Manuals / Force10 Networks / Computer Equipment / Network Card

Force10 Networks 100-00055-01 manual Installation Files

Models: 100-00055-01

1 132

Download 132 pages 61.04 Kb

Page 46

#win32 example

Step Task

3Configure the following parameters in the file sguil.conf:

•Enable (1) or disable (0) the debug option

•Set the browser path.

•Set the Wireshark application path.

•Set the TLS library path, as shown in Figure 28.

•Set priority levels of the alert window.

Figure 28 Setting the TLS Library Path

#PATH to tls lib if needed (tcl can usually find this by default) #set TLS_PATH /usr/lib/tls1.4/libtls1.4.so

#win32 example

set TLS_PATH "c:/progra~1/Tcl/lib/tls1.4.1/tls14.dll"

Installation Files

Table 7 lists the files and directories created during installation that are relevant to running the Sguil system.

Table 7 Sguil Files and Directories

File	Location

Sensor

sensor installation directory	/usr/local/pnic-mgmt-lib/sguil-sensor

sensor configuration files	<install_dir>/nsm/sguil/etc

snort.conf	<install_dir>/nsm/sguil/etc/

log files	<install_dir>/nsm/sguil/logs

rules files	<install_dir>/nsm/sguil/rules

Snort logs	/var/log/Snort

Packet logs	/var/log/Sensor/LogPackets

Server

server installation directory	/usr/local/sguil-server

sguild.conf	<install_dir>/nsm/sguil/etc

log files	<install_dir>/nsm/sguil/logs

46	Network Security Monitoring

Image 46

Force10 Networks 100-00055-01 manual Installation Files, # win32 example set TLSPATH c/progra~1/Tcl/lib/tls1.4.1/tls14.dll

Contents

Version P-Series Installation and Operation GuideMay 27 Statement of Conditions Copyright 2008 Force10 NetworksTrademarks USA Federal Communications Commission FCC StatementInstallation ContentsContents PrefaceChapter Command Line InterfaceGraphical User Interface Web-based ManagementCompiling Rules Command Line ReferenceBasic Unix Commands Writing RulesAppendix F Appendix EGlossary Technical SupportObjectives PrefaceAbout this Guide AudienceAdditional Resources Information SymbolsRelated Documents P-Series Release NotesInstallation ChapterPhysical Connections System SpecificationsPB-10GE-2P Step Task Security Check BootingConfiguration Upgrading Softwarecd upgradedirectory mkdir ~/upgradedirectoryfilename ~/upgradedirectory scp username@serverabsolutepathcd upgradedirectory/firmware Commandcd upgradedirectory/pnic-compiler gmake installChapter Returning to the Default ConfigurationGetting Started To begin inspecting and filtering traffic you mustGetting Started Hardware Architecture Overview IntroductionChapter Types of Rules Sample Rules and FirmwareDeploying the P-Series Rule ManagementFirewall Deployment” on page 10-Gigabit Inline DeploymentFail-safe Deployment Optical Bypass 10-GigabitP1P0 Highly-available DeploymentPassive Deployment 10-GigabitNetwork Tap 10-Gigabit 10-Gigabit Capturing Matched TrafficNetwork Switch with SPAN port P-Series P10Capturing to a Host CPU M1 P1 P0 M0 Mirroring to Another DevicePB-10GE-2P Traffic to MonitorChapter 4 Graphical User Interface GUI Commands Command DescriptionManaging Rules, Policies, and Firmware PNIC0 Not ActiveGUI” on page Editing Dynamic Rules with the GUIdirectory see “Editing Dynamic Rules with the GUI” on page To manage firmware, see “Selecting Firmware with the GUI” on pageTo modify dynamic rules Managing Capture/Forward Policies with the GUITo change capture/forward policies fn9000013 Selecting Firmware with the GUIfn9000014 Runtime Statistics Figure 19 Runtime Statistics for Channel 0 and 1-FPGA Loaded Graphical User InterfaceReloading Firmware Graphical User Interface Launching the P-Series Node Manager Chapter 5 Web-based ManagementTo launch the P-Series Node Manager Figure 21 Lauching the P-Series Node Manager Web-based ManagementMonitoring System Performance on page Managing the P-Series using Node ManagerWeb-browser Security Certificates Managing Firmware Images on pageMonitoring System Performance Managing Firmware Images Managing the Network Interface CardFigure 25 P-Series Node Manager Card Management Panel Web-based ManagementManaging Policies Figure 26 P-Series Node Manager Policy Managment Panel Web-based ManagementSguil Server Chapter 6 Network Security MonitoringP-Series Sensors Sguil ClientInstalling the Sguil Server Installing the Sguil SystemInstalling the Sguil Sensor Hardware and Software RequirementsUninstalling the Sguil Server Installing the Sguil ClientWireshark Installation Files # win32 example set TLSPATH c/progra~1/Tcl/lib/tls1.4.1/tls14.dllRunning the Sguil Sensor Running the Sguil SystemWriting New Rules Running the Sguil Server Running the Sguil Client To run the Sguil Clientfn90028mp fn90027mpCLI commands are given in Command Line Reference on page Chapter 7 Command Line InterfaceCLI Commands Editing Dynamic Rules with the CLIIn Figure To enable MAC rewritingRemoving VLAN Tags Command Line Interface Rules Capacity Compiling RulesCreating Rules Files Compiling Rulespage Target DeviceMatch non-IP Traffic 3 Match Fragmented IPv4 Packets or IPv4 Packets w/ OptionsMaximum String Segmentation Evasion Rulessee Figure 36 on page see Figure 37 on pageEnter command gmake from pnic-compiler directory P-Series Installation and Operation Guide, version Figure 36 pnic-Compiler OptionSummary of configuration Starting and Stopping the pnic-Compilerwhich the .bit files in /usr/local/pnic/0 are Configuration and Generated Filesto which the .mapping files in /usr/local/pnic Compiler Errors Firmware FilenamesSnort Rule Headers Writing RulesSnort Rule Syntax ActionProtocol Source AddressesPorts Direction OperatorSnort Rule Options P-Series Rule SyntaxP-Series Supported Snort Keywords Destination Address and PortDynamic KeywordStatic protocolWriting Stateful Rules Stateful Matching= si ⎬ Equation∧ si then cpiStateful Rule Examples In TableHandling Segmentation Evasion Support for Snorts flow KeywordThe meta.rules File Support for Snorts within Keyword Anomalous TCP Flags Writing Rules Deploying the P-Series as a Firewall FirewallChapter Verify Drop mode is Enabled Enabling the FirewallDrop mode Disabled Drop mode Enabled Figure 39 Enabling and Disabling Drop ModeAllowing Traffic through the Firewall Writing Rules for a Firewall Deployment#permit let through and do not log to the host pnic aggregate-mode-enable on page pnic apply-firmware on page Appendix A Command Line Referencepnic aggregate-mode-disable on page pnic default-drop-disable on page pnic default-drop-enable on pagepnic updatemacvalue on page pnic vlan-remove-disable on page pnic aggregate-mode-disablepnic temp-mem-disable on page pnic temp-mem-enable on page pnic vlan-remove-enable on page pnic web-gui-start on pagepnic aggregate-mode-enable pnic apply-firmwarepnic show-firmwares Parameters Command History ExampleCommands Display the available firmwareEnable the capturing of packets via direct memory access pnic capture-offpnic capture-on Syntax Parameters Command History ExampleSyntax Parameters Command History Example pnic cardstatusCommands Commandspnic default-drop-disable pnic compilerulespnic diag pnic default-drop-enableTemporary memory is disabled while the firewall is enabled Parameters Command History ExampleUsage Information Parameters Command History ExampleVersion PMAIN2.3.0.014 root@localhost SW# pnic flow-teardown-disable pnic flow-teardown-disablepnic flow-teardown-enable pnic flow-teardown-enablepnic getmachashindex value for an IP address pairsDisable MAC rewriting pnic guiEnable MAC rewriting pnic updatemacvalueP-Series Installation and Operation Guide, version pnic gui Command ExampleExample pnic help pnic helpSyntax Command History Example output omittedSyntax Parameters Command History Example pnic linkdownpnic linkup CommandsCommands pnic loadconfParameters Command History Example Syntax Parameters Command HistoryAddress Corresponding Parameterpnic loadeproms number pnic loadepromspnic loadparams deprecated pnic loadparams numberAddress Corresponding ParameterCommand History Example Usage Information pnic loadrulesSyntax Parameters pnic macrewrite-off pnic macrewrite-onpnic off deprecated Syntax pnic offSyntax Parameters Command History Example pnic on deprecatedUsage Information Related Commands pnic on deprecatedpnic passive-mode-disable pnic paramsCommand pnic passive-mode-enablepnic passive-mode-enable CommandsSyntax Parameters Command History Example pnic resetconfpnic restart Stop capturing and matchingEnable the network interface pnic sguil-sensor-startDisable the network interface Syntax Command History ExampleCommands Stop the Sguil sensor using the command pnic sguil-sensor-stopSyntax Parameters Command History Example pnic sguil-sensor-start -fCommands pnic sguil-sensor-stopSyntax Parameters Command History Example pnic sguil-sensor-start Start the Sguil sensorSyntax Parameters Command History Example pnic showconfpnic show-firmwares CommandsCommands pnic showtechCommand History Example Syntax Parameters Command HistoryEnable the network interface pnic startLoad the capture/block configuration Load the runtime parameters Disable the network interface using the command pnic stopCommands pnic stopEnable the network interface Syntax Parameters Command History Examplepnic temp-mem-disable pnic temp-mem-enablepnic temp-mem-disable pnic updatemacvalueUse this command with the MAC rewrite feature Enable MAC rewritingpnic vlan-remove-disable pnic vlan-remove-disablepnic vlan-remove-enable pnic vlan-remove-enableDisable the web server using the command pnic web-gui-stop pnic versionpnic web-gui-start Display the driver versionCommands Enable the web server using the command pnic web-gui-startpnic web-gui-stop CommandExample Commandspnic web-gui-start RelatedAppendix A ack number Appendix BSnort Keywords dsize number numberKeyword Description uricontent ! “datastring”Keyword Rule SyntaxAppendix B meta Rules Appendix C Meta and Evasion RulesEvasion Rules Appendix C Command Appendix D Basic Unix CommandsUnix Commands DescriptionDescription vi CommandsCommand ? textAppendix E GlossaryState SnortSPAN Port Static RulesTechnical Support Accessing iSupport ServicesAppendix F Manual PagesLocating P-Series Serial Numbers Contacting the Technical Assistance CenterSerial Number see Locating P-Series Serial Numbers on page Requesting a Hardware Replacement To request replacement hardware, follow these stepsTechnical Support