在Debian系统中,入侵检测可以通过多种工具和方法实现。以下是一些常见的步骤和工具:
sudo apt update
sudo apt install ufw
sudo ufw enable
sudo ufw allow 22/tcp # 允许SSH连接
sudo ufw deny 23/tcp # 拒绝Telnet连接
sudo ufw status verbose
sudo apt update
sudo apt install fail2ban
/etc/fail2ban/jail.local 文件来添加自定义规则:sudo nano /etc/fail2ban/jail.local
[DEFAULT]
bantime = 600
findtime = 600
maxretry = 3
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
sudo apt update
sudo apt install snort
/etc/snort/snort.conf 文件来配置规则和输出:sudo nano /etc/snort/snort.conf
sudo apt install snort-custom-rules
sudo systemctl start snort
sudo systemctl enable snort
sudo apt update
sudo apt install suricata
/etc/suricata/suricata.yaml 文件来配置规则和输出:sudo nano /etc/suricata/suricata.yaml
sudo apt install suricata-custom-rules
sudo systemctl start suricata
sudo systemctl enable suricata
sudo apt update
sudo apt install iptables iptables-persistent
sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables -A INPUT -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
sudo netfilter-persistent save
sudo netfilter-persistent reload
sudo journalctl -u netfilter-persistent -f
通过上述步骤,你可以在Debian系统中配置入侵检测系统,以提高系统的安全性。
