IMoloch, uhlelo lokukhomba lwenethiwekhi yomthombo ovulekile

Darkcrizt

Imizuzu ye-4

IMoloch uhlelo olunikezela ngamathuluzi wokuhlola ukubonwa kokuhamba kwezimoto futhi useshe imininingwane ephathelene nomsebenzi wenethiwekhi. Iphrojekthi yadalwa ngo-2012 ngenhloso yokwakha indawo evulekile yesikhulumi sokuhweba ukucubungula iphakethe lenethiwekhi elingakhuphukela ezingeni lamavolontiya we-AOL.

Ukwethulwa kohlelo olusha kwa-AOL kubavumele ukuthi bakwazi ukulawula ngokuphelele ingqalasizinda ngokuyifaka kumaseva abo nokunciphisa kakhulu izindleko.

Ukusebenzisa iMoloch ukuthwebula ngokuphelele ithrafikhi kuwo wonke amanethiwekhi we-AOL kubiza inani elifanayo nalapho usebenzisa isisombululo sezohwebo esasisebenzisa ngaphambili ukuthwebula ithrafikhi kunethiwekhi eyodwa. Uhlelo lungenziwa ukukala ithrafikhi ngejubane lamashumi ama-gigabits ngomzuzwana. Inani ledatha eligcinwe likhawulelwe kuphela ngosayizi we-disk array etholakalayo. Imethadatha yeseshini ikhonjwe kuqoqo olususelwa kunjini ye-Elasticsearch.

Mayelana noMoloki

IMoloch ifaka amathuluzi wokuthwebula nokukhomba ithrafikhi ngefomethi ye-PCAP ejwayelekile, kanye nokufinyelela okusheshayo kwimininingwane enenkomba.

Ukuhlaziya imininingwane eqoqiwe, kuhlongozwa isikhombimsebenzisi sewebhu evumela ukuphequlula, ukusesha nokuthumela amasampula. Futhi kunikezwa i-API ekuvumela ukuthi udlulise idatha emayelana namaphakethe athathiwe ngefomethi ye-PCAP nezikhathi ezihlaziyiwe kufomethi ye-JSON kuzinhlelo zokusebenza zezinkampani zangaphandle. Ukusebenzisa ifomethi ye-PCAP kwenza kube lula ukuhlanganiswa nabahlaziyi bezimoto abakhona njenge-Wireshark.

Ukufinyelela kuMoloch kuvikelwe ngokusebenzisa i-HTTPS ngamaphasiwedi aqinile noma ngokusebenzisa iseva elibambayo elihlinzekwa yiseva yewebhu. Onke ama-PCAP agcinwa kuma-sensors futhi atholakala kuphela nge-Moloch interface noma i-API. IMoloch ayihloselwe ukufaka esikhundleni se-IDS, kepha isebenza eceleni kwayo ukugcina nokukhomba wonke umgwaqo wenethiwekhi ngefomethi ejwayelekile ye-PCAP, inikeze ukufinyelela okusheshayo.

Moloch Siqukethe izingxenye ezintathu eziyisisekelo:

  • Uhlelo lokuthwebula iTraffic: uhlelo lokusebenza lwe-C olunemibhalo eminingi ukuqapha ithrafikhi, ukubhala okulahlwa yi-PCAP kudiski, ukuhlaziya amaphakethe athunjiwe, nokuthumela imethadatha mayelana nezikhathi (i-SPI, ukuhlolwa kwamaphakethe okucacile) kanye nezinqubo kuqoqo le-Elasticsearch. Amafayela e-PCAP angagcinwa ngendlela ebetheliwe.
  • Isixhumi esibonakalayo sewebhu esisuselwa kungxenyekazi yeNode.js, esebenza kuseva ngayinye yokuthwebula ithrafikhi futhi icubungule izicelo ezihlobene nokufinyelela kudatha enenkomba nokudlulisa amafayela we-PCAP endaweni yokugcina yemethadatha esekwe ku-Elasticsearch kanye ne-API.
  • I-interface yewebhu inikeza izindlela ezahlukahlukene zokubonisaKusuka ezibalweni ezijwayelekile, amamephu wokuxhuma namagrafu abukwayo anedatha ekushintsheni komsebenzi wenethiwekhi kumathuluzi wokufunda amaseshini ngamanye, ukuhlaziya umsebenzi ngephrothokholi nokuhlaziya idatha kusuka kokulahla kwe-PCAP.

Ikhodi ibhalwe ngolimi lwe-C (isikhombimsebenzisi se-Node.js / JavaScript) futhi isatshalaliswa ngaphansi kwelayisense le-Apache 2.0. Ukusebenza ku-Linux ne-FreeBSD kuyasekelwa. Amaphakheji okulungele ukusetshenziswa alungiselelwe izinhlobo ezahlukahlukene ze-CentOS ne-Ubuntu.

Ungayifaka kanjani iMoloch kuLinux?

Ngokuzenzakalelayo kunikezwa amaphakheji akhelwe i-Ubuntu ne-CentOS, esingawathola kuwebhusayithi esemthethweni yephrojekthi.

Endabeni yalabo abasebenzisa Ubuntu, bangathola iphakethe ngokuthayipha noma iyiphi yale miyalo elandelayo.

Okwe-Ubuntu 16.04 LTS:

wget https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-16.04/moloch_2.3.0-1_amd64.deb

Okwe-Ubuntu 18.04 LTS:

wget https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-18.04/moloch_2.3.0-1_amd64.deb

Ukufaka, vele uthayiphe:

sudo apt install ./moloch*.deb

Endabeni yalabo abangabasebenzisi be-CentOS, amaphakheji atholakalayo angatholakala ngokuthayipha.

I-CentOS 6

wget https://s3.amazonaws.com/files.molo.ch/builds/centos-6/moloch-2.3.0-1.x86_64.rpm

I-CentOS 7

wget https://s3.amazonaws.com/files.molo.ch/builds/centos-7/moloch-2.3.0-1.x86_64.rpm

I-CentOS 8

wget https://s3.amazonaws.com/files.molo.ch/builds/centos-8/moloch-2.3.0-1.x86_64.rpm

Ukufaka, vele uthayiphe:

sudo rpm install moloch*.rpm

Okwenzelwa okunye ukwabiwa ukuhlanganiswa kungenziwa ngokuthayipha:

git clone https://github.com/aol/moloch

./easybutton-build.sh --install

make config

Ekugcineni ngokulungiselelwa, ungaxhumana i-wiki kusuka kusixhumanisi esingezansi.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.