Moloch chirongwa chinopa maturusi ekuona kuongorora kuyerera kwetraffic uye tsvaga ruzivo rwakanangana nebasa re network. Iyo purojekiti yakasikwa mu2012 nechinangwa chekugadzira iyo yakavhurika kutsiva yeiyo yekutengesa chikuva network packet processing inogona kukwira kusvika padanho reAOL traffic traffic.
Kuunzwa kwesystem nyowani kuAOL kwakavatendera kuti vabudirire kutonga pamusoro pezvivakwa nekuvatumira pamaseva avo uye zvakanyanya kudzikisa mutengo.
Kushandisa Moloch kutora zvakakwana traffic pane ese maAOL network kunodhura zvakaenzana neapo uchishandisa mhinduro yekutengesa iyo yaimboshandisa kutora traffic pane imwechete network. Iyo sisitimu inogona kuyerwa kuti ibate traffic pakumhanya kwemakumi emakumi magigabiti pasekondi. Huwandu hwedata rakachengetwa hunogumira chete nehukuru hweiyo iripo disk array. Iyo metadata yechikamu yakanyorerwa musumbu rinotarisana neinjini yeElasticsearch.
Pamusoro paMoreki
Moloch inosanganisira maturusi ekutora uye index index muPCAP fomati zvakajairwa, pamwe nekukurumidza kuwana kune yakanyorwa data.
Kuti uongorore ruzivo rwakaunganidzwa, webhu interface inokurudzirwa iyo inobvumira kubhurawuza, kutsvaga uye kutumira kunze sampuli. Zvakare API inopihwa iyo inobvumidza iwe kuendesa data nezve akabatwa mapakeji muPCAP fomati uye yakaongororwa zvikamu muJSON fomati kune yechitatu-bato kunyorera. Uchishandisa iyo PCAP fomati zvakanyanya kurerutsa kusangana pamwe nepo aripo traffic analyzers seWireshark.
Kuwana kuMoreki kunodzivirirwa nekushandisa HTTPS nemapassword akasimba kana kushandisa proxy inosimbisa inopihwa newebhu dura. Ese maPAPAP anochengetwa muma sensors uye anongowanikwa chete kuburikidza neMoreki interface kana API. Moloch haina kuitirwa kutsiva IDS, asi inoshanda padhuze navo kuchengetedza uye kunongedza rese network traffic mune yakajairwa PCAP fomati, ichipa kukurumidza kuwana.
Moreki Inoumbwa nezvinhu zvitatu zvakakosha:
- Traffic capture system: inoverengeka kuverenga mutauro mutauro application kuongorora traffic, nyora PCAP marara ku diski, kuongorora mapaketi akabatwa, uye kutumira metadata nezve zvikamu (SPI, stateful packet kuongorora) uye maprotocol kune iyo Elasticsearch cluster. PCAP mafaera anogona kuchengetwa mune yakavharidzirwa fomu.
- Iyo webhu interface inoenderana neiyo Node.js chikuva, iyo inomhanya pane yega yega traffic inobata server uye inogadzirisa zvikumbiro zvine chekuita nekuwana yakanyorwa data uye kuendesa maPCAP mafaira kuburikidza neElasticsearch-based metadata repository uye API.
- Iyo yewebhu interface inopa akasiyana maitiro ekuratidziraKubva kuhuwandu hwehuwandu, mepu dzekubatanidza uye magirafu anoonekwa ane data pane shanduko mune network basa kune maturusi ekudzidza zvikamu zvega, kuongorora chiitiko neprotocol uye kuongorora data kubva kuPCAP marara.
Iyo kodhi yakanyorwa neC mutauro (Node.js / JavaScript interface) uye inogoverwa pasi peiyo Apache 2.0 rezinesi. Shanda paLinux uye FreeBSD inotsigirwa. Iwo akagadzirira-kushandisa-mapakeji akagadzirirwa akasiyana mavhezheni eCentOS uye Ubuntu.
Maitiro ekuisa Moloch paLinux?
Nokusingaperi, mapakeji akavakirwa Ubuntu neCentOS anopiwa, atinogona kuwana kubva kune yepamutemo webhusaiti yeiyo projekiti.
Muchiitiko cheavo vanoshandisa Ubuntu, vanogona kuwana iyo package nekutaipa imwe yeanotevera mirairo.
YeUbuntu 16.04 LTS:
wget https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-16.04/moloch_2.3.0-1_amd64.deb
YeUbuntu 18.04 LTS:
wget https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-18.04/moloch_2.3.0-1_amd64.deb
Kuisa, ingo nyora:
sudo apt install ./moloch*.deb
Muchiitiko cheavo vari vashandisi veCentOS, mapakeji aripo anogona kuwanikwa nekutaipa.
CentOS 6
wget https://s3.amazonaws.com/files.molo.ch/builds/centos-6/moloch-2.3.0-1.x86_64.rpm
CentOS 7
wget https://s3.amazonaws.com/files.molo.ch/builds/centos-7/moloch-2.3.0-1.x86_64.rpm
CentOS 8
wget https://s3.amazonaws.com/files.molo.ch/builds/centos-8/moloch-2.3.0-1.x86_64.rpm
Kuisa, ingo nyora:
sudo rpm install moloch*.rpm
Yenyaya yekumwe kugoverwa kuumbwa kunogona kuitwa nekutaipa:
git clone https://github.com/aol/moloch ./easybutton-build.sh --install make config
Pakupedzisira kumisikidzwa, unogona kubvunza iyo wiki kubva pane iyi link iripazasi.