> Linux命令 > 如何在 Ubuntu 22.04 LTS 上安装 Zeek 网络安全监视器

如何在 Ubuntu 22.04 LTS 上安装 Zeek 网络安全监视器

Linux命令 Edge插件网 2年前 (2023-03-10) 767次浏览 已收录 0个评论

Zeek,以前称为Bro,是一个免费的开源软件网络安全监视器。专为高性能网络分析和安全监控而设计,为网络流量分析和安全监控提供平台。Zeek提供灵活的脚本语言和一组分析工具,使网络管理员和安全专业人员能够实时监控和分析网络流量,检测和响应安全威胁,并为事件响应和调查收集取证证据。如何在 Ubuntu 22.04 LTS 上安装 Zeek 网络安全监视器

在 Ubuntu 22.04 LTS Jammy Jellyfish 上安装 Zeek 网络安全监视器

第 1 步。首先,通过在终端中运行以下命令,确保所有系统软件包都是最新的。apt

<span class="pln">sudo apt update
sudo apt upgrade
sudo apt install wget apt</span><span class="pun">-</span><span class="pln">transport</span><span class="pun">-</span><span class="pln">https gnupg2 software</span><span class="pun">-</span><span class="pln">properties</span><span class="pun">-</span><span class="pln">common</span>

第 2 步。在 Ubuntu 22.04 上安装 Zeek 网络安全监视器

默认情况下,Zeek 在 Ubuntu 22.04 基本存储库中不可用。现在运行以下命令,将Zeek存储库添加到您的Ubuntu系统中:

<span class="pln">echo </span><span class="str">'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_22.04/ /'</span> <span class="pun">|</span><span class="pln"> tee </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">sources</span><span class="pun">.</span><span class="pln">list</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">security</span><span class="pun">:</span><span class="pln">zeek</span><span class="pun">.</span><span class="pln">list</span>

接下来,使用以下命令导入 GPG 密钥:

<span class="pln">curl </span><span class="pun">-</span><span class="pln">fsSL https</span><span class="pun">:</span><span class="com">//download.opensuse.org/repositories/security:zeek/xUbuntu_22.04/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/security_zeek.gpg</span>

添加Zeek存储库后,我们将能够在终端中使用以下命令开始安装:

<span class="pln">sudo apt update
sudo apt install zeek</span>

在安装过程中,系统将要求您选择邮件服务器,选择仅本地,然后按 Enter 键。系统将要求您提供邮件服务器主机名。

如何在 Ubuntu 22.04 LTS 上安装 Zeek 网络安全监视器

之后,您需要将Zeek安装路径添加到系统变量中:

<span class="pln">echo </span><span class="str">"export PATH=$PATH:/opt/zeek/bin"</span> <span class="pun">>></span> <span class="pun">~/.</span><span class="pln">bashrc</span>

接下来,使用以下命令激活系统变量:

<span class="pln">source </span><span class="pun">~/.</span><span class="pln">bashrc</span>

您可以通过运行以下命令来验证 Zeek 是否已安装:

<span class="pln">zeek </span><span class="pun">--</span><span class="pln">version</span>

第 3 步。配置 Zeek。

最后,您需要通过创建配置文件并定义要监视的网络接口来配置 Zeek:

<span class="pln">nano </span><span class="pun">/</span><span class="pln">opt</span><span class="pun">/</span><span class="pln">zeek</span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">networks</span><span class="pun">.</span><span class="pln">cfg</span>

在文件末尾添加更多网络:

<span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">8</span>          <span class="typ">Private</span><span class="pln"> IP space
</span><span class="lit">172.16</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">12</span>       <span class="typ">Private</span><span class="pln"> IP space
</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">16</span>      <span class="typ">Private</span><span class="pln"> IP space</span>

保存并关闭文件,然后使用您喜欢的文本编辑器编辑Zeek主配置文件:

<span class="pln">nano </span><span class="pun">/</span><span class="pln">opt</span><span class="pun">/</span><span class="pln">zeek</span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">node</span><span class="pun">.</span><span class="pln">cfg</span>

对以下行进行注释:

<span class="com">#[zeek]</span>
<span class="com">#type=standalone</span>
<span class="com">#host=localhost</span>
<span class="com">#interface=eth0</span>

此外,在文件末尾添加以下配置:

<span class="pun">[</span><span class="pln">zeek</span><span class="pun">-</span><span class="pln">logger</span><span class="pun">]</span><span class="pln">
type</span><span class="pun">=</span><span class="pln">logger
host</span><span class="pun">=</span><span class="pln">your</span><span class="pun">-</span><span class="pln">server</span><span class="pun">-</span><span class="pln">ip
</span><span class="com">#</span>
<span class="pun">[</span><span class="pln">zeek</span><span class="pun">-</span><span class="pln">manager</span><span class="pun">]</span><span class="pln">
type</span><span class="pun">=</span><span class="pln">manager
host</span><span class="pun">=</span><span class="pln">your</span><span class="pun">-</span><span class="pln">server</span><span class="pun">-</span><span class="pln">ip
</span><span class="com">#</span>
<span class="pun">[</span><span class="pln">zeek</span><span class="pun">-</span><span class="pln">proxy</span><span class="pun">]</span><span class="pln">
type</span><span class="pun">=</span><span class="pln">proxy
host</span><span class="pun">=</span><span class="pln">your</span><span class="pun">-</span><span class="pln">server</span><span class="pun">-</span><span class="pln">ip
</span><span class="com">#</span>
<span class="pun">[</span><span class="pln">zeek</span><span class="pun">-</span><span class="pln">worker</span><span class="pun">]</span><span class="pln">
type</span><span class="pun">=</span><span class="pln">worker
host</span><span class="pun">=</span><span class="pln">your</span><span class="pun">-</span><span class="pln">server</span><span class="pun">-</span><span class="pln">ip
</span><span class="kwd">interface</span><span class="pun">=</span><span class="pln">eth0
</span><span class="com">#</span>
<span class="pun">[</span><span class="pln">zeek</span><span class="pun">-</span><span class="pln">worker</span><span class="pun">-</span><span class="pln">lo</span><span class="pun">]</span><span class="pln">
type</span><span class="pun">=</span><span class="pln">worker
host</span><span class="pun">=</span><span class="pln">localhost
</span><span class="kwd">interface</span><span class="pun">=</span><span class="pln">lo</span>

保存并关闭文件,然后使用以下命令验证 Zeek 配置:

<span class="pln">zeekctl check</span>

接下来,现在使用以下命令部署 Zeek:

<span class="pln">zeekctl deploy</span>

最后,使用以下命令检查 Zeek 状态:

<span class="pln">zeekctl status</span>

输出:

<span class="typ">Name</span>         <span class="typ">Type</span>    <span class="typ">Host</span>             <span class="typ">Status</span>    <span class="typ">Pid</span>    <span class="typ">Started</span><span class="pln">
zeek</span><span class="pun">-</span><span class="pln">logger  logger   </span><span class="lit">142.250</span><span class="pun">.</span><span class="lit">4.100</span><span class="pln">    running   </span><span class="lit">58935</span>  <span class="lit">1</span> <span class="typ">Feb</span> <span class="lit">05</span><span class="pun">:</span><span class="lit">46</span><span class="pun">:</span><span class="lit">02</span><span class="pln">
zeek</span><span class="pun">-</span><span class="pln">manager manager  </span><span class="lit">142.250</span><span class="pun">.</span><span class="lit">4.100</span><span class="pln">    running   </span><span class="lit">58985</span>  <span class="lit">1</span> <span class="typ">Feb</span> <span class="lit">05</span><span class="pun">:</span><span class="lit">46</span><span class="pun">:</span><span class="lit">03</span><span class="pln">
zeek</span><span class="pun">-</span><span class="pln">proxy   proxy    </span><span class="lit">142.250</span><span class="pun">.</span><span class="lit">4.100</span><span class="pln">    running   </span><span class="lit">59035</span>  <span class="lit">1</span> <span class="typ">Feb</span> <span class="lit">05</span><span class="pun">:</span><span class="lit">46</span><span class="pun">:</span><span class="lit">05</span><span class="pln">
zeek</span><span class="pun">-</span><span class="pln">worker  worker   </span><span class="lit">142.250</span><span class="pun">.</span><span class="lit">4.100</span><span class="pln">    running   </span><span class="lit">59107</span>  <span class="lit">1</span> <span class="typ">Feb</span> <span class="lit">05</span><span class="pun">:</span><span class="lit">46</span><span class="pun">:</span><span class="lit">06</span><span class="pln">
zeek</span><span class="pun">-</span><span class="pln">worker</span><span class="pun">-</span><span class="pln">lo worker  localhost       running   </span><span class="lit">59104</span>  <span class="lit">1</span> <span class="typ">Feb</span> <span class="lit">05</span><span class="pun">:</span><span class="lit">46</span><span class="pun">:</span><span class="lit">06</span>

感谢您使用本教程在 Ubuntu 22.04 LTS Jammy Jellyfish 系统上安装 Zeek 网络安全监视器。有关其他帮助或有用信息,我们建议您查看Zeek官方网站

Edge插件网 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:如何在 Ubuntu 22.04 LTS 上安装 Zeek 网络安全监视器
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址