{"id":895,"date":"2010-07-07T16:21:01","date_gmt":"2010-07-07T16:21:01","guid":{"rendered":"http:\/\/pchero21.com\/?p=895"},"modified":"2010-07-07T16:21:01","modified_gmt":"2010-07-07T16:21:01","slug":"10-fwsnort-%eb%b0%b0%ec%b9%98","status":"publish","type":"post","link":"http:\/\/pchero21.com\/?p=895","title":{"rendered":"10.fwsnort \ubc30\uce58"},"content":{"rendered":"

 * fwsnort \uc124\uce58<\/span><\/p>\n

 psad\uc640 \ub9c8\ucc2c\uac00\uc9c0\ub85c fwsnort \ub3c4 \uc778\uc2a4\ud1a8 \ud504\ub85c\uadf8\ub7a8 install.pl\uacfc \ud568\uaed8 \uc81c\uacf5\ub41c\ub2e4. \uc774 \ud504\ub85c\uadf8\ub7a8\uc740 \uc774\uc804\uc5d0 \uc124\uce58\ub41c fwsnort \uc758 \uc124\uc815 \ubcf4\uc874, \ub450 \uac1c\uc758 \ud384 \ubaa8\ub4c8 \uc124\uce58(Net::IPv4Addr\uc640 IPTables::Parse), \ucd5c\uc2e0 \ube14\ub9ac\ub529 \uc2a4\ub178\ud2b8 \uc11c\uba85 \uc9d1\ud569\uc758 (\uc120\ud0dd\uc801\uc778) \ub2e4\uc6b4\ub85c\ub4dc(http:\/\/www.bleedingsnort.com<\/a> \uc5d0\uc11c \ubc1b\uc74c)\ub97c \ud3ec\ud568\ud574\uc11c \uc124\uce58\uc758 \ubaa8\ub4e0 \uac83\uc744 \ucc98\ub9ac\ud55c\ub2e4.<\/p>\n

 \uc6b0\ubd84\ud22c\/\ub370\ube44\uc548\uc758 \uacbd\uc6b0 \ub2e4\uc74c\uc758 apt-get \uc744 \uc774\uc6a9\ud55c \uc124\uce58\uac00 \uac00\ub2a5\ud558\ub2e4.<\/p>\n

 # sudo apt-get install fwsnort<\/p><\/blockquote>\n

\ub2e8, fwsnort \uc0ac\uc6a9\uc744 \uc704\ud574\uc11c\ub294 iptables \ubb38\uc790\uc5f4 \ub9e4\uce6d \uae30\ub2a5\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uc5b4\uc57c \ud55c\ub2e4. \ucee4\ub110 \ubc84\uc804 2.6.14 \ub098 \uadf8 \uc774\ud6c4 \ubc84\uc804\uc744 \uc0ac\uc6a9 \uc911\uc774\ub77c\uba74 \ucee4\ub110 \ub0b4\ubd80\uc5d0 \uc774\ubbf8 \ubb38\uc790\uc5f4 \ub9e4\uce6d\uc774 \ucef4\ud30c\uc77c \ub3fc \uc788\uc744 \uac83\uc774\ub2e4.<\/p>\n

 \ub9cc\uc57d iptables \uc758 \ubb38\uc790\uc5f4 \ub9e4\uce6d\uae30\ub2a5\uc758 \uc9c0\uc6d0\uc5ec\ubd80\ub97c \ud655\uc778\ud558\uace0 \uc2f6\ub2e4\uba74 \uc544\ub798\uc758 \uba85\ub839\uc5b4\uac00 \uc774\uc0c1\uc5c6\uc774 \uc791\ub3d9\ud558\uba74 \uc9c0\uc6d0\ud558\ub294 \uac83\uc774\ub2e4.<\/p>\n

 # iptables -D INPUT 1 -i lo -d 127.0.0.2 -m string –string “testing ” –algo bm -j ACCEPT<\/p><\/blockquote>\n

 \ub9cc\uc57d \uc624\ub958 iptables: no chain\/target\/match by that name \uac00 \ubc18\ud658\ub418\uba74 \ud604\uc7ac \ucee4\ub110\uc5d0\uc11c \ubb38\uc790\uc5f4 \ub9e4\uce6d \ud655\uc7a5\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc5c6\ub294 \uac83\uc774\ub2e4. \uc774\ub294 \ucee4\ub110 \uc124\uc815 \ud30c\uc77c\uc758 CONFIG_NETFILTER_XT_MATCH_STRING \ub97c \ud65c\uc131\ud654\ud558\uace0 \uc7ac\ucef4\ud30c\uc77c\ud55c \ud6c4 \uc0c8 \ucee4\ub110\ub85c \uc7ac\ubd80\ud305\ud568\uc73c\ub85c\uc368 \uc218\uc815\ud560 \uc218 \uc788\ub2e4.<\/p>\n

 \ub9cc\uc57d \uc704\uc758 \uba85\ub839\uc774 \uc131\uacf5\uc801\uc73c\ub85c \uc2e4\ud589 \ub418\uc5c8\ub2e4\uba74, \ub2e4\uc2dc \ud574\ub2f9 \uaddc\uce59\uc744 \uc0ad\uc81c\ud558\uc5ec \ucd94\ud6c4 \ub2e4\ub978 \ubb38\uc81c\uac00 \ubc1c\uc0dd\ud558\uc9c0 \uc54a\ub3c4\ub85d \ud558\uc790.<\/p>\n

 # iptables -D INPUT 1<\/p><\/blockquote>\n

 * fwsnort \uc758 \uc2e4\ud589<\/span><\/p>\n

 fwsnort \uc758 \uc124\uce58\uac00 \ub05d\ub0ac\ub2e4\uba74 \uc774\uc81c fwsnort \ub97c \uc2e4\ud589\ud558\ub3c4\ub85d \ud558\uc790.<\/p>\n

 \ucee4\ub9e8\ub4dc \ub77c\uc778\uc5d0\uc11c \ubc14\ub85c fwsnort \ub97c \uc785\ub825\ud574\ub3c4 \ub418\uace0, \ub9cc\uc57d \uba85\ub839\uc5b4 \uc2e4\ud589\uc774 \ub418\uc9c0 \uc54a\ub294\ub2e4\uba74, \/usr\/sbin\/fwsnort \ub97c \uc2e4\ud589\ud558\ub3c4\ub85d \ud558\uc790.<\/p>\n

\"\"
 fwsnort \uc2e4\ud589 \ud6c4, \ub098\uc624\ub294 \uba54\uc2dc\uc9c0\ub85c\ubd80\ud130 \uac01 \uc2a4\ub178\ud2b8 \uaddc\uce59 \ud30c\uc77c\uc5d0 \ub300\ud574\uc11c \uc131\uacf5\uc801 \ubcc0\ud658\uacfc \ubcc0\ud658 \uc2e4\ud328 \ud68d\uc218(Success \uc640 Fail), \uc2e4\ud589 \uc911\uc778 iptables \uc815\ucc45\uc5d0 \uc801\uc6a9\ub418\ub294 \uaddc\uce59\uc758 \uc218(Ipt_apply), \uaddc\uce59 \ud30c\uc77c\uc5d0 \uc874\uc7ac\ud558\ub294 \uc804\uccb4 \uc2a4\ub178\ud2b8 \uaddc\uce59 \uac1c\uc218(Total)\ub97c \ucd9c\ub825\ud55c\ub2e4\ub294 \uac83\uc744 \uc54c \uc218 \uc788\ub2e4.<\/p>\n

 \uadf8\ub9ac\uace0 fwsnort \uc758 \ub450 \uc124\uc815\ud30c\uc77c\uc5d0 \uad00\ud55c \uc815\ubcf4\ub97c \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n

 ** fwsnort \uc124\uc815 \ud30c\uc77c<\/p>\n

 fwsnort \uc758 \uc8fc\uc694 \uc124\uc815 \ud30c\uc77c\uc740 \/etc\/fwsnort\/fwsnort.conf \ub294 \ub124\ud2b8\uc6cc\ud06c, \ud3ec\ud2b8 \ubc88\ud638, \uc2dc\uc2a4\ud15c \ubc14\uc774\ub108\ub9ac\uc758 \uacbd\ub85c(iptables \ub85c\uc758 \uacbd\ub85c \ub4f1), \uc2e4\ud589\uc5d0 \ud544\uc694\ud55c \uae30\ud0c0 \uc8fc\uc694 \uc815\ubcf4\ub97c \uc815\uc758\ud55c\ub2e4.<\/p>\n

 \ub2e4\uc74c\uc740 \uc2e4\uc81c\ub85c \uc0ac\uc6a9\uc911\uc778 fwsnort.conf \uc758 \ud30c\uc77c \ub0b4\uc6a9\uc774\ub2e4.<\/p>\n

root@seclab:\/etc\/fwsnort# cat fwsnort.conf
#
###########################################################################
#
#  This is the configuration file for fwsnort.  There are some similarities
#  between this file and the configuration file for Snort.
#
###########################################################################
#
# $Id: fwsnort.conf 442 2008-08-09 15:14:27Z mbr $
#<\/p>\n

### Fwsnort treats all traffic directed to \/ originating from the local
### machine as going to \/ coming from the HOME_NET in Snort rule parlance.
### If there is only one interface on the local system, then there will be
### no rules processed via the FWSNORT_FORWARD chain because no traffic
### would make it into the iptables FORWARD chain.
HOME_NET                any;
EXTERNAL_NET            any;<\/p>\n

### List of servers.  Fwsnort supports the same variable resolution as
### Snort.
HTTP_SERVERS            $HOME_NET;
SMTP_SERVERS            $HOME_NET;
DNS_SERVERS             $HOME_NET;
SQL_SERVERS             $HOME_NET;
TELNET_SERVERS          $HOME_NET;<\/p>\n

### AOL AIM server nets
AIM_SERVERS             [64.12.24.0\/24, 64.12.25.0\/24, 64.12.26.14\/24, 64.12.28.0\/24, 64.12.29.0\/24, 64.12.161.0\/24, 64.12.163.0\/24, 205.188.5.0\/24, 205.188.9.0\/24];<\/p>\n

### Configurable port numbers
SSH_PORTS               22;
HTTP_PORTS              80;
SHELLCODE_PORTS         !80;
ORACLE_PORTS            1521;<\/p>\n

### define average packet lengths and maximum frame length.  This is
### used for iptables length match emulation of the Snort dsize option.
AVG_IP_HEADER_LEN       20;   ### IP options are not usually used.
AVG_TCP_HEADER_LEN      30;   ### Include 10 bytes for options (which
                              ### accompany ACK packets).
MAX_FRAME_LEN           1500;<\/p>\n

### Use the WHITELIST variable to define a list of hosts\/networks
### that should be completely ignored by fwsnort.  For example, if you
### want to whitelist the IP 192.168.10.1 and the network 10.1.1.0\/24,
### you would use (note that you can also specify multiple WHITELIST
### variables, one per line):
#WHITELIST             192.168.10.1, 10.1.1.0\/24;
WHITELIST               NONE;<\/p>\n

### Use the BLACKLIST variable to define a list of hosts\/networks
### that for which fwsnort should DROP or REJECT all traffic.  For
### example, to DROP all traffic from the 192.168.10.0\/24 network, you
### can use:
###     BLACKLIST            192.168.10.0\/24    DROP;
### To have fwsnort REJECT all traffic from 192.168.10.0\/24, you would
### use:
###     BLACKLIST            192.168.10.0\/24    REJECT;
BLACKLIST               NONE;<\/p>\n

### define the jump position in the built-in chains to jump to the
### fwsnort chains
FWSNORT_INPUT_JUMP      1;
FWSNORT_OUTPUT_JUMP     1;
FWSNORT_FORWARD_JUMP    1;<\/p>\n

### iptables chains (these do not normally need to be changed).
FWSNORT_INPUT           FWSNORT_INPUT;
FWSNORT_INPUT_ESTAB     FWSNORT_INPUT_ESTAB;
FWSNORT_OUTPUT          FWSNORT_OUTPUT;
FWSNORT_OUTPUT_ESTAB    FWSNORT_OUTPUT_ESTAB;
FWSNORT_FORWARD         FWSNORT_FORWARD;
FWSNORT_FORWARD_ESTAB   FWSNORT_FORWARD_ESTAB;<\/p>\n

### fwsnort library path
FWSNORT_LIBS_DIR        \/usr\/lib\/fwsnort;<\/p>\n

### system binaries
shCmd           \/bin\/sh;
echoCmd         \/bin\/echo;
tarCmd          \/bin\/tar;
wgetCmd         \/usr\/bin\/wget;
unameCmd        \/usr\/bin\/uname;
ifconfigCmd     \/sbin\/ifconfig;
iptablesCmd     \/sbin\/iptables;<\/p><\/blockquote>\n

 ** fwsnort.sh \uc758 \uad6c\uc870<\/p>\n

 fwsnort \uac00 \uc0dd\uc131\ud55c \ubcf8 \uc258 \uc2a4\ud06c\ub9bd\ud2b8 \/etc\/fwsnort\/fwsnort.sh \ub294 \ub2e4\uc12f \uac1c\uc758 \uc139\uc158\uc73c\ub85c \ub098\ub25c\ub2e4. \uccab \ubc88\uc9f8 \uc139\uc158\uc740 fwsnort.sh \uc2a4\ud06c\ub9bd\ud2b8\uc758 \ubaa9\uc801, fwsnort.sh \ub97c \uc0dd\uc131\ud558\uae30 \uc704\ud574 fwsnort \uc5d0\uac8c \uc804\ub2ec\ud558\ub294 \uba85\ub839 \ud589 \uc778\uc790, fwsnort \ubc84\uc804\uc744 \ud3ec\ud568\ud558\ub294 \uc8fc\uc11d\uc73c\ub85c \uad6c\uc131\ub41c \ud5e4\ub354\ub2e4.<\/p>\n

root@seclab:\/etc\/fwsnort# cat fwsnort.sh|more
#!\/bin\/sh
#
############################################################################
#
# File:  \/etc\/fwsnort\/fwsnort.sh
#
# Purpose:  This script was auto-generated by fwsnort, and implements
#           an iptables ruleset based upon Snort rules.  For more
#           information see the fwsnort man page or the documentation
#           available at http:\/\/www.cipherdyne.org\/fwsnort\/
#
# Generated with:     fwsnort
# Generated on host:  seclab.XXXXXX.ac.kr             
# Time stamp:         Thu Jul  8 00:43:59 2010
#
# Author:  Michael Rash <mbr@cipherdyne.org>
#
# Version: 1.0.5 (file revision: 472)
#
############################################################################
#<\/p>\n

#==================== config ====================
ECHO=\/bin\/echo
IPTABLES=\/sbin\/iptables
#================== end config ==================<\/p>\n

###
############ Create fwsnort iptables chains. ############
###
$IPTABLES -N FWSNORT_FORWARD 2> \/dev\/null
$IPTABLES -F FWSNORT_FORWARD<\/p>\n

$IPTABLES -N FWSNORT_FORWARD_ESTAB 2> \/dev\/null
$IPTABLES -F FWSNORT_FORWARD_ESTAB<\/p><\/blockquote>\n

 fwsnort.sh \uc2a4\ud06c\ub9bd\ud2b8\uc758 \ub450 \ubc88\uc9f8 \uc139\uc158\uc740 iptables \uc640 \uc5d0\ucf54 \uc2dc\uc2a4\ud15c \ubc14\uc774\ub108\ub9ac\uc758 \uacbd\ub85c\ub97c \uc815\uc758\ud55c\ub2e4. \uc774 \uacbd\ub85c\ub4e4\uc740 fwsnort.conf \uc124\uc815 \ud30c\uc77c\uc758 iptablesCmd \uc640 echoCmd \ud0a4\uc6cc\ub4dc\uc5d0\uc11c \uc0c1\uc18d\ub418\uba70 fwsnort \ub294 fwsnort.sh \ub97c \uc791\uc131\ud558\uae30 \uc804\uc5d0 \ud574\ub2f9 \uacbd\ub85c\uac00 \uc874\uc7ac\ud558\ub294\uc9c0 \ud655\uc778\ud55c\ub2e4.<\/p>\n

 \uc124\uc815 \uc139\uc158\uc740 fwsnort.sh \uac00 \ubc30\uce58\ub418\ub294 \uc2dc\uc2a4\ud15c\uc5d0 \ub9de\uac8c \uacbd\ub85c\ub97c \uc218\uc815\ud560 \uc218 \uc788\uac8c \ud574\uc900\ub2e4.<\/p>\n

#==================== config ====================
\nECHO=\/bin\/echo
\nIPTABLES=\/sbin\/iptables
\n#================== end config ==================\n<\/p><\/blockquote>\n

 fwsnort.sh \uc758 \uc138 \ubc88\uc9f8 \uc139\uc158\uc740 fwsnort \uaddc\uce59\uc744 \uc704\ud55c \uc804\uc6a9 iptables \uccb4\uc778\uc744 \uc0dd\uc131\ud55c\ub2e4. \ubaa8\ub4e0 fwsnort \uaddc\uce59(\uc544\ub798\uc11c \ub2e4\ub8f0 \uac74\ub108\ub6f0\uae30 \uaddc\uce59\uc740 \uc608\uc678)\uc740 \uae30\uc874 iptables \uc815\ucc45\uc73c\ub85c\ubd80\ud130 \uc5c4\uaca9\ud788 \ubd84\ub9ac\uc2dc\ud0a4\uae30 \uc704\ud574 \ub9de\ucda4\ud654 \uccb4\uc778\uc5d0 \ucd94\uac00\ub41c\ub2e4.<\/p>\n

 fwsnort.sh \uc758 \ub124 \ubc88\uc9f8 \uc139\uc158\uc740 \uc911\ub7c9 \ud328\ud0b7 \uac80\uc0ac\uac00 \uc77c\uc5b4\ub098\ub294 \uacf3\uc774\ub2e4. \uc774 \uc139\uc158\uc758 \uaddc\uce59\uc740 \ubaa8\ub450 \uc55e\uc11c \uc5b8\uae09\ud55c fwsnort \uccb4\uc778 \uc911 \ud558\ub098\uc5d0 \ucd94\uac00\ub41c\ub2e4. \uac01 \uaddc\uce59\uc740 \ucd9c\ubc1c\uc9c0\uc640 \ubaa9\uc801\uc9c0 IP \uc8fc\uc18c\uc640 \ud3ec\ud2b8 \ubc88\ud638, \ub0b4\uc6a9 \ubb38\uc790\uc5f4, length, ttl, tos \ub9e4\uce6d \ub4f1\uacfc \uac19\uc740 \uc2a4\ub178\ud2b8 \uaddc\uce59 \ud5e4\ub354\uc640 \uaddc\uce59 \uc635\uc158\uc758 \uad6c\uc131 \uc6d0\uc18c\ub97c \ud3ec\ud568\ud55c\ub2e4.<\/p>\n

 \uae30\ubcf8\uc801\uc73c\ub85c fwsnort \uac00 \ubcc0\ud658\ud558\ub294 \ubaa8\ub4e0 \uc2a4\ub178\ud2b8 \uaddc\uce59\uc740 \uc0ac\uc6a9\uc790 \ud2b9\uc815 \uc11c\uba85\uc744 \uc804\ub2ec\ud558\uae30 \uc704\ud574 \uc124\uacc4\ub41c \ub85c\uae45 \uc811\ub450\uc5b4\uc640 \ud568\uaed8 LOG \ud0c0\uac9f\uc744 \uc0ac\uc6a9\ud558\ub294 Iptables \uba85\ub839\uc744 \uc0dd\uc131\ud55c\ub2e4. fwsnort \uac00 \uc0dd\uc131\ud55c \ub85c\uae45 \uc811\ub450\uc5b4\ub294 fwsnort \uccb4\uc778\uc758 \uaddc\uce59 \ubc88\ud638\uc640 \uc2a4\ub178\ud2b8 \uc11c\uba85 ID \uac12\uc744 \ud3ec\ud568\ud558\uba70, \uc11c\uba85\uc774 \uc218\ub9bd\ub41c TCP \uc5f0\uacb0\ub85c\ubd80\ud130 \uae30\ub85d\ub410\ub294\uc9c0 \uc5ec\ubd80\ub97c \ub098\ud0c0\ub0b8\ub2e4.<\/p>\n

 fwsnort.sh \uc758 \ub9c8\uc9c0\ub9c9 \uc139\uc158\uc5d0\uc11c\ub294 iptables\uac00 \uc804\uccb4 \uaddc\uce59\uc9d1\ud569\uc744 \ud1b5\ud574 \ud2b8\ub798\ud53d\uc744 \uc804\uc1a1\ud558\uac8c \ud568\uc73c\ub85c\uc368 \ucee4\ub110 \ub0b4\ubd80\uc5d0\uc11c \uaddc\uce59\uc9d1\ud569\uc744 \ud65c\uc131\ud654\ud55c\ub2e4. \uc774 \uc2dc\uc810\uae4c\uc9c0 fwsnort.sh \uc5d0 \uc758\ud574 \uc2e4\ud589\ub418\ub294 \ubaa8\ub4e0 iptables \uba85\ub839\uc740 \ub2e8\uc21c\ud788 fwsnort \uc815\ucc45\uc744 \uc2e4\ud589 \uc911\uc778 \ucee4\ub110\ub85c \ub85c\ub529\ud55c\ub2e4.<\/p>\n

 ** fwsnort \uc758 \uba85\ub839 \ud589 \uc635\uc158
 
 \uc77c\ubc18\uc801\uc73c\ub85c \uc0ac\uc6a9\ub418\ub294 \uc77c\ubd80 \uc635\uc158\uc5d0 \ub300\ud55c \uc124\uba85\uc774\uba70, \ub2e4\ub978 \ubaa8\ub4e0 \uba85\ub839 \ud589 \uc778\uc790\uc5d0 \ub300\ud55c \uc124\uba85\uc740 fwsnort(8) \ub9e8 \ud398\uc774\uc9c0\uc5d0\uc11c \ubcfc \uc218 \uc788\ub2e4.<\/p>\n

 –ipt-drop: \ud328\ud0b7\uc774 \uc758\ub3c4\ub41c \ubaa9\ud45c\ub85c \uc804\ub2ec\ub418\uae30 \uc804\uc5d0 fwsnort \uac00 \uc774\ub97c \uae30\ub85d\ud558\uace0 \ubc84\ub9ac\uac8c \ud55c\ub2e4(\uae30\ubcf8\uc801\uc73c\ub85c fwsnort \ub294 \uc545\uc758\uc801\uc778 \ud328\ud0b7\uc744 \uae30\ub85d\ub9cc \ud558\uac8c \ud55c\ub2e4). \uc774\ub97c \ud1b5\ud574 fwsnort \ub294 \ub124\ud2b8\uc6cc\ud06c \uacf5\uaca9\uc5d0 \ub2a5\ub3d9\uc801\uc73c\ub85c \uc751\ub2f5\ud560 \uc218 \uc788\ub294 \uad8c\ud55c\uc744 \uc5bb\ub294\ub2e4.<\/p>\n

 –ipt-reject: fwsnort \uac00 \uc545\uc758\uc801\uc778 TCP \uc5f0\uacb0\uc744 TCP \uc7ac\uc124\uc815 \ud328\ud0b7\uc73c\ub85c \uc885\ub8cc\uc2dc\ud0a4\uace0 \uc545\uc758\uc801\uc778 UDP \ud2b8\ub798\ud53d\uc5d0 ICMP \ud3ec\ud2b8 \ub3c4\ub2ec \ubd88\uac00 \uba54\uc2dc\uc9c0\ub85c \uc751\ub2f5\ud558\uae30 \uc704\ud574 REJECT \ud0c0\uac9f\uc744 \uc0ac\uc6a9\ud558\ub294 iptables \uc815\ucc45\uc744 \ub9cc\ub4e4\uac8c \ud55c\ub2e4.<\/p>\n

 –snort-conf path: fwsnort\uac00 HOME_NET, EXTERNAL_NET, HTTP_SERVERS \ub4f1\uacfc \uac19\uc740 \ubcc0\uc218\ub97c \uae30\uc874\uc758 \uc2a4\ub178\ud2b8 \uc124\uc815 \ud30c\uc77c(\ubcf4\ud1b5 \/etc\/snort\/snort.conf\uc5d0 \uc704\uce58)\ub85c\ubd80\ud130 \uc77d\uc5b4\uc624\uac8c \ud55c\ub2e4.<\/p>\n

 –snort-sid sids: fwsnort \ubcc0\ud658 \uc2dc\ub3c4\ub97c \ud2b9\uc815 \uc2a4\ub178\ud2b8 ID\ub098 \uc2a4\ub178\ud2b8 ID \ubaa9\ub85d\uc73c\ub85c \uc81c\ud55c\ud55c\ub2e4.<\/p>\n

 –include-type type: fwsnort \uac00 \ud558\ub098\uc758 \uaddc\uce59 \ud30c\uc77c\uc5d0 \ud3ec\ud568\ub41c \uc2a4\ub178\ud2b8 \uaddc\uce59\ub9cc\uc744 \ubcc0\ud658\ud558\uac8c \ud55c\ub2e4.<\/p>\n

 –ipt-list: \ub2e4\uc591\ud55c fwsnort \uccb4\uc778\uc758 \ud65c\uc124\ud654\ub41c \uaddc\uce59\uc744 \ubaa8\ub450 \ubcf4\uc5ec\uc900\ub2e4.<\/p>\n

 –ipt-flush: fwsnort \uccb4\uc778\uc5d0\uc11c \ud65c\uc131\ud654\ub41c \uaddc\uce59\uc744 \ubaa8\ub450 \ubc84\ub9b0\ub2e4. \uc774 \uc635\uc158\uc740 \uae30\uc874 \uc815\ucc45\uacfc \uc5f0\uad00\ub41c iptables \uaddc\uce59\uc740 \uc81c\uac70\ud558\uc9c0 \uc54a\uace0 fwsnort \uaddc\uce59\uc744 \ube60\ub974\uac8c \uc81c\uac70\ud560 \ub54c \uc720\uc6a9\ud558\ub2e4.<\/p>\n

 –no-address: fwsnort\uac00 \ubc29\ud654\ubcbd \uc2dc\uc2a4\ud15c\uc758 \uc778\ud130\ud398\uc774\uc2a4\uac00 \uac00\uc9c0\ub294 IP \uc8fc\uc18c\ub97c \ucc38\uc870\ud558\uc9c0 \uc54a\uac8c \ud55c\ub2e4.<\/p>\n

 –no-ipt-sync: \ub85c\uceec iptables \uc815\ucc45\uc5d0 \ub300\ud574 \ubcf4\ud1b5 \uc2e4\ud589\ub418\ub294 \ubaa8\ub4e0 \ud638\ud658\uc131 \uac80\uc0ac\ub97c fwsnort\uac00 \ube44\ud65c\uc131\ud654\uac8c \ud55c\ub2e4..<\/p>\n

 –restrict-intf intf: fwsnort \uaddc\uce59\uc744 \uba85\uc2dc\ub41c \uc778\ud130\ud398\uc774\uc2a4(\ub4e4)\ub85c \uc81c\ud55c\ud55c\ub2e4.<\/p>\n

 * fwsnort\uc758 \uc2e4\uc81c \ub3d9\uc791<\/span><\/p>\n

 fwsnort\uc758 \uc2e4\ud589\uc740 \uac04\ub2e8\ud558\ub2e4. fwsnort \uba85\ub839\uc5b4\uc758 \uacb0\uacfc\ub85c \uc0dd\uc131\ub41c \/etc\/fwsnort\/fwsnort.sh \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc2e4\ud589\uc2dc\ud0a4\uba74 \ub41c\ub2e4.<\/p>\n

 …..\uc2dc\uc2a4\ud15c\uc5d0 \ub530\ub77c \uc2dc\uac04\uc774 \uc624\ub798 \uac78\ub9b4 \uc218 \uc788\uc73c\ub2c8 \ub290\uae0b\ud55c \ub9c8\uc74c\uc744 \uac00\uc9c0\ub294 \uac83\uc774 \uc88b\uc744 \uac83\uc774\ub2e4.<\/p>\n

\"\"<\/p>\n

 * \ud5c8\uc6a9 \ubaa9\ub85d\uacfc \ucc28\ub2e8 \ubaa9\ub85d \uc124\uc815
<\/span>
 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35 \ub370\uc774\ud130\uc5d0 \uae30\ubc18\ud574\uc11c \ub124\ud2b8\uc6cc\ud06c \ud1b5\uc2e0\uc744 \ucc28\ub2e8\ud560 \uc218 \uc788\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub294 \ud5c8\uc6a9 \ubaa9\ub85d(whitelist)\uc5d0 \uae30\ubc18\ud574\uc11c \ud2b9\uc815 \ub124\ud2b8\uc6cc\ud06c\ub098 IP \uc8fc\uc18c\ub97c \ucc28\ub2e8 \ub3d9\uc791\uc5d0\uc11c \uc81c\uc678\ud560 \uc218 \uc788\uc5b4\uc57c \ud55c\ub2e4.<\/p>\n

 fwsnort \uc5d0\uc11c \ud5c8\uc6a9 \ubaa9\ub85d\uacfc \ucc28\ub2e8 \ubaa9\ub85d\uc740 \/etc\/fwsnort\/fwsnort.conf \ud30c\uc77c\uc758 WHITELIST\uc640 BLACKLIST \ubcc0\uc218\ub97c \ud1b5\ud574 \uc9c0\uc6d0\ub41c\ub2e4. \uc608\ub97c \ub4e4\uc5b4 fwsnort \uac00 \uc6f9\uc11c\ubc84(192.168.10.2)\uc5d0\uc11c \uc2dc\uc791\ud558\uac70\ub098 \uc6f9\uc11c\ubc84\ub85c \ud5a5\ud558\ub294 \ud1b5\uc2e0\uc5d0\ub294 \uc5b4\ub5a4 \uc870\uce58\ub3c4 \ucde8\ud558\uc9c0 \uc54a\uace0 IP \uc8fc\uc18c 192.168.10.100 \uc73c\ub85c \uc624\uac00\ub294 \ubaa8\ub4e0 \ud328\ud0b7\uc744 DROP \ud558\uac8c \ud558\ub824\uba74 fwsnort.conf \uc5d0 \ub2e4\uc74c\uc744 \ucd94\uac00\ud55c\ub2e4.<\/p>\n

 WHITELIST 192.168.10.2;
 BLACKLIST 192.168.10.100;<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

 * fwsnort \uc124\uce58  psad\uc640 \ub9c8\ucc2c\uac00\uc9c0\ub85c fwsnort \ub3c4 \uc778\uc2a4\ud1a8 \ud504\ub85c\uadf8\ub7a8 install.pl\uacfc \ud568\uaed8 \uc81c\uacf5\ub41c\ub2e4. \uc774 \ud504\ub85c\uadf8\ub7a8\uc740 \uc774\uc804\uc5d0 \uc124\uce58\ub41c fwsnort \uc758 \uc124\uc815 \ubcf4\uc874, \ub450 \uac1c\uc758 \ud384 \ubaa8\ub4c8 \uc124\uce58(Net::IPv4Addr\uc640 IPTables::Parse), \ucd5c\uc2e0 \ube14\ub9ac\ub529 \uc2a4\ub178\ud2b8 \uc11c\uba85 \uc9d1\ud569\uc758 (\uc120\ud0dd\uc801\uc778) \ub2e4\uc6b4\ub85c\ub4dc(http:\/\/www.bleedingsnort.com \uc5d0\uc11c \ubc1b\uc74c)\ub97c \ud3ec\ud568\ud574\uc11c \uc124\uce58\uc758 \ubaa8\ub4e0 \uac83\uc744 \ucc98\ub9ac\ud55c\ub2e4. … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[52],"tags":[146,184,241,311,507,528,557,564,809],"_links":{"self":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/895"}],"collection":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=895"}],"version-history":[{"count":0,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/895\/revisions"}],"wp:attachment":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=895"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}