2004 1094
1.... 1 1.1....1 1.2....3 1.3....3 2. POSTGRESQL... 5 2.1. POSTGRESQL DB UNIX...5 2.2. POSTGRESQL DB WINDOWS...8 3. XML... 12 3.1. XINDICE (NATIVE XML DATABASE)... 12 3.2. XINDICE... 12 3.3. CONFIG/DB.PROPERTIES... 13 3.4. JAMES (JAVA APACHE MAIL ENTERPRISE SERVER)... 14
1. 1.1. SQL XML 1.1.1. TCPDUMP Authoring APs Packet aggregator Perl JAVA as_pasth_d AS/Country analyzer IODEF Perl Alert aggregator IODEF sender AlertReceiver SNORT PostgreSQL IODEF receiver Apache James Aapche Xindice DB manager Analyzer AS map JFreeChart DB manager AP and Analyzer AP 1 JAVA Apache James Apache Xindice JFreeChart Cyber Solutions Inc., All rights reserved 1
PostgreSQL Perl 1 SNMP SNORT 1.1.2. Wide area tracker Perl JAVA SNORT AlertReceiver AS map IODEF/RID composer IODEF-RID GUI Perl Apache Axis RID query AS/Country analyzer as_pasth_d HTTP RID server Apache Axis Jakarta Tomcat SNMP Packet Chaser Local PacketChaser Packet Print Agent Packet Print Agent Packet Print Agent 2 JAVA Apache Axis Perl 1 1.3.1 Cyber Solutions Inc., All rights reserved 2
Apache Axis Jakarta Tomcat 2 SNMP SNORT 1.2. x 1 (Windows XP) 1 Linux/BSD 2 1.3. 1.3.1. JAVA 1.5 Perl 5.6/5.8 IP::Country::Fast; (Ver. 2.20) Geography::Countries; (Ver.1.4) SNORT 2.3.3SNMP PostgreSQL 8 Apache Xindece 1.0 Apache Axis 1.2.1 Apache James 2.2.0 Jakarta Tomcat 5.5.9 JFreeChart 1.0.0 JCommon 1.0.0 1.3.2. Roman API cysol_roman.jar as_path_d 2 1.3.1 Cyber Solutions Inc., All rights reserved 3
as_path_c PacketChaser cysol_ppe.jar cysol_alertreceiver.jar snmpd packet_hashing Cyber Solutions Inc., All rights reserved 4
2. PostgreSQL PostgreSQL DB PostgreSQL (BSD ) PostgreSQL /usr/local/pgsql postgres 2.1. PostgreSQL DB Unix UNIX 2.1.1. DB (1) PostgreSQL -------------------------------------------------------- $ cd /usr/local/pgsql -------------------------------------------------------- "postgres" (2) DB "data/postgresql.conf" ---- "tcpip_socket = true" ---- DB "postmaster" "i" ("-i" postmaster TCP/IP ) (3) DB DB sida sida77 DB -------------------------------------------------------- $./bin/createuser -P -E sida Enter password for user "sida": Cyber Solutions Inc., All rights reserved 5
Enter it again: Shall the new user be allowed to create databases? (y/n) n Shall the new user be allowed to create more new users? (y/n) n CREATE USER -------------------------------------------------------- (4) DB DBsidaAlertDB DB -------------------------------------------------------- $./bin/createdb -O sida -E EUC_JP sidaalertdb CREATE DATABASE -------------------------------------------------------- NOTE: "E" UNIX PostgreSQL EUC_JP (5) "data/pg_hba.conf" -------------------------------------------------------- $ vi./data/pg_hba.conf -------------------------------------------------------- "sida","sidaalertdb" ---------------------------------------------------------------- # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD host sidaalertdb sida 192.168.0.0 255.255.255.0 md5 ---------------------------------------------------------------- "sidaalertdb""sida" 192.168.0.0/255.255.255.0 "md5" PostgreSQL (6) DB(postmaster) Cyber Solutions Inc., All rights reserved 6
(7) PostgreSQL:psql DB ----------------------------------------------------------------- $./bin/psql -U sida -W -h <DB Server> sidaalertdb Password: Welcome to psql 7.3.4, the PostgreSQL interactive terminal. sidaalertdb=> ----------------------------------------------------------------- <DB Server>=DB IP DB(sida) 2.1.2. SQL CREATE "tools/postgresql_sidaalerttable_create.sql" SQL ---------------------------------------------------------------------------------- $./bin/psql -U sida -W -h <DB Server> sidaalertdb < PostgreSQL_sidaAlertTable_create.sql ---------------------------------------------------------------------------------- CREATE SQL "psql" sidaalertdb -------------------------------------------------------------- SidaAlertDB=> dt List of relations Schema Name Type Owner --------+----------------+-------+----------- public sidaalerttable table sida -------------------------------------------------------------- Cyber Solutions Inc., All rights reserved 7
2.2. PostgreSQL DB Windows Windows 2.2.1. DB PostgreSQL8.0 pgadmin PostgreSQL DB OK PostgreSQL OK OK Sida Sida77 OK SidaAlertDB Sida EUC_JP pgadmin pg_hba.conf Pg_hba.conf PostgreSQL data/ Cyber Solutions Inc., All rights reserved 8
OK host SidaAlertDB Sida IP 192.168.0.0/24 md5 SidaAlertDBSida 192.168.0.0/24md5 trust pg_hba.conf PostgreSQL data/ pg_hba.conf # TYPE DATABASE USER CIDR-ADDRESS METHOD # IPv4 local connections: host all all 127.0.0.1/32 trust host SidaAlertDB Sida 192.168.0.0/24 md5 # IPv6 local connections: # host all all ::1/128 md5 PostgreSQL TCP/IP Cyber Solutions Inc., All rights reserved 9
pgadmin postgres.conf postgres.conf PostgreSQL data/ listen_addresses OK PostgreSQL PostgreSQL 2.2.2. Sida OK Sida Sida77 -SidaAlertDB -tool/ PostgreSQL_sidaAlertTable_create.sql Cyber Solutions Inc., All rights reserved 10
2.2.3. SidaAlertDB SidaAlertDB--public ALL /Public OK Cyber Solutions Inc., All rights reserved 11
3. XML XML XML 3.1. xindice (Native XML Database) xindice http://xml.apache.org/xindice/download.cgi external/j2se v1.3 Java xindice README docs/installdocs/install.windows Windows Unix 1. xindice bin/ PATH 2. J2SE JAVA_HOME 3. xindice XINDICE_HOME XINDICE_HOME/ # XINDICE_HOME/startup # XINDICE_HOME/bin/xindiceadmin shutdown -c /db 3.2. xindice xindice XML Document Document ID Collection iodef Collection Cyber Solutions Inc., All rights reserved 12
xindice (Native XML Database) db Collection Document iodef IncidentID incident1 IncidentID incident2 IncidentID incident3... db Collection db /db/iodef Collection # XINDICE_HOME/bin/xindiceadmin ac -c /db -n iodef Created : /db/iodef 3.3. config/db.properties IODEF Receiver/Archiver XML DB Mailet DB HOSTIPxindice DBPORT4080DB DATABASEdb Collection COLLECTIONiodefIODEF Collection Cyber Solutions Inc., All rights reserved 13
3.4. James (Java Apache Mail Enterprise Server) IODEF James Mailet IODEF XML James James (1) apps/james/sar-inf/config.xml <config> <James> <servernames> <servername> DNS <dnsserver> <servers> <server> Windows XP dnsserver audodiscovery false <remotemanager> <handler> <administrator_accounts> <account> (2) James James /usr/local/iodef_center/ Windows run.bat SMTP POP Unix # /usr/local/iodef_center/bin/run.sh Using PHOENIX_HOME: /usr/local/iodef_center Using PHOENIX_TMPDIR: /usr/local/iodef_center/temp Using JAVA_HOME: /usr/local/java Running Phoenix: Phoenix 4.0.1 James 2.2.0 Remote Manager Service started plain:4555 POP3 Service started plain:110 Cyber Solutions Inc., All rights reserved 14
SMTP Service started plain:25 NNTP Service Disabled Fetch POP Disabled FetchMail Disabled (3) iodef 4555 telnet ( Remote Manager Service ) (1) root # telnet <HOST ADDRESS> 4555 Trying 1<HOST ADDRESS>... Connected to <HOST ADDRESS>. Escape character is '^]'. JAMES Remote Administration Tool 2.2.0 Please enter your login and password Login id: Password: Welcome root. HELP for a list of commands adduser iodef iodef listusers adduser iodef iodef User iodef added listusers Existing accounts 1 Cyber Solutions Inc., All rights reserved 15
user: iodef James (2) IODEF XML James iodef XML XML DB shutdown Cyber Solutions Inc., All rights reserved 16