Makore manomwe mushure mekuumbwa kwebazi guru rekupedzisira, kuvhurwa kweshanduro nyowani yeZeek 3.0.0 network kupindirana kwekutsvaga uye traffic traffic system yakaratidzwa, yakambogoverwa pasi pezita reBro.
Zeek ipuratifomu yekuongorora traffic iyo inonyanya kukoshesa kuchengetedzwa kwechiitiko chekutevera, asi haina kuganhurirwa kune ichi chishandiso. ndinoziva ipa ma module ekuongororwa kwenzvimbo dzakasiyana-siyana dzekushandisa-netiweki, uchifunga mamiriro ehukama uye uchibvumira kuumbwa kweiyo yakazara rekodhi (faira) ye network chiitiko.
Mutauro-wakanangana nemusoro wenyaya unorongedzerwa kunyora zviitiko zvekutarisa uye kuona zvakashata, uchifunga nezve mamwe mamaki ezvivakwa. Iyo sisitimu yakagadziriswa kuti ishandiswe pane yakakwira bandwidth network.
Iyo API inopihwa yekubatanidzwa neyechitatu-bato ruzivo masystem uye chaiyo-nguva dhata kuchinjana.
IP mapakeji akabatwa nepap anoendeswa kune injini yechiitiko uyo anozvitambira kana kuzviramba. Anogamuchirwa mapakeji anoendeswa kune muturikiri script muturikiri.
Injini yechiitiko inoongorora mhenyu kana yakanyorwa network network kana mafaera trace kuburitsa kwazvakarerekera zviitiko. Inogadzira zviitiko kana "chimwe chinhu" chikaitika.
Izvi zvinogona kukonzerwa nemaitiro eZeek, senge achangotanga kana kusati kwapera kugadziriswa kweZeek, pamwe nechimwe chinhu chiri kuitika pane netiweki (kana trace faira) iri kupatsanurwa, senge Zeek achipupura chikumbiro cheHTTP kana chitsva TCP kubatanidza.
Zeek anoshandisa zvakajairika zviteshi uye zvine simba protocol kuona (kusanganisira masiginecha uye maitiro ekuongorora) kufungidzira zvirinani kududzirwa kwema protocols Zviitiko zviri zvematongerwo enyika zvisina kwazvakarerekera mukuti hazvisi zvakanaka kana zvakaipa, asi ingori chiratidzo kune chinyorwa kuti chimwe chinhu chakaitika.
Main nhau kubva kuna Zeek
Muchikamu chitsva ichi chekushandisa zvinoratidzwa izvo iyo parser yeNTP protocol yakanyorwazve kunyorwa uye nyowani nyowani yakawedzerwa yeMQTT.
Iko iko mabasa ekuongorora akagadziridzwa yeDNS, RDP, SMB, uye TLS. YeDNS, SPF rekodhi ongororo inopihwa, uye yeDNSSEC, RRSIG, DNSKEY, DS, NSEC, uye NSEC3, uye inoenderana mepu yechiitiko inopihwa.
Zvakare zvese zvinongedzo kuzita "mukoma" mumakwara emafaira, kumisikidzwa, mapakeji, zvinyorwa, nzvimbo dzemazita uye mashandiro zvinotsiviwa ne «zeek» (Kuenderana kumashure kwakachengetedzwa kuitira kusangana kumashure.) Iyo bro-pkg package maneja yakapihwa zita rekuti zkg.
Yeimwe shanduko yakaratidzwa mukuzivisa kweshanduro iyi nyowani:
- Yakagadziriswa rutsigiro kune de-encapsulate hova dzinofambiswa mukati meVXLAN tunnel
- Wakawedzera rutsigiro rwehukama nerudzi NFLOG
- Wakawedzera kugona kwekuchengetedza yakatorwa dhata marekodhi mu UTF8 encoding.
- Tsigiro yekuvharwa kwemabasa asingazivikanwe yakawedzerwa kumutauro wekunyora, tafura yekuverenga tafura yakawedzerwa mune yakakosha-kukosha fomati ("ye (kiyi, kukosha mu t)").
- Kuwedzera Python-maitiro vector kupatsanura mashandiro ("v [2: 4]")
- Chimiro chitsva cheparaglob chakakurudzirwa kuti chikwirirane masiki etambo mune makuru mabhainari data seti
- Wakawedzera rutsigiro rweSMB 3.x protocol mune iyo SMB parser uye rutsigiro rweTLS 1.3.
Maitiro ekuisa Zeek paLinux?
Mune dzino nguva (mune yakanyorwa chinyorwa) iyo zeek pasuru haisati iri muzvinyorwa zvekuparadzirwa kweLinux, iyo parizvino ichiri yazvino vhezheni ye "Bro".
Kuti kana iwe uchida kuisa iyi nyowani vhezheni yeZeek 3.0 vanofanirwa kurodha pasi rekodhi yekodhi vobva vanyora pakombuta yavo.
Kuti vaite izvi, izvo zvavanofanira kuita kuvhura terminal uye mairi ita zvinotevera mirairo:
git clone --recursive https://github.com/zeek/zeek ./configure && make && sudo make install
Uye vakagadzirira nayo, vanenge vatove neiyi traffic analyzer yaiswa.