Kwiinyanga ezininzi ezidlulileyo sabelana apha kwiblogi iindaba zokukhutshwa kwenguqulo ye-beta ye-Snort 3 y Kwakuphela iintsuku ezimbalwa ezidlulileyo ukuba sele sinayo inguqulo yeRC kweli sebe elitsha lesicelo.
Ukususela UCisco ubhengeze ukusekwa komgqatswa wokukhulula inkqubo yokuthintela ukuhlaselwa Vuma 3 (eyaziwa ngokuba yiprojekthi ye-Snort ++), esele isetyenzwe rhoqo ukususela ngo-2005. Inguqu ezinzileyo icwangciselwe ukukhutshwa kwinyanga enye.
I-Snort 3 iye yaphinda yacinga ngokutsha ingcamango yemveliso kwaye yahlengahlengisa ulwakhiwo. Phakathi kweendawo eziphambili zophuhliso lwe-Snort 3: ukwenza lula uqwalaselo kunye nokuqaliswa kweSnort, uqwalaselo oluzenzekelayo, lula ulwimi lokudala umthetho, ukubona ngokuzenzekelayo zonke iiprothokholi, unikeze iqokobhe lolawulo lomgca womyalelo, sebenzisa i-asethi.
I-Snort ine-database yokuhlaselwa ehlaziywa rhoqo kwi-intanethi. Abasebenzisi banokwenza iisignesha ezisekelwe kwiimpawu zokuhlaselwa kwenethiwekhi entsha kwaye bazingenise kuluhlu lokuposa lwe-snort signature, le ethos yoluntu kunye nokwabelana yenze i-Snort enye yezona zinto zidumileyo, ezihlaziyiweyo kunye ne-Robust multi-threading kunye nokufikelela okwabelwanayo. yabalawuli abohlukeneyo kuqwalaselo olunye.
Loluphi utshintsho olwenzekayo kwiCR?
Utshintsho lwenziwe kwisixokelelwano esitsha soqwalaselo, enikezela nge-syntax eyenziwe lula kunye ivumela usetyenziso lwezikripti ukwenza uqwalaselo oluguquguqukayo. I-LuaJIT isetyenziselwa ukucubungula iifayile zoqwalaselo. Iiplagi ezisekelwe kwi-LuaJIT zifaka iinketho ezongezelelweyo zemithetho kunye nenkqubo yokungena.
I-injini yenziwe yangoku ukuze ibone uhlaselo, imithetho ihlaziywe, ukukwazi ukubopha izithinteli kwimigaqo (i-sticky buffers) yongezwe. I-injini yokukhangela ye-Hyperscan isetyenzisiwe, eyenze ukuba kwenzeke ngokukhawuleza nangokuchanekileyo ukusebenzisa iipatheni ezisebenzayo ezisekelwe kwiimpawu eziqhelekileyo kwimithetho.
Yongezwe indlela entsha yokuhlola yeHTTP enesimo seseshoni kwaye igubungela i-99% yeemeko ezixhaswa yi-HTTP Evader test suite. Inkqubo yokuhlola eyongeziweyo ye-HTTP/2 traffic.
Ukusebenza kwendlela yokuhlola ipakethi enzulu kuphuculwe ngokubalulekileyo. Ipakethe eyongeziweyo yokukwazi ukusetyenzwa kweepakethe ezininzi, evumela ukuphunyezwa kwangaxeshanye kwemisonto emininzi kunye nabaphathi beepakethe kunye nokubonelela nge-linear scalability esekelwe kwinani le-CPU cores.
Ukugcinwa okuqhelekileyo koqwalaselo kunye neetafile zezinto kuye kwenziwa, ekwabelwana ngazo kwiinkqubo ezahlukeneyo, ezinciphise kakhulu ukusetyenziswa kwememori ngokususa ukuphindaphindwa kolwazi.
Inkqubo entsha yelog yomsitho esebenzisa ifomathi yeJSON kwaye idityaniswa ngokulula namaqonga angaphandle anje nge-Elastic Stack.
Ukutshintshela kuyilo lwemodyuli, ukukwazi ukwandisa ukusebenza ngokudibanisa iiplagi kunye nokuphumeza ii-subsystems eziphambili ngendlela yeeplagi ezithatha indawo. Ngelo xesha, amakhulu aliqela eplagi sele ziphunyeziwe kwi Snort 3, ukugubungela iindawo ezininzi zesicelo, umzekelo ukuvumela ukuba ungeze ii-codecs zakho, iindlela zokuhlola, iindlela zokubhalisa, izenzo kunye neenketho kwimithetho.
Olunye utshintsho olwahlukileyo:
- Ukufunyanwa okuzenzekelayo kweenkonzo ezisebenzayo, ukuphelisa isidingo sokuchaza ngesandla izibuko lenethiwekhi esebenzayo.
- Inkxaso eyongeziweyo yeefayile ukukhupha ngokukhawuleza useto olunxulumene noseto olungagqibekanga. Ukusetyenziswa kwe-snort_config.lua kunye ne-SNORT_LUA_PATH kuyekiwe ukwenza lula uqwalaselo. Inkxaso eyongeziweyo yokulayisha kwakhona useto kubhabho;
- Ikhowudi inika amandla okusebenzisa i-C ++ yokwakha echazwe kumgangatho we-C ++ 14 (indibano idinga umqambi oxhasa i-C ++ 14).
- Isilawuli esitsha se-VXLAN songezwa.
- Ukuphuculwa kophando lweentlobo zomxholo ngomxholo usebenzisa ukuphunyezwa okunye okuhlaziyiweyo kwe-Boyer-Moore kunye ne-Hyperscan algorithms.
- Ukukhululwa ngokukhawuleza ngokusebenzisa imisonto emininzi ukwenza amaqela olawulo;
- Yongeza indlela entsha yobhaliso.
- Inkqubo yokuhlola ye-RNA (yokwazisa ngenethiwekhi yeXesha leNene) yongezwa, eqokelela ulwazi malunga nezixhobo, imikhosi, usetyenziso kunye neenkonzo ezikhoyo kwinethiwekhi.
Umthombo: https://blog.snort.org