meta data for this page
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
linux:ids [2024/04/26 13:24] niziak |
linux:ids [2024/04/26 15:04] (current) niziak |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| Only logs alerts. Need other tool to grep logs and send emails. | Only logs alerts. Need other tool to grep logs and send emails. | ||
| + | |||
| + | <file txt /etc/suricata/local.rules> | ||
| + | alert udp !$DHCP_SERVERS 67 -> any 68 (msg:"detect rogue DHCP servers!"; sid:123456789;) | ||
| + | #alert udp !$DHCP_SERVERS 67 -> 255.255.255.255 any (msg: "detect rogue DHCP server!"; sid:1000001;) | ||
| + | </file> | ||
| ===== SELKS ===== | ===== SELKS ===== | ||