728x90
▶ cat 명령어를 이용하여 파일의 내용 살펴보기
┌──(kali㉿kali)-[~]
└─$ sudo cat /etc/snort/snort.conf
[sudo] password for kali:
#--------------------------------------------------
# VRT Rule Packages Snort.conf
#
# For more information visit us at:
# http://www.snort.org Snort Website
# http://vrt-blog.snort.org/ Sourcefire VRT Blog
#
# Mailing list Contact: snort-sigs@lists.sourceforge.net
# False Positive reports: fp@sourcefire.com
# Snort bugs: bugs@snort.org
#
# Compatible with Snort Versions:
# VERSIONS : 2.9.7.0
#
# Snort build options:
~~~~~~
특히 파일의 마지막 부분을 살펴보고자 할때 불편하다.
▶ head & tail
┌──(kali㉿kali)-[~]
└─$ sudo head /etc/snort/snort.conf
#--------------------------------------------------
# VRT Rule Packages Snort.conf
#
# For more information visit us at:
# http://www.snort.org Snort Website
# http://vrt-blog.snort.org/ Sourcefire VRT Blog
#
# Mailing list Contact: snort-sigs@lists.sourceforge.net
# False Positive reports: fp@sourcefire.com
# Snort bugs: bugs@snort.org
┌──(kali㉿kali)-[~]
└─$ sudo tail /etc/snort/snort.conf
# include $SO_RULE_PATH/smtp.rules
# include $SO_RULE_PATH/snmp.rules
# include $SO_RULE_PATH/specific-threats.rules
# include $SO_RULE_PATH/web-activex.rules
# include $SO_RULE_PATH/web-client.rules
# include $SO_RULE_PATH/web-iis.rules
# include $SO_RULE_PATH/web-misc.rules
# Event thresholding or suppression commands. See threshold.conf
include threshold.conf
파일의 처음 20줄을 보려면
┌──(kali㉿kali)-[~]
└─$ sudo head -20 /etc/snort/snort.conf
#--------------------------------------------------
# VRT Rule Packages Snort.conf
#
# For more information visit us at:
# http://www.snort.org Snort Website
# http://vrt-blog.snort.org/ Sourcefire VRT Blog
#
# Mailing list Contact: snort-sigs@lists.sourceforge.net
# False Positive reports: fp@sourcefire.com
# Snort bugs: bugs@snort.org
#
# Compatible with Snort Versions:
# VERSIONS : 2.9.7.0
#
# Snort build options:
# OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
#
# Additional information:
# This configuration file enables active response, to run snort in
# test mode -T you are required to supply an interface -i <interface>
▶ 줄 번호를 붙여 파일의 내용 보기
┌──(kali㉿kali)-[~]
└─$ sudo nl /etc/snort/snort.conf
1 #--------------------------------------------------
2 # VRT Rule Packages Snort.conf
3 #
4 # For more information visit us at:
5 # http://www.snort.org Snort Website
6 # http://vrt-blog.snort.org/ Sourcefire VRT Blog
7 #
8 # Mailing list Contact: snort-sigs@lists.sourceforge.net
9 # False Positive reports: fp@sourcefire.com
10 # Snort bugs: bugs@snort.org
11 #
12 # Compatible with Snort Versions:
13 # VERSIONS : 2.9.7.
~~~~
~~~~
~~~~
621 # include $SO_RULE_PATH/multimedia.rules
622 # include $SO_RULE_PATH/netbios.rules
623 # include $SO_RULE_PATH/nntp.rules
624 # include $SO_RULE_PATH/p2p.rules
625 # include $SO_RULE_PATH/smtp.rules
626 # include $SO_RULE_PATH/snmp.rules
627 # include $SO_RULE_PATH/specific-threats.rules
628 # include $SO_RULE_PATH/web-activex.rules
629 # include $SO_RULE_PATH/web-client.rules
630 # include $SO_RULE_PATH/web-iis.rules
631 # include $SO_RULE_PATH/web-misc.rules
632 # Event thresholding or suppression commands. See threshold.conf
633 include threshold.conf
▶ grep 으로 파일 내용에서 원하는 단어 검색
-- snort.conf에서 output 단어가 들어가 줄만 보기
┌──(kali㉿kali)-[~]
└─$ sudo cat /etc/snort/snort.conf | grep output
# 6) Configure output plugins
# Step #6: Configure output plugins
# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
# output alert_unified2: filename snort.alert, limit 128, nostamp
# output log_unified2: filename snort.log, limit 128, nostamp
# output alert_syslog: LOG_AUTH LOG_ALERT
# output log_tcpdump: tcpdump.log
┌──(kali㉿kali)-[~]
└─$ sudo nl /etc/snort/snort.conf | grep output
33 # 6) Configure output plugins
445 # Step #6: Configure output plugins
450 # output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
451 output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
453 # output alert_unified2: filename snort.alert, limit 128, nostamp
454 # output log_unified2: filename snort.log, limit 128, nostamp
456 # output alert_syslog: LOG_AUTH LOG_ALERT
458 # output log_tcpdump: tcpdump.log
Ex) snort.conf 파일에서 "# Step #6: Configure output plugins" 라고 쓰여진 줄 바로 앞에 5줄을 표시하고 싶다.
1) 빈줄까지 포함하여 라인 넘버링하기
┌──(kali㉿kali)-[~]
└─$ sudo nl -ba /etc/snort/snort.conf
1 #--------------------------------------------------
2 # VRT Rule Packages Snort.conf
3 #
4 # For more information visit us at:
5 # http://www.snort.org Snort Website
6 # http://vrt-blog.snort.org/ Sourcefire VRT Blog
7 #
8 # Mailing list Contact: snort-sigs@lists.sourceforge.net
9 # False Positive reports: fp@sourcefire.com
10 # Snort bugs: bugs@snort.org
11 #
12 # Compatible with Snort Versions:
13 # VERSIONS : 2.9.7.0
14 #
15 # Snort build options:
16 # OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
17 #
18 # Additional information:
19 # This configuration file enables active response, to run snort in
20 # test mode -T you are required to supply an interface -i <interface>
21 # or test mode will fail to fully validate the configuration and
22 # exit with a FATAL error
23 #--------------------------------------------------
24
25 ###################################################
~~~~
~~~~
~~~~
2) output 들어간 줄번호 확인(빈줄 포함하여 라인 넘버링)
┌──(kali㉿kali)-[~]
└─$ sudo nl -ba /etc/snort/snort.conf | grep output
34 # 6) Configure output plugins
529 # Step #6: Configure output plugins
535 # output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
536 output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
539 # output alert_unified2: filename snort.alert, limit 128, nostamp
540 # output log_unified2: filename snort.log, limit 128, nostamp
543 # output alert_syslog: LOG_AUTH LOG_ALERT
546 # output log_tcpdump: tcpdump.log
┌──(kali㉿kali)-[~]
└─$ sudo tail -n+524 /etc/snort/snort.conf | head -n 6
# nested_ip inner, \
# whitelist $WHITE_LIST_PATH/white_list.rules, \
# blacklist $BLACK_LIST_PATH/black_list.rules
###################################################
# Step #6: Configure output plugins
┌──(kali㉿kali)-[~]
└─$
728x90
'Security > Kali Linux로 리눅스 기초 배우기' 카테고리의 다른 글
Kali Linux - 네트워크 (0) | 2023.07.25 |
---|---|
Kali Linux Text Editor(02) (0) | 2023.07.25 |
리눅스에서 소프트웨어 추가 삭제 (0) | 2023.07.24 |
kali Linux에 Ubuntu 레포지터리 추가 (0) | 2023.07.22 |
Kali Linux 설치 (0) | 2023.07.20 |