he hecho un fwsnort --help y he consultado la web oficial del proyecto fwsnort pero sin resultado
lo instale desde apt-get install fwsnort
si creo manualmente el /et/fwsnort/fwsnort.sh con reglas IPTABLES para que me detecte alguna firma de mestasploitable, funciona en iptables PERO YO LO QUE QUIERO ES QUE ME TRADUZCA las reglas alojadas en /etc/fwsnort/snort_rules/
he hecho un fwsnort --update-rules y me las ha descargado pero cuando lanzo:
Código
root@debian-sergio:/etc/fwsnort/snort_rules# fwsnort [+] Testing /sbin/iptables for supported capabilities... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Snort Rules File Success Fail Total [+] emerging-all.rules 0 16869 16869 ============================= 0 16869 16869 [+] No rules parsed. [+] Logfile: /var/log/fwsnort/fwsnort.log [-] No Snort rules could be translated, exiting
alguien que le haya funcionado el FWSNORT una ayuda por favor he probado casi todos los comandos de FWSNORT y NADA
alguien experto en la materia ya que hay pocos
VALE GENTE LO HE SOLUCIONADO SE VE que tenia que utilizar otra version de fwsnort -V porque habia un bug, he instalado: fwsnort v1.6.7 -------(by Michael Rash) por eso no me funcionaba.
AHORA OTRA COSA COMO CARGO MAS RULES DE SNORT como lo hariais poe que solo saca esto (5,59% de las reglas las detecta cosa que tendria que detectar 70% mas o menos:
Código
root@debian-sergio:/etc/fwsnort/snort_rules# fwsnort [+] Testing /sbin/iptables for supported capabilities... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Snort Rules File Success Fail Total [+] app-detect.rules 0 2 2 [+] attack-responses.rules 16 1 17 [+] backdoor.rules 65 11 76 [+] bad-traffic.rules 9 3 12 [+] blacklist.rules 0 0 0 [+] botnet-cnc.rules 0 0 0 [+] browser-chrome.rules 0 0 0 [+] browser-firefox.rules 0 15 15 [+] browser-ie.rules 0 1184 1184 [+] browser-other.rules 0 6 6 [+] browser-plugins.rules 0 31 31 [+] browser-webkit.rules 0 0 0 [+] chat.rules 29 1 30 [+] content-replace.rules 0 0 0 [+] ddos.rules 18 14 32 [+] dns.rules 19 2 21 [+] dos.rules 9 7 16 [+] emerging-all.rules 0 16869 16869 [+] experimental.rules 0 0 0 [+] exploit-kit.rules 0 491 491 [+] exploit.rules 36 46 82 [+] file-executable.rules 0 13 13 [+] file-flash.rules 0 1477 1477 [+] file-identify.rules 0 977 977 [+] file-image.rules 0 99 99 [+] file-java.rules 0 112 112 [+] file-multimedia.rules 0 53 53 [+] file-office.rules 0 426 426 [+] file-other.rules 0 239 239 [+] file-pdf.rules 0 456 456 [+] finger.rules 13 1 14 [+] ftp.rules 21 49 70 [+] icmp-info.rules 65 28 93 [+] icmp.rules 18 4 22 [+] imap.rules 1 37 38 [+] indicator-compromise.rules0 26 26 [+] indicator-obfuscation.rules0 38 38 [+] indicator-scan.rules 0 2 2 [+] indicator-shellcode.rules 0 0 0 [+] info.rules 8 2 10 [+] local.rules 0 0 0 [+] malware-backdoor.rules 0 107 107 [+] malware-cnc.rules 0 2732 2732 [+] malware-other.rules 0 299 299 [+] malware-tools.rules 0 12 12 [+] misc.rules 42 18 60 [+] multimedia.rules 4 6 10 [+] mysql.rules 3 0 3 [+] netbios.rules 11 419 430 [+] nntp.rules 0 13 13 [+] oracle.rules 3 295 298 [+] os-linux.rules 0 15 15 [+] os-mobile.rules 0 3 3 [+] os-other.rules 0 38 38 [+] os-solaris.rules 0 3 3 [+] os-windows.rules 0 326 326 [+] other-ids.rules 3 0 3 [+] p2p.rules 18 0 18 [+] phishing-spam.rules 0 0 0 [+] policy-multimedia.rules 0 0 0 [+] policy-other.rules 0 7 7 [+] policy-social.rules 2 0 2 [+] policy-spam.rules 0 0 0 [+] policy.rules 20 1 21 [+] pop2.rules 2 2 4 [+] pop3.rules 6 21 27 [+] porn.rules 21 0 21 [+] protocol-dns.rules 0 1 1 [+] protocol-finger.rules 0 0 0 [+] protocol-ftp.rules 0 0 0 [+] protocol-icmp.rules 0 0 0 [+] protocol-imap.rules 0 2 2 [+] protocol-nntp.rules 0 0 0 [+] protocol-other.rules 0 4 4 [+] protocol-pop.rules 0 1 1 [+] protocol-rpc.rules 0 0 0 [+] protocol-scada.rules 0 10 10 [+] protocol-services.rules 0 0 0 [+] protocol-snmp.rules 0 1 1 [+] protocol-telnet.rules 0 1 1 [+] protocol-tftp.rules 0 0 0 [+] protocol-voip.rules 0 2 2 [+] pua-adware.rules 0 24 24 [+] pua-other.rules 0 4 4 [+] pua-p2p.rules 0 0 0 [+] pua-toolbars.rules 0 3 3 [+] rpc.rules 37 91 128 [+] rservices.rules 13 0 13 [+] scada.rules 0 0 0 [+] scan.rules 14 4 18 [+] server-apache.rules 0 23 23 [+] server-iis.rules 0 0 0 [+] server-mail.rules 0 9 9 [+] server-mssql.rules 0 1 1 [+] server-mysql.rules 0 1 1 [+] server-oracle.rules 0 2 2 [+] server-other.rules 0 210 210 [+] server-samba.rules 0 8 8 [+] server-webapp.rules 0 220 220 [+] shellcode.rules 21 0 21 [+] smtp.rules 14 45 59 [+] snmp.rules 17 0 17 [+] specific-threats.rules 0 0 0 [+] spyware-put.rules 0 0 0 [+] sql.rules 42 4 46 [+] telnet.rules 13 2 15 [+] tftp.rules 9 2 11 [+] virus.rules 0 1 1 [+] voip.rules 0 0 0 [+] web-activex.rules 0 0 0 [+] web-attacks.rules 46 0 46 [+] web-cgi.rules 348 2 350 [+] web-client.rules 9 16 25 [+] web-coldfusion.rules 35 0 35 [+] web-frontpage.rules 35 0 35 [+] web-iis.rules 112 7 119 [+] web-misc.rules 300 28 328 [+] web-php.rules 115 11 126 [+] x11.rules 2 0 2 ============================= 1644 27779 29423 [+] Generated iptables rules for 1644 out of 29423 signatures: 5.59% [+] Logfile: /var/log/fwsnort/fwsnort.log [+] iptables script (individual commands): /var/lib/fwsnort/fwsnort_iptcmds.sh Main fwsnort iptables-save file: /var/lib/fwsnort/fwsnort.save You can instantiate the fwsnort policy with the following command: /sbin/iptables-restore < /var/lib/fwsnort/fwsnort.save Or just execute: /var/lib/fwsnort/fwsnort.sh