Zeek: Isixhobo soKhuseleko soMthombo oVulekileyo weNethiwekhi
Ukuqhubela phambili noluhlu lwethu lwamanqaku kwizicelo ezikhoyo kunye neziluncedo kunye neenkqubo (izixhobo zesoftware) kwicandelo lokhuseleko lwekhompyuter, ezihlala zisimahla, zivulekile kwaye zisimahla, namhlanje siza kujongana nenye eyaziwa ngokuba "zeke". Eyaziwa ngokuba yinto ebalaseleyo isixhobo sokujonga ukhuseleko lwenethiwekhi evulekileyo.
Mhlawumbi, abanye basenokuba bayazi kwaye bayisebenzise kwiminyaka eyadlulayo (de kube yi-2018), phantsi kwayo igama langaphambili, oko kukuthi, Bro. Ngaphezu kwakho konke, kutheni isoftware ichaziwe ngembali ende yokusetyenziswa (1990/2023) kwihlabathi lomthombo ovulekileyo kunye ukhuseleko lwedijithali. Ke namhlanje, siza kuyiphonononga ukufaka isandla ekusasazeni nasekusetyenzisweni kwayo, ngabakwaLinuxers kunye nezinye iingcali ze-IT.
I-Lynis: Isoftware yokuhlola ukhuseleko kwiLinux, macOS kunye neUNIX
Kodwa, ngaphambi kokuba uqalise esi sithuba sinomdla malunga nesixhobo sokhuseleko senethiwekhi yomthombo ovulekileyo "zeke", sicebisa i Iposi elidlulileyo elidibeneyo, ukuze ufunde kamva:
Zeek: Isixhobo sokujonga ukhuseleko lwenethiwekhi
Yintoni uZeek?
Ukuphonononga kunye nokuhlalutya kwakho website esemthethweni, sinokukhupha oku kulandelayo Amanqaku abalulekileyo malunga nesixhobo sesoftware esithe:
- Ingumthombo ovulekileyo wesoftware obonelela nge-compact, i-high-fidelity transaction logs, umxholo wefayile, kunye neziphumo ezilungiselelwe ngokupheleleyo zabahlalutyi, ukusuka kwiofisi encinci yasekhaya ukuya kuphando olukhulu kunye nolukhawulezayo kunye neenethiwekhi zoshishino.
- Inceda imibutho ukuba iqonde indlela inethiwekhi yabo esetyenziswa ngayo, ukuxhasa ukhuseleko, ukusebenza, uphicotho-zincwadi, kunye nemisebenzi yezakhono. Ngolwimi lwayo lwenkqubo olulungiselelwe uthungelwano, uluntu oluvulelekileyo lomthombo ovulekileyo, kunye nehlabathi jikelele, iZeek ibonelela ngedatha kunye nokuqonda okufunekayo ukujongana nemiceli mngeni yothungelwano yanamhlanje-kwiimeko zekhompyutha, kwilifu nakwimizi-mveliso.
- Inikwe ilayisenisi phantsi kwelayisensi ye-BSD evumelekileyo. Ukuba likomkhulu leIprojekthi yeZeek kwiziko leSayensi yeKhompyutha yaMazwe ngaMazwe (ICSI) eBerkeley, CA. Yeyiphi, ngumbutho ongenzi nzuzo.
- Nokanye sisixhobo sokhuseleko esisebenzayo, esifana ne-firewall okanye inkqubo yokuthintela ukungena. Kunoko, inokuqondwa njenge "sensor" kwi-hardware, isofthiwe, i-virtual okanye iqonga lelifu, ngokuthula kunye nokujonga ngokungabonakali kwetrafikhi yenethiwekhi. kuba, tolika oko ikubonayo kwaye wenze iilogi zentengiselwano ngaphakathi kweefayile ezineziphumo ezinokwenzeka; imixholo yayo ilawuleka ngokulula ngesandla okanye ngokuzenzekelayo.
I-Zeek luhlalutyo olunamandla lwetrafikhi yothungelwano kunye nesakhelo sokuhlola ukhuseleko esahluke kakhulu kwi-IDS eqhelekileyo onokuthi uqhelene nayo. Ukongeza, iphuhliswa kwi-GitHub luluntu lwayo. Namhlanje, ngenxa yegalelo elingenakubalwa, iZeek isetyenziswa ngokusebenza kwihlabathi liphela ziinkampani ezinkulu, amaziko emfundo kunye nesayensi ngokufanayo ukukhusela iziseko zabo ze-cyber. Zeek kwiGitHub
Izixhobo
Phakathi kwakho iimpawu eziphambili kunokukhankanywa oku kulandelayo:
- Yenza uhlalutyo olunzulu: Kuba ibandakanya abahlalutyi kwiiprothokholi ezininzi, ukuvumela uhlalutyo lwe-semantic olukwinqanaba eliphezulu kumaleko wesicelo.
- Iyabhetyebhetye kwaye ibhetyebhetye: Ngenxa yosebenziso lwe-Zeek's domain-specific scripting language, ekuvumela ukuba uyile kwaye usebenzise imigaqo-nkqubo yokujonga isayithi, kwaye ikwenza ungathintelwa kuyo nayiphi na indlela yokubona.
- iyasebenza kakhulu: Ngoko ke, ngaphandle kweengxaki ezinkulu, ingasetyenziselwa kwiinethiwekhi eziphezulu zokusebenza kunye nakwiindawo ezahlukeneyo ezinkulu.
- Yomelele kakhulu: Kuba, igcina imo ebanzi yomaleko wesicelo ngaphezulu kwenethiwekhi ebeka iliso kwaye ibonelele ngogcino olukwinqanaba eliphezulu lomsebenzi womnatha.
- Igcinwa yangoku, ihlaziywe kakuhle kwaye kulula ukuyifaka: Ngoko ke, wena Inguqulelo yamva nje ezinzileyo yiyo 5.20 version, ekhutshwe ngoFebruwari 02, 2023, kwaye iquka utshintsho oluluncedo kunye neempawu ezintsha. Kwaye iyafakeleka ngokulula usebenzisa oku kulandelayo imiyalelo yokufaka.
I-Zeek ngumthombo ovulekileyo kunye nomhlalutyi wetrafikhi womnatha, osetyenziswa ngabaninzi njenge-Network Security Monitor (NSM) ukuxhasa uphando lomsebenzi okrokrelayo okanye okhohlakeleyo. Ukongeza, luncedo kakhulu, kuba ixhasa uluhlu olubanzi lwemisebenzi yohlalutyo lwetrafikhi ngaphaya kwendawo yokhuseleko, kubandakanywa umlinganiselo wokusebenza kunye nokuxazulula iingxaki. Amaxwebhu asemthethweni
Isishwankathelo
Isishwankathelo, sinethemba lokuba esi sithuba sinxulumene nokuguquguquka, okuvulekileyo kunye nokukhululeka Vula umthombo wesoftware yokhuseleko lwenethiwekhi yeLinux/Unix kubizwa "zeke", vumela abaninzi, amandla okwenza okuyimfuneko ukuzeUhlalutyo lwetrafikhi yothungelwano lwamaqonga ayo, ukuthatha ithuba lokugxila ekujongweni kokhuseleko lwesemantic kwisikali esibonelelwa yisoftware enjalo..
Okokugqibela, ukuba uyazi okanye usebenzise esi sixhobo sesoftware, qiniseka ukuba unikezela ngoluvo lwakho ngesihloko sanamhlanje, ngamagqabantshintshi. Kwaye ukuba uyayithanda le post, Sukuyeka ukwabelana nabanye. Kwakhona, khumbula ndwendwela iphepha lethu lasekhaya en «UkusukaLinux» ukujonga iindaba ezingakumbi, kwaye ujoyine ijelo lethu elisemthethweni le Umnxeba ovela kwiDesdeLinux, Bucala ngasekunene iqela ngolwazi oluthe vetshe ngesihloko sanamhlanje.