko kune imwe nyowani yekugadzirisa system yaitwa, iyo inopa yakareruka syntax uye inobvumidza kushandiswa kwezvinyorwa kugadzira zvine simba kumisikidza masisitimu. LuaJIT inoshandiswa kugadzirisa mafaira ekugadzirisa. LuaJIT-yakavakirwa plugins ine zvimwe zvekuwedzera zvemitemo uye chirongwa chekunyoresa.
Injini yakagadziridzwa kuti ione kurwisa, iyo mitemo yakagadziridzwa, kugona kusunga buffers mumitemo (inonamira buffers) kwakawedzerwa. Iyo Hyperscan yekutsvaga injini yakashandiswa, izvo zvakaita kuti zvikwanise kukurumidza uye kunyatso shandisa zvakakonzera mapatani anoenderana neyakajairwa matauriro mumitemo.
Yakawedzerwa nzira nyowani yekufungidzira yeHTTP iri chikamu chinotaura uye inovhara 99% yezviitiko zvinotsigirwa neiyo HTTP Evader bvunzo suite. Yakawedzera yekuongorora system yeHTTP / 2 traffic.
Kuita kwekudzika kwepaketi yekutarisa maitiro kwakagadziridzwa zvakanyanya. Multithreaded packet kugadzirisa kugona kwakawedzerwa, zvichigonesa kumisikidzwa panguva imwe chete kweakawanda tambo ane mapaketi vanobata uye ichipa mutsetse scalability zvichienderana nenhamba yeCPU cores.
Iyo yakajairika yekuchengetedza yekumisikidza uye hunhu matafura akaitwa, ayo akagovaniswa mune akasiyana masisitimu, ayo akanyanya kudzora ndangariro kushandiswa nekubvisa kudzokorora kweruzivo.
Nyowani yechiitiko logi inoshandisa fomati yeJSON uye inosanganisirwa zvirinyore nemapuratifomu ekunze senge Elastic Stack.
Shanduko kune modular akitekicha, iko kugona kwekuwedzera mashandiro kuburikidza ne plug-in yekubatanidza uye kumisikidza kweakakosha masisitimu nenzira yechinotsiva plug-ins. Parizvino, mazana emazana plugins akatoitwa Snort 3, Ivo vanovhara dzakasiyana nzvimbo dzekushandisa, semuenzaniso kukubvumidza iwe kuti uwedzere ako wega macodecs, nzira dzekutarisa, nzira dzekunyora, zviito uye sarudzo mumitemo.
Pane dzimwe shanduko dzinobuda pachena:
- Otomatiki kuona kweanomhanya masevhisi, kubvisa iko kudikanwa kwekushandisa nemaoko kududzira anoshanda network network
- Wakawedzera rutsigiro rwefaira kukurumidza kudarika zvigadziriso zvine chekuita nezvimiro zvekumisikidza. Iko kushandiswa kwe snort_config.lua uye SNORT_LUA_PATH kwakamiswa kurerutsa kumisikidza. Wakawedzera rutsigiro rwekudzosera zvakare marongero pane nhunzi;
- Iyo kodhi inopa kugona kushandisa iyo C ++ zvivakwa zvinotsanangurwa muC ++ 14 standard (gungano rinoda compiler inotsigira C ++ 14).
- A new VXLAN controller yakawedzerwa.
- Yakagadziridzwa kutsvaga kwemhando dzemukati nezvirimo uchishandisa yakagadziridzwa mamwe maitirwo eBoyer-Moore uye Hyperscan algorithms.
- Kumhanyisa kumisikidza nekushandisa tambo dzakawanda kuumba mapoka emitemo;
- Yakawedzera nyowani nyowani yekunyoresa.
- Iyo RNA (Real-nguva Network Kuzivisa) system yekuongorora yakawedzerwa, iyo inounganidza ruzivo nezve zviwanikwa, varidzi, kunyorera uye masevhisi anowanikwa pane network.
mabviro: https://blog.snort.org