頭城國小資訊組

BandwidthD 是一套可以在區域網路上顯示各個 IP 網路使用情形的程式，由 David Hinkle 所開發。

BandwidthD 官方網站：http://bandwidthd.sourceforge.net/
底下是在 CentOS 6.x x64 下安裝[@more@]

1. 下載 rpm 檔
# wget ftp://ftp.pbone.net/mirror/li.nux.ro/download/nux/misc/el6/x86_64/bandwidthd-2.0.1-15.el6.nux.x86_64.rpm

2. 安裝所須套件
# yum install libpcap-devel libpng-devel gd-devel zlib-devel libpqxx

3. 安裝 BandwidthD
# rpm -ivh bandwidthd-2.0.1-15.el6.nux.x86_64.rpm

4. 修改設定檔 /etc/bandwidthd.conf
# vim /etc/bandwidthd.conf
加入要偵測的網段
subnet 192.168.1.0/24

5. 修改 /etc/httpd/conf.d/bandwidthd.conf
可以加上連線範圍的限定
# cat /etc/httpd/conf.d/bandwidthd.conf
Alias /bandwidthd /var/www/bandwidthd/htdocs

6. 設定開機時啟動
# chkconfig –level 3 bandwidthd on
# /etc/init.d/bandwidthd start

vlmcsd 是一套 OpenSource 的 KMS Emulator，可以在  Linux / Android / FreeBSD / Solaris / Minix / Mac OS / iOS / Windows 等平台上執行，也就是說，可以安裝在 Android / iPhone 的手機上，利用手機來啟動 Windows / Office。
vlmcsd 官方網站：https://github.com/Wind4/vlmcsd
[@more@]
KMS Emulator Server 架設
底下安裝在 CentOS 6.9 x64 之下
1. 下載 https://github.com/Wind4/vlmcsd/releases

2. 將下載下來的 binaries.tar.gz 上傳到 CentOS Server，並解壓縮
# tar xvzf binaries.tar.gz

3. 因為 vlmcsd 支援多個平台，這裡只需要 Linux 目錄下的 intel 平台
# mv binaries/Linux/intel /usr/local/vlmcsd

4. 建立連結方便執行
# ln -s /usr/local/vlmcsd/static/vlmcs-x64-musl-static /usr/local/bin/kms

5. 執行
# /usr/local/bin/kms &

6. 檢查是否有正常執行
# ps aux  | grep kms | grep -v grep
root       1675  0.0  0.0    196    52 ?        S    16:07   0:00 /usr/local/bin/kms
# netstat -antulp | grep kms
tcp        0      0 0.0.0.0:1688                0.0.0.0:*                   LISTEN      1675/kms
tcp        0      0 :::1688                     :::*                        LISTEN      1675/kms

7. 如果怕有問題，可以先考慮關閉 SELinux
# sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/’ /etc/selinux/config

8. 開啟防火牆並限定來源
# iptables -A INPUT -p tcp -s  192.168.131.0/24 –syn -m state –state NEW –dport 1688 -j ACCEPT

9. 放在 /etc/rc.local 中開機時立即執行
# echo “/usr/local/bin/kms &” >> /etc/rc.local

Windows Client 10 認證，以 Windows 10 Enterprise 1703 15063 為例

10. 以系統管理員身份執行 命令提示字元

11. 執行指令

slmgr.vbs -upk(可以不用做)

KMS Client Key
https://technet.microsoft.com/en-us/library/jj612867.aspx
https://www.dwhd.org/20150723_011447.html

slmgr.vbs -ipk NPPR9-FWDCX-D2C8J-H872K-2YT43(可以不用做)

slmgr.vbs -skms KMS’IP

slmgr.vbs -ato

slmgr.vbs -dlv

Windows 與 KMS Server 連線

Windows 10 已啟動

啟動 Office 2010
cscript “C:Program FilesMicrosoft OfficeOffice15ospp.vbs” /sethst:192.168.131.135
cscript “C:Program FilesMicrosoft OfficeOffice15ospp.vbs” /act

主要是更新 KB4015217

[@more@]KB4015217 x86 下載
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/04/windows10.0-kb4015217-x86_65df6a3d0319a0b0dfa6a5b6f2c3b4b6d2482b76.msu

KB4015217 x64 下載
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/04/windows10.0-kb4015217-x64_60bfcc7b365f9ab40608e2fb96bc2be8229bc319.msu

參考網頁：
浮雲雅築: [研究] Snort 2.9.6.2 + Barnyard 2.13 安裝 (CentOS 6.5 x64) 快速安裝程式
Startup script timeout (Centos 7) · Issue #141 · firnsy/barnyard2 · GitHub

底下參考自：讓Snort開始運作,Information Security 資安人科技網

Barnyard是一套用來讀取 Snort 統一輸出報表(Unified output)並將之轉存到資料庫的特製工具，並且會直接監視資料庫連線來預防資料的流失。統一輸出報表是 Snort3 種輸出報表的其中一個選項，它透過減輕 Snort  引擎中的有效負荷的傳輸(payload translation)來增快處理速度。

1. 安裝所需套件
# yum install git libtool libnet libnet-devel mariadb-devel daq-devel libyaml-devel file-devel libcap-ng-devel libpcap-devel libdnet-devel

2. 切換目錄
# cd /usr/local/src

3. 使用 git 下載 barnyard2
# git clone https://github.com/firnsy/barnyard2.git barnyard2
Cloning into ‘barnyard2’…
remote: Counting objects: 1292, done.
remote: Total 1292 (delta 0), reused 0 (delta 0), pack-reused 1292
Receiving objects: 100% (1292/1292), 1.04 MiB | 601.00 KiB/s, done.
Resolving deltas: 100% (896/896), done.[@more@]
4. 切換目錄
# cd barnyard2

5. 進行設定
# ./autogen.sh
Found libtoolize
libtoolize: putting auxiliary files in `.’.
libtoolize: copying file `./ltmain.sh’
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4′.
libtoolize: copying file `m4/libtool.m4′
libtoolize: copying file `m4/ltoptions.m4′
libtoolize: copying file `m4/ltsugar.m4′
libtoolize: copying file `m4/ltversion.m4′
libtoolize: copying file `m4/lt~obsolete.m4′
autoreconf: Entering directory `.’
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal –force -I m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize –copy –force
libtoolize: putting auxiliary files in `.’.
libtoolize: copying file `./ltmain.sh’
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4′.
libtoolize: copying file `m4/libtool.m4′
libtoolize: copying file `m4/ltoptions.m4′
libtoolize: copying file `m4/ltsugar.m4′
libtoolize: copying file `m4/ltversion.m4′
libtoolize: copying file `m4/lt~obsolete.m4′
autoreconf: running: /usr/bin/autoconf –force
autoreconf: running: /usr/bin/autoheader –force
autoreconf: running: automake –add-missing –copy –force-missing
configure.ac:11: installing ‘./config.guess’
configure.ac:11: installing ‘./config.sub’
configure.ac:8: installing ‘./install-sh’
configure.ac:8: installing ‘./missing’
autoreconf: Leaving directory `.’
You can now run “./configure” and then “make”.

6. 進行編譯及安裝
# ./configure –with-mysql –with-mysql-libraries=/usr/lib64/mysql
# make && make install

7. 複製檔案到相對應目錄
# cp /usr/local/src/barnyard2/rpm/barnyard2.config /etc/sysconfig/barnyard2
# cp /usr/local/src/barnyard2/rpm/barnyard2 /etc/init.d/

8. 更改檔案給予執行權限
# chmod +x /etc/init.d/barnyard2

9. 設定開機時啟動 barnyard2
# chkconfig –add barnyard2

10. 建立連結
# ln -s /usr/local/etc/barnyard2.conf /etc/snort/barnyard2.conf
# ln -s /usr/local/bin/barnyard2 /usr/bin/

11. 建立目錄
# mkdir -p /var/log/snort/eth0/archive/

12. 修改 /etc/init.d/barnyard2
# sed -i -e “s@BARNYARD_OPTS=@#BARNYARD_OPTS=@”   /etc/init.d/barnyard2
# sed -i -e “/BARNYARD_OPTS=”-D -c $CONF/aBARNYARD_OPTS=”-D -c /etc/snort/barnyard2.conf -d /var/log/snort -w /var/log/snort/barnyard2.waldo -l /var/log/snort -a /var/log/snort -f snort.log -X /var/lock/subsys/barnyard2-eth0.pid””   /etc/init.d/barnyard2

13. 修改 /etc/sysconfig/barnyard2
# sed -i -e “s@LOG_FILE=@#LOG_FILE=@”   /etc/sysconfig/barnyard2
# sed -i -e “/LOG_FILE=”snort_unified.log”/aLOG_FILE=”snort.log””   /etc/sysconfig/barnyard2

14. 修改 /etc/sysconfig/snort
# sed -i -e “s@ALERTMODE=fast@#ALERTMODE=fast@”    /etc/sysconfig/snort
# sed -i -e “s@BINARY_LOG=1@#BINARY_LOG=1@”    /etc/sysconfig/snort

15. 修改 /etc/snort/barnyard2.conf
# sed -i -e “s@config sid_file@# config sid_file@” /etc/snort/barnyard2.conf
# sed -i -e “/config sid_file/aconfig sid_file: /etc/snort/etc/sid-msg.map” /etc/snort/barnyard2.conf
# sed -i -e “/database: log to a variety of databases/aoutput database: log, mysql, user=barnyard2 password=123456 dbname=snort host=localhost” /etc/snort/barnyard2.conf

16. 修改 /etc/snort/snort.conf
# sed -i -e “s@output unified2@#output unified2@”    /etc/snort/snort.conf
# sed -i -e “/output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types/aoutput unified2: filename snort.log, limit 128”   /etc/snort/snort.conf

17. 建立資料庫及設定設用者帳號密碼
# /usr/bin/mysql -u root -p
MariaDB [(none)]> create database snortdb;
MariaDB [(none)]> grant all privileges on snortdb.* to barnyard2@localhost identified by ‘123456’;
MariaDB [(none)]> flush privileges;

19. 匯入資料
# /usr/bin/mysql snortdb -ubarnyard2 -p123456 < /usr/local/src/barnyard2/schemas/create_mysql

20. 進行測試
# /usr/local/bin/barnyard2 -T -c /etc/snort/barnyard2.conf -d /var/log/snort -w /var/log/snort/barnyard2.waldo -l /var/log/snort -a /var/log/snort -f snort.log -X /var/lock/subsys/barnyard2-eth0.pid

如果有無法啟動的狀況
# vim /etc/systemd/system/barnyard2.service
[Unit]
Description=Barnyard2 Dedicated Unified2 Spooler
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.log

[Install]
WantedBy=multi-user.target

# systemctl enable barnyard2.service
Created symlink from /etc/systemd/system/multi-user.target.wants/barnyard2.service to /etc/systemd/system/barnyard2.service.
# systemctl start barnyard2

21. 安裝 Base + adodb (Web UI)
# cd /usr/local/src
# wget http://nchc.dl.sourceforge.net/project/adodb/adodb-php5-only/adodb-518-for-php5/adodb518a.tgz
# wget http://nchc.dl.sourceforge.net/project/secureideas/BASE/base-1.4.5/base-1.4.5.tar.gz
# tar zxvf base-1.4.5.tar.gz -C /var/www/html
# mv /var/www/html/base-1.4.5 /var/www/html/base
# chmod a+w /var/www/html/base
# tar zxvf adodb518a.tgz -C /var/www/html
# chmod a+w /var/www/html/adodb5
# 修改 /etc/php.ini
# vim /etc/php.ini
date.timezone = “Asia/Taipei”
error_reporting = E_ALL & ~E_NOTICE
找到
; UNIX: “/path1:/path2”
;include_path = “.:/php/includes”
底下增加一行
include_path => .:/usr/share/pear:/usr/share/php

22. 重新啟動 Web Server
# systemctl restart httpd

23. 安裝過程畫面

24. 更改目錄權限
# chmod a-w /var/www/html/base
# chmod a-w /var/www/html/adodb5

主要是更新 KB4015583

更新後版本號碼 1703 15063.138

[@more@]KB4015583 x86 下載
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/04/windows10.0-kb4015583-x86_52ca9c493d16713b69803c5c7b950e521de47eef.msu
KB4015583 x64 下載
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/04/windows10.0-kb4015583-x64_eccc077a6b422ccc0854f8e1d9c90a64996a8e52.msu

行政公文用的到

x86
https://download.microsoft.com/download/3/F/5/3F5B3DEC-A698-4B6A-8BB9-A1A554EA103C/50906.00/Silverlight.exe

x64
https://download.microsoft.com/download/3/F/5/3F5B3DEC-A698-4B6A-8BB9-A1A554EA103C/50906.00/Silverlight_x64.exe

參考網站：
Setting up Snort – Part 4 – Installing PulledPork · Don Mizutani
How To Install Snort NIDS On CentOS 7 | Unixmen

# yum install git
# git clone https://github.com/shirkdog/pulledpork.git
# cd pulledpork/
# cp pulledpork.pl /usr/local/bin
# chmod +x /usr/local/bin/pulledpork.pl
# cp -v etc/*.conf /etc/snort
‘etc/disablesid.conf’ -> ‘/etc/snort/disablesid.conf’
‘etc/dropsid.conf’ -> ‘/etc/snort/dropsid.conf’
‘etc/enablesid.conf’ -> ‘/etc/snort/enablesid.conf’
‘etc/modifysid.conf’ -> ‘/etc/snort/modifysid.conf’
‘etc/pulledpork.conf’ -> ‘/etc/snort/pulledpork.conf’
# mkdir /etc/snort/rules/iplists
# touch /etc/snort/rules/iplists/default.blacklist[@more@]
安裝所須套件
# yum install perl-libwww-perl perl-Crypt-SSLeay perl-Sys-Syslog perl-Archive-Tar perl-LWP-Protocol-https
Test pulledPork Configuration
# /usr/local/bin/pulledpork.pl -V

修改設定檔 /etc/snort/pulledpork.conf
# egrep -v ‘^#|^$’ /etc/snort/pulledpork.conf
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|Oinkcode
rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community
rule_url=http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open
rule_url=https://snort.org/downloads/community/|opensource.tar.gz|Opensource
ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
rule_path=/etc/snort/rules/snort.rules
local_rules=/etc/snort/rules/local.rules
sid_msg=/etc/snort/etc/sid-msg.map
sid_msg_version=1
sid_changelog=/var/log/sid_changes.log
sorule_path=/usr/local/lib/snort_dynamicrules/
snort_path=/sbin/snort
config_path=/etc/snort/snort.conf
distro=RHEL-6-0
black_list=/etc/snort/rules/iplists/default.blacklist
IPRVersion=/etc/snort/rules/iplists
snort_control=/usr/bin/snort_control
enablesid=/etc/snort/enablesid.conf
dropsid=/etc/snort/dropsid.conf
disablesid=/etc/snort/disablesid.conf
modifysid=/etc/snort/modifysid.conf
version=0.7.3

進行更新
# /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l

    https://github.com/shirkdog/pulledpork
      _____ ____
     `—-,    )
      `–==  /    PulledPork v0.7.3 – Making signature updates great again!
       `–==/
     .-~~~~-.Y|_  Copyright (C) 2009-2016 JJ Cummings
  @_/        /  66_  cummingsj@gmail.com
    |          _(“)
        /-| ||’–‘  Rules give me wings!
      _  _
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2990.tar.gz….
        They Match
        Done!
Checking latest MD5 for community-rules.tar.gz….
        They Match
        Done!
IP Blacklist download of http://talosintelligence.com/feeds/ip-filter.blf….
Reading IP List…
Checking latest MD5 for opensource.tar.gz….
        They Match
        Done!
Blacklist version is unchanged, not updating!
Writing /var/log/sid_changes.log….
        Done

No Rule Changes

No IP Blacklist Changes

Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!

加入工作排程
# crontab -e
01 04 * * * /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l > /dev/null 2>&1

[@more@]

載路徑：
Windows 版本：
ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.20/misc/AdbeRdrUpd11020.msp

Mac 版本：
ftp://ftp.adobe.com/pub/adobe/reader/mac/11.x/11.0.20/misc/

[@more@]Windows 版本下載：
ftp://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/1700920044/AcroRdrDCUpd1700920044.msp

Mac 版本下載：
ftp://ftp.adobe.com/pub/adobe/reader/mac/AcrobatDC/1700920044/

檢查安裝版本：https://www.adobe.com/tw/software/flash/about/
                             https://get.adobe.com/tw/flashplayer/[@more@]

Windows 7 平台
Internet Explorer:
http://fpdownload.adobe.com/get/flashplayer/pdc/25.0.0.148/install_flash_player_ax.exe
Windows 8 / 8.1 / 10 / Server 2012 / Server 2012 R2 要從 Windows Update 更新

All Other Browsers(Firefox…):
http://fpdownload.adobe.com/get/flashplayer/pdc/25.0.0.148/install_flash_player.exe

Google Chrome(Opera)
http://fpdownload.adobe.com/get/flashplayer/pdc/25.0.0.148/install_flash_player_ppapi.exe

Mac 平台：
http://fpdownload.adobe.com/get/flashplayer/pdc/25.0.0.148/install_flash_player_osx.dmg