HP UX Internet Express Software Snort Intrusion Detection System, Viewing FireScreen Statistics

Page 184

Figure 62 View Log File Page

To specify the types of events to be recorded in the FireScreen log file, access the Configure FireScreen menu and choose Set Options. See Section : Setting Command-Line Options for more information.

Viewing FireScreen Statistics

FireScreen invokes the /usr/sbin/screenstat command to display statistics for IP packet handling.

To view FireScreen statistics, choose View Statistics from the View FireScreen Status menu.

The statistics are displayed (Figure 63).

Figure 63 View Statistics Page

Snort Intrusion Detection System

Snort is an intrusion detection system which enables you to log packets, and track network activity on IP networks. Snort files are installed in the following directories:

Directory

Contents

Subset

/usr/internet/security

Snort executable Snort configuration file

IAESNORT

/usr/internet/docs/snort

Snort documentation

IAESNORT

On Tru64 UNIX, Snort runs in two different modes: sniffer, packet logger, and network intrusion detection. Network intrusion detection currently does not work on Tru64 UNIX. In sniffer mode, Snort will continually read packets from the network and display them on the console. In packet logger mode, it will write the packets to a log file on disk.

Sniffer Mode — display TCP/IP packet headers

./snort -v(show IP and TCP/UDP/ICMP headers)

./snort -vd(include packet data)

184 Network Security Administration

Image 184
Contents Internet Express for Tru64 Unix Version AbstractPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 XML Component Administration 164 Web Services Administration 155Network Security Administration 167 Proxy Services Administration 190 Ldap Directory Server Administration 195FTP Server Administration 213 OpenSLP Administration 207Samba File and Print Server Administration 216 InterNetNews Server Administration 225 Internet Relay Chat Administration 248PostgreSQL Database and MySQL Administration 249 Bind Domain Name Server Administration 260Jabber 265 Twiki 266Intended Audience About This DocumentDocument Organization Command Typographic ConventionsComputer output User inputReading Documentation Using the Administration Utility Reading Documentation Using the Public Web ServerRelated Information Reading the DocumentationReading Documentation from the Internet Express CD-ROM Reading Reference Pages for Internet Express ComponentsOn a Tru64 Unix System On a PCReaders Comments Reading the Open Source Software Component Documentation# man -M /usr/news/man active.5 Internet electronic mail readerscomment@zk3.dec.comReaders Comments Using the Administration Utility Using the Administration UtilityUsing the Administration Utility Main Menu Administration Utility Menu Options and TasksRegistering Your Internet Express Installation Navigating the Administration UtilityUsing Administration Utility Forms Register OnlineSample Administration Utility Form Accessing Administration Servers Internet Express Accounts and PortsPort Number Description 8081 Internet ExpressAccessing and Managing the Internet Monitor Accessing the Internet Express Login AccountManaging Internet Express in a TruCluster Environment Using Internet Express Services in a Cluster Installing and Removing ComponentsTruCluster Impact on Internet Express Administration Installing and Removing Components Keywords for URL LineHostname of the local host Port number from the current Web serverAccessing Web-Based System Management Tools Performing Web-Based System ManagementTuning Kernel Attribute Values Accessing Web-Based System Management ToolsUsing the Administration Utility Internet Express and AlphaServer Products Web Sites Where to Find More InformationOpen Source Software Web Sites Expect FirefoxFreeRADIUS GnuPGIRC Server JabberLynx Web Browser Majordomo Automated Internet Mailing Lists ManagerMySQL OpenLDAPOpenSLP PerlPostgreSQL Relational Database Management System Procmail Mail Filtering LanguagePure-FTP Server Samba File and Print ServerSystem Security Web Sites Other Useful Web Sites ApplicationsInterNIC MicrosoftEncompass User Administration Manage Users MenuUser Administration Overview of User AccountsAssigning Passwords to User Accounts Purging Obsolete PasswordsSpecifying User Names Overview of User AccountsSearching for User Accounts Searching for User AccountsAssigning Users to Groups Selecting User AccountsCreating Captive Accounts for Named Users Shows the Create Named User Account formCreating Captive Accounts for Generic Users Creating a Named User AccountCreating a Noncaptive Account for a Unix System User Creating Generic User AccountsTo create a group, see Section Creating Groups Creating a Noncaptive Account for a Unix System UserCreating Groups Creating a System User AccountDisplaying User Account Information Creating GroupsDeleting User Accounts Displaying User Account InformationChanging Groups for User Accounts Changing Groups for User AccountsUser Administration Changing the Password for an Account Changing the Password for an AccountChanging Mail Services for Users Assigning POP with Password Mail Service Assigning Regular Delivery Mail ServiceChanging Mail Services for Users Assigning the Cyrus Imap Mail Service Assigning Cyrus Imap with Password Mail ServiceAssigning Apop with Password Mail Service Managing the iass AccountChanging the iass Account Forwarding Address Managing the .users.list FileManaging the User Self-Administration Feature Listing User Accounts and PasswordsPurging Passwords for User Accounts Removing the .users.list FileEnabling and Disabling the User Self-Administration Feature Managing the User Self-Administration FeatureManage User Self-Administration Menu Modifying the Web Server Configuration Configure Web Server for Self-Administration FormEnabling and Disabling Login Delays Modify Web Server ConfigurationManaging User Self-Administration Groups Adding GroupsDeleting and Modifying Groups Adding GroupsCustomizing the User Self-Administration Feature Enabling and Disabling GroupsUser Administration Managing the Ldap Module for System Authentication User AuthenticationManaging the Ldap Module for System Authentication Example 1 Security Matrix Enabled for Ldap User AuthenticationLdap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Creating Branches Value of searchbase Value of machinedn Value of machinepassExtended Ldap Schema for Unix Account Information Userbranch ou=accounts,searchbaseIndexing Attributes for the Directory Servers Adding Indices for OpenLDAP Configuring the Ldap Module for System AuthenticationLdap Database Index Types Configuring the Ldap Module for System Authentication Modifying the Ldap Module ConfigurationDefining Ldap System Parameters Configuring Ldap Password Attributes Configuring Ldap Group Attributes Importing and Exporting Users from /etc/passwd Testing the Ldap Module ConfigurationEnabling and Disabling the Ldap Module Importing Users into the Directory Server Importing Users from NISExporting Users from the Directory Server Adding an Ldap User in a C2 EnvironmentAccess Control Ldap Database Utilities Remove login names from specified group Remove login names from all groupsFile in which to store search results the default is Authentication mechanismExtracting Users from the /etc/passwd File Checking the Ldap Server ConfigurationAdding a User Entry Deleting a User Entry Retrieving a User EntryAdding a Group Entry Synchronizing with a Password FileLdapsyncuser -b branch filename Maintaining Group Membership Deleting a Group EntrySetting a Users Password in the Ldap Directory Server Retrieving a Group EntryStarting the ldapcd Daemon Ldapgetgroup -b branch -f input-fileMaintaining the Ldap Directory Server Using Ldap Commands Stopping the ldapcd DaemonAdding Entries to an Ldap Database Modifying Entries in an Ldap DatabaseAuthentication Actions Performed Files Modified by theLDAP Module for System AuthenticationOverview of the Ldap Client Actions Performed by the Ldap ClientOperation of login/su Behavior of the the ldapdc DaemonDebugging ldapdc Etc/ldapusers.allow# su user1 Mail Delivery Administration Sendmail Server AdministrationMail Delivery Administration Bogofilter to filter spam Section Bogofilter Spam FilterConfiguring the System as a Standalone Mail System Configuring the System as a Mail ClientConfiguring the System as a Mail Server Ldap see Section Configuring LdapCreating and Deleting Host Aliases for a Mail Server Changing the Sendmail Server Configuration Sendmail Server AdministrationConfiguring Mail Protocols PSInet see Section Configuring the X.25 ProtocolThrough Section Configuring the X.25 Protocol Creating and Deleting Pseudo Domain AliasesConfiguring the MTS Protocol Configuring the DECnet Phase IV ProtocolConfiguring the DECnet/OSI Protocol Configuring the Uucp Protocol Configuring the X.25 ProtocolConfiguring Masquerading Accessing the Configure Masquerading FormRoot Postmaster News Uucp Configuring Your System for Masquerading Mailer-daemon Rdist Nobody Daemon Pop ImapConfiguring Virtual Domains Example 4 Sample Virtual Domain Table# makemap btree virtusertable virtusertable Enabling Procmail as a Local Mailer Enabling Anti-VirusConfiguring Anti-Spam Configuring RelayingConfiguring the Access Database Example 5 Sample Access Database for the Sendmail ServerConfiguring an Access Database Configuring Ldap Configuring Checking on Senders InformationConfiguring Mail Filters Milter Shows the Configure Ldap formSocket local/var/run/f1.sock Socket inet1099@remotehost.comSocket inet61066@myhost.com Socket inet1066@myhost.com,T=C5mS10sR10sE5mSample -p local/var/run/example1.sock Configuring Queues Adding a QueueModifying a Queue Group # sendmail -bt -q queue-nameDeleting a Queue Group Queue Timers Configuring Queue PerformanceGeneral Queue Properties Sendmail Timers Configuring Trusted Layer SecuritySendmail Tunable Parameters Certificate Defaults Certificate Issuer One that issues certificates a CATLS Certificate Values Certicate Authority Abbreviation Certificate AuthorityEnabling Support Using the Access Database VERIFYbits CIname Sendmail Server Administration Marked as permanentFailure marked as temporary SideControlling the Sendmail Server Configuring Mailbox AccessRelay or Subject Majordomo Mailing List Administration Majordomo Mailing List AdministrationViewing the Sendmail Server Log Creating a Majordomo Mailing ListChanging a Majordomo Mailing List Configuration Changing List Owner or CharterChanging Administration Parameters Changing Subscription ParametersChanging Message Content Parameters Changing Command Access Parameters Changing Digest ParametersChanging Moderated List Parameters Changing List Restriction ParametersMailman Deleting a Majordomo ListChanging Address Processing Parameters MailmanCreating the Initial Mailman List Using a Script Create a Mailing ListDeleting a Mailing List Managing MailmanMailman Mailing List Administration Menu Bogofilter Spam Filter Mailman ScriptsMailman Log Files Training BogofilterUsing Bogofilter with procmail Filtering with BogofilterFilter Integration with Other Tools Bogofilter/wordlist.dbPine Integration with Bogofilter Mutt Integration with BogofilterMail Transport Agent MTA Integration with Bogofilter Bogofilter Spam Filter Mail Access Administration POP Mail Server AdministrationControlling the POP3 Server Controlling the POP2 ServerImap Mail Server Administration Imap Mail Server AdministrationViewing the POP Mail Server Log Setting Up a Unix User Account for Cyrus Imap Setting Up a Unix User Account for UW ImapConverting Imap Mail Folders Controlling the Cyrus Imap Server Controlling the UW Imap ServerUsr/dt/bin/mailcv -evdt -I -f foldername directoryname user Usr/dt/bin/mailcv -I -t -f ./bar dukeConfiguring SSL for UW-IMAP Viewing the Imap Server LogIMP Webmail Administration IMP Webmail AdministrationAccessing the IMP Webmail Administration Menu Enabling and Disabling IMP WebmailManaging Mail Server Settings Enable/Disable IMP WebmailModifying the Mail Server List IMP Mail Server SettingsAdding a Mail Server IMP Mail Server List Settings Modifying a Mail Server Managing Mailbox SettingsDeleting a Mail Server Managing Compose Settings IMP Mailbox SettingsIMP Compose Settings Managing Message SettingsPreference settings Managing Logging Settings IMP Message SettingsIMP Logging Settings Managing Preference Driver Settings Preference Driver SettingsManaging Miscellaneous IMP Settings Managing Horde SettingsMiscellaneous IMP Settings Setting Description Allow usage of foldersHorde Settings Managing Turba Settings Using IMP Upgrade Tools IMP Turba SettingsSetting Description Enabled Have access to their addressbookUpgrading IMP Configurations Upgrading IMP DatabasesIMP Database Upgrade Settings Additional Webmail Documentation Accessing IMP WebmailNew Preference Table Secure Web Server Administration Web Services AdministrationSecure Web Server Administration Accessing the Secure Web Servers Internet Express Ports and URLsChanging Configuration Parameters Configuration Files for Secure Web ServersWeb Server Management ServerChanging the Password for the Administration Web Server Httpd.conf Srm.conf Access.confHt//Dig Search Tool Administration Ht//Dig Search Tool AdministrationCreating the Search Index Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Documentation Searching the IndexHttp//hostname/htdig/search.html Directories and Subsets for XML Components XML Component AdministrationDirectories and Subsets for XML Components Apache Axis Server Administration Apache Cocoon Servlet AdministrationApache Axis Server Administration Managing the Apache Axis ServerEnabling and Disabling the Cocoon Servlet Managing the Apache Cocoon ServletViewing the Cocoon Log Files Network Security Administration TCP Wrapper AdministrationNetwork Services Wrapped by Internet Express Network Services Wrapped by Internet ExpressControlling Access to Other Network Services Modifying Access to a Wrapped Network ServiceTesting TCP Security Modifications Network Service Access OptionsFireScreen Administration FireScreen Administration MenuInstalling FireScreen FireScreen AdministrationChecking FireScreen Installation Prerequisites Etc/rc.config fileFireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Setting Command-Line Options Configure FireScreen MenuSet Options Confirmation Setting the Screening Mode Adding a Screening RuleAdd New Screening Rule Form Checking Syntax of Screening Rules Deleting a Screening RuleStarting and Stopping FireScreen Starting FireScreenStart/Stop FireScreen Form with Restart Option Enabled Stopping FireScreenViewing FireScreen Screening Rules Viewing FireScreen StatusViewing the FireScreen Log Viewing FireScreen Statistics Snort Intrusion Detection SystemUsr/internet/docs/snort Snort documentation Configuring Snort Decoder Configuring Snort PreprocessorOption Disable Decode Alert Snort -vd -l ./logRunning Snort FreeRADIUS Server AdministrationViewing Alert Messages Considerations While Installing FreeRADIUS Understanding FreeRADIUS Configuration FilesStarting and Stopping the FreeRADIUS Server Users FileClients.conf file Configure --disable-shared make make installRadiusd.conf file Viewing FreeRADIUS Log File Proxy Services Administration Dante Socks Server AdministrationProxy Services Administration Controlling the Dante Socks ServerSquid Proxy/Caching Server Administration Configuring the Dante Socks ServerAccessing Dante Socks Information Squid Proxy/Caching Server AdministrationReinitializing the Disk Cache Configuring the Squid Proxy/Caching ServerManaging the Squid Proxy/Caching Server Displaying Access Statistics Rotating Log FilesControlling the Squid Proxy/Caching Server Understanding the Ldap Directory Schema Ldap Directory Server AdministrationUnderstanding the Ldap Directory Schema Ldap Directory Server Administration Using the Ldap BrowserExample 6 Ldap Standard Object Class Definition for Person Installing and Running the Ldap Browser Connecting to an Ldap ServerManaging Frequently Used Connections Creating or Editing Frequently Used ConnectionsConnecting to an Ldap Server using SSL Disconnecting from an Ldap Server Using the Main Browsing WindowReconnecting to an Ldap Server Controlling Client-Side Schema Checking Opening a New Main WindowClosing a Main Window Viewing a Directory Entry in a Separate WindowAdding a New Directory Entry Modifying a Directory EntryDeleting a Directory Entry Copying a Directory EntryRenaming a Directory Entry Moving a Directory EntryAdding Attributes Modifying AttributesDeleting Attributes Managing Directory Entry TemplatesCreating Entry Templates Modifying Entry TemplatesViewing the Attribute Schema Viewing the Object Class SchemaSearching the Directory Managing and Using the OpenLDAP Directory Server User Configuration FileConfiguring the OpenLDAP Directory Server Managing the OpenLDAP Directory ServerLdap Directory Server Administration Configuration Files and Examples OpenSLP AdministrationOpenSLP Overview Using the OpenSLP Configuration and Registration Files Configuring OpenSLPConfiguring Optional Security Running the Services Configuring OpenSLPRunning the Example Configuration Considerations for Using SLP APIsDocumentation DocumentationOpenSLP Administration FTP Server Administration Administering Pure-FTP ServerAdministering Pure-FTP Server Creating or Modifying an Anonymous Pure-FTP User AccountEnabling or Disabling Anonymous Pure-FTP Access FTP Server AdministrationEnabling or Disabling chroot Upload /data/ftp /pub yes ftp daemonDisplaying Active Pure-FTP Users Enabling or Disabling Pure-FTP serverSamba File and Print Server Administration Options for Modifying the smb.conf Configuration FileUnderstanding the smb.conf Configuration File Samba File and Print Server AdministrationUnderstanding the smb.conf Configuration File WorkgroupAdd the following value Configuring the Samba Server Using the Swat Program Administering the Samba Server Using the Swat ProgramAdministering the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Configuring Share Parameters Configuring Global VariablesManage passwords see Section Administering Passwords Viewing the Current Configuration Administering PasswordsControlling Printers Viewing the Status of the ServerSamba File and Print Server Administration InterNetNews Server Administration 225InterNetNews Server Administration Specifying INN Configuration DataINN Daemons Configuring an External Newsfeed Configuring an External NewsfeedDisplaying an External Newsfeed Recommended Spool Space for News ArticlesArticle Retention Period Days 12 GBAdding an External Newsfeed Typically, a newsfeed has the following flags set Modifying an External Newsfeed Modifying Newsfeed DefaultsRemoving an External Newsfeed Managing Client Access Updating the Local Active FileAdding a Client Access Group Displaying Client Access GroupsAccess Groups Form Fields Modifying an Existing Client Access Group Removing a Client Access GroupDisplaying Client Authentication Groups Managing Client Authentication GroupsAdding Client Authentication Groups Client Authentication Groups Menu FieldsModifying Client Authentication Groups Usr/bin/news/auth/passwdConfiguring Storage Options Configuring Storage Method EntriesDeleting Client Authentication Groups Configuring Storage OptionsAdding a New Storage Method Class Options on the Configure Storage MenuModifying a Storage Method Class Configuring the Cnfs Storage Method Deleting a Storage Method ClassDisplaying Cnfs Entries Adding New Cnfs EntriesModifying Cnfs Entries Managing Article Expiration Displaying Article Expiration DefinitionsDeleting Cnfs Entries Managing Article ExpirationAdding an Article Expiration Definition Specific newsgroup for example, rec.photoManaging Article Expiration Modifying an Article Expiration Definition Specifying an Article Expiration DefinitionManaging Local Newsgroups Deleting an Article Expiration DefinitionModifying the Retention Period for Expired Articles Managing Local NewsgroupsCreating Local Newsgroups Viewing INN Log FilesDeleting Local Newsgroups Controlling the INN Server Controlling the INN ServerInternet Relay Chat Administration Configuring IRCInternet Relay Chat Administration Controlling the IRC ServerPostgreSQL Database and MySQL Administration Installing PostgreSQLInstalling PostgreSQL Starting and Stopping PostgreSQL ServerPostgreSQL Database and MySQL Administration Viewing the PostgreSQL Log FileAdministering PostgreSQL Accounts Administering PostgreSQL AccountsImportant Files and Directories Setting up a Crontab Entry for Vacuuming Databases Using Existing PostgreSQL AccountsRunning the Postmaster Startup Script PostgreSQL Files and DirectoriesSetting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form #/sbin/init.d/postgres stop Scaling PostgreSQL#/sbin/init.d/postgres start #ps -ef grep postmaster #/sbin/sysconfig -q ipcScaling PostgreSQL Administering MySQL Directories and Files Established by MySQL InstallationStarting and Stopping MySQL MySQL DirectoriesStarting and Stopping the MySQL Server Using a Command Line MySQL Configuration FilesViewing the MySQL Error Log MySQL Log FilesBind Domain Name Server Administration Bind OverviewImportant Bind Files and Directories Bind Files and DirectoriesBind Binary File Directories Enabling Bind Running the Bind Startup Script Bind DocumentationEnter /sbin/init.d/named start Enter /sbin/rcinet start Running the Bind Startup ScriptHttp//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Controlling the Jabber Server JabberControlling the Jabber Server Starting TWiki TwikiTwiki Sample client server configuration Sample client server configurationStunnel Sendmail Supplemental Information Creating a Certificate of AuthorityBackground OpenSSL Certificate Creation Sample mail filter Section Mail Filter ExampleMail Filter Example Mail Filter ExampleSendmail Supplemental Information Smfiversion Glossary GlossaryFTP 273See also Https See TCP/IP 275Index SymbolsIndex Web site, 30 external newsfeed adding Decus see Encompass deinstall.sh script277 Index Log file FireScreen viewing, 183 login account Ldap client, 87 Ldap commands279 Index Poppassd server controlling OpenLDAP Project Web site281 Screening mode, 178 screening rule FireScreen TIN 283
Related manuals
Manual 34 pages 37.15 Kb