第1页 / 共12页
第2页 / 共12页
第3页 / 共12页
第4页 / 共12页
第5页 / 共12页
第6页 / 共12页
第7页 / 共12页
第8页 / 共12页
Snort官方文档 Snort3 on Centos7.pdf
This guide walks through installing and configuring Snort 3 on CentOS 7. Some of the configured options may not be applicable to
all production sensors. Therefore, the steps in this guide should be implemented in a test environment first.
Snort 3 on CentOS 7
This guide was tested on CentOS 7 image:
Base Image
Release
Kernel
: CentOS-7-x86_64-Minimal-1801-02.iso
: CentOS Linux release 7.4.1708 (Core)
: 3.10.0-693.21.1.el7.x86_64
Snort 3 information:
Build
Source
: 244
: git clone
The following conventions are used for installing and configuring Snort.
Snort install prefix
Rules directory
AppID directory
IP Reputation lists directory
Logging directory
Snort Extra Plugins directory /usr/local/snort/extra
/usr/local/snort
/usr/local/snort/rules
/usr/local/snort/appid
/usr/local/snort/intel
/var/log/snort
This guide is broken into the following sections:
1. Preparation: this sections discusses setting up the basic requirements on the test host in order to compile and install
Snort 3
2.
Installing Snort 3 Dependencies: this section is broken into two subsections discussing the required and optional
Snort 3 dependencies.
2.1 Required Dependencies
2.2 Optional Dependencies
3.
Installing and Verifying Snort 3 Installation: this is the section in which Snort 3 is installed and its installation is
verified.
4. Installing Snort 3 Extra Plugins for Additional Capabilities: this section discusses installing Snort 3 extra plugins
and the additional functionality they provide to Snort 3 in a Snort 3 deployment scenario.
5. Configuring Snort 3: this section looks at configuring select modules and inspectors of Snort 3. Some of these
configurations may not be apply to all deployment scenarios. This section is further broken into the following subsections.
5.1 Global Paths for Rules, AppID, and IP Reputation
5.2 Setting up HOME_NET and EXTERNAL_NET
5.3 ips Module
5.4 reputation Inspector
5.5 appid Inspector
5.6 file_id and file_log Inspectors
5.7 data_log Inspector
5.8 logger Module
6. Running and Testing Snort 3: this section is dedicated to testing Snort 3 installation and the configurations made in
previous sections.
6.1 Running against a PCAP
6.2 Running against an Interface
7. References
1. Preparation
Ensure that the operating system and package repositories are up to date. Depending on the updates, a reboot maybe required.
# yum update
# reboot now
Some of Snort 3 dependencies will be installed from source. Create a directory that will contain the downloaded source code.
# mkdir source && cd sources
Some helper packages are installed to aid completing the setup. These packages are not required by Snort and can be removed later.
# yum install vim git wget
Snort 3 build 244 introduced two major changes to the way Snort 3 is built (http://blog.snort.org/2018/03/snort-update.html):
1. Building Snort 3 using autotools support was removed. This means that cmake must be used to compile Snort and the
compilation tools automake, libtool, autoconf are no longer required to be installed.
2. The minimum version of cmake required to build Snort 3 is version 3.4.3, up from version 2.8.11. Versions 3.X of cmake are not
available in the CentOS base repository, and will be installed from source.
Basic compilation tools installed from the repository: flex (flex), bison (bison), gcc (gcc), c++ (gcc-c++), and make (make).
# yum install flex bison gcc gcc-c++ make
Ensure any previous versions of cmake are removed and download the source code of cmake (3.10.3) for installation.
# yum remove cmake
# wget https://cmake.org/files/v3.10/cmake-3.10.3.tar.gz
# tar xf cmake-3.10.3.tar.gz
# ./configure
# make –j 8
# make install
After the installation is complete, the cmake binary will be located at /usr/local/bin/cmake. If cmake 2.X was previously
installed, the environment variable PATH must be updated to add /usr/local/bin to the path.
# which cmake
/usr/local/bin/cmake
# cmake --version
cmake version 3.10.3
2. Installing Snort 3 Dependencies
2.1 Required Dependencies
Snort 3 required dependencies are installed from both the CentOS base repository and packages source code. This is due to the fact
that some packages may not be available in the base repository, or if the packages exist, they are maybe old.
The following packages will be installed from CentOS base repository: dnet (libdnet-devel), hwloc (hwloc-devel), OpenSSL
(openssl-devel), pkgconfig (pkgconfig), zlib (zlib-devel).
# yum install libdnet-devel hwloc-devel openssl-devel zlib-devel pkgconfig
The following dependencies will be installed from their respective source code while demonstrating alternative installation methods
when applicable: LuaJIT, pcre, pcap, daq.
LuaJIT
LuaJIT is used for Snort configuration, optional script plugins for loggers, rule options, and Open AppID detectors. CentOS base
repository does not contain the luajit-devel package.
To install LuaJIT (2.0.5) from source:
# wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
# tar xf LuaJIT-2.0.5.tar.gz && cd LuaJIT-2.0.5
# make && make install
# cp /usr/local/lib/pkgconfig/luajit.pc /usr/lib64/pkgconfig/
Alternatively, the LuaJIT (2.0.4) package is available via the EPEL repository, which requires adding the EPEL repository first.
# yum install epel-release
# yum install luajit-devel
PCRE
The pcre package (8.32) in the base repository, while compatible with Snort 3, is older than the latest version (8.41), and some of
Snort 3 optional requirements, specifically Hyperscan, warns that pcre version 8.41 is not installed.
To install PCRE (8.41) from source:
# wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gz
# tar xf pcre-8.41.tar.gz && cd tar pcre-8.41
# ./configure --libdir=/usr/lib64 --includedir=/usr/include
# make && make install
Alternatively, to install PCRE from the base repository and ignore Hyperscan warnings:
# yum install pcre-devel
PCAP
The pcap package (1.5.3) in the base repository, while compatible with Snort 3, is older than the latest version (1.8.1).
To install PCAP (1.8.1) from source:
# wget http://www.tcpdump.org/release/libpcap-1.8.1.tar.gz
# tar xf libpcap-1.8.1.tar.gz
# cd libpcap-1.8.1
# ./configure --libdir=/usr/lib64 --includedir=/usr/include
# make && make install
Alternatively, to install PCAP (1.5.3) from the repository:
# yum install libpcap-devel
DAQ
Snort 3 requires daq version 2.2.2 for packet IO. Some of the daq modules can be disabled if not used. For example, if the afpacket
module will be used, other modules such as ipfw, nfq, etc. can be disabled.
# wget https://snort.org/downloads/snortplus/daq-2.2.2.tar.gz
# tar xf daq-2.2.2.tar.gz
# cd daq-2.2.2
Example - Configuring daq for afpacket while disabling other modules:
# ./configure --disable-ipfw-module --disable-ipq-module --disable-nfq-module --disable-netmap-module
Build AFPacket DAQ module.. : yes
Build Dump DAQ module...... : yes
Build IPFW DAQ module...... : no
Build IPQ DAQ module....... : no
Build NFQ DAQ module....... : no
Build PCAP DAQ module...... : yes
Build netmap DAQ module.... : no
Example - Configuring daq for nfq while disabling other modules. Note that using the nfq module requires an additional package to
be installed prior to configuring daq: libnetfilter (libnetfilter_queue-devel).
# yum install libnetfilter_queue-devel
# ./configure --disable-ipfw-module --disable-ipq-module --disable-afpacket-module --disable-netmap-module
Build AFPacket DAQ module.. : no
Build Dump DAQ module...... : yes
Build IPFW DAQ module...... : no
Build IPQ DAQ module....... : no
Build NFQ DAQ module....... : yes
Build PCAP DAQ module...... : yes
Build netmap DAQ module.... : no
Proceed with installing DAQ.
# make
# make install
2.2 Optional Dependencies
Snort optional dependencies include: lzma (xz-devel), hyperscan, cpputest, flattbuffers, safec, uuid (uuid-devel), and
iconv. Some of the optional dependencies will be installed from source code.
LZMA and UUID
Lzma is used for decompression of SWF and PDF files. In Snort 2.9.x, this was utilized by the http_inspect preprocessor. Snort 3
requires lzma version >= 5.1.2. The lzma package in CentOS repository is version 5.2.2.
Uuid is a library for generating and parsing Universally Unique IDs for tagging and identifying objects across a network.
# yum install xz-devel libuuid-devel
Hyperscan
Hyperscan is a high-performance multiple regex matching library. Snort 3 can utilize Hyperscan to build new the regex and
sd_pattern rule options and hyperscan search engine.
Prior to installing hyperscan, the following required dependencies should be installed and/or made available: Ragel, Boost, and
the optional dependency: sqlite3 (sqlite-devel).
Install sqlite3:
# yum install sqlite-devel
Download and install Ragel:
# wget http://www.colm.net/files/ragel/ragel-6.10.tar.gz
# tar xf ragel-6.10.tar.gz
# cd ragel-6.10
# ./configure
# make && make install
Download and decompress Boost, no installation is required:
# wget https://dl.bintray.com/boostorg/release/1.66.0/source/boost_1_66_0.tar.gz
# tar xf boost_1_66_0.tar.gz
Download and install Hyperscan:
# wget https://github.com/intel/hyperscan/archive/v4.7.0.tar.gz -O hyperscan-4.7.0.tar.gz
# tar xf hyperscan-4.7.0.tar.gz
# mkdir hs-build && cd hs-build
There are two methods to make Hyperscan aware of the Boost headers: 1) Symlink, or 2) Passing BOOST_ROOT pointing to the root
directory of the Boost headers to cmake. Both methods are shown below.
Method 1 – Symlink:
# ln -s ~/sources/boost_1_66_0/boost ~/sources/hyperscan-4.7.0/include/boost
# cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local ../hyperscan-4.7.0
Method 2 – BOOST_ROOT
# cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local -
DBOOST_ROOT=../boost_1_66_0 ../hyperscan-4.7.0
Proceed with installing Hyperscan – using “-j 8” will use makefiles in parallel and fasten the make process.
# make –j 8
# make install
# cp /usr/local/lib64/pkgconfig/libhs.pc /usr/lib64/pkgconfig/
Cpputest
# wget https://github.com/cpputest/cpputest/releases/download/v3.8/cpputest-3.8.tar.gz
# tar xf cpputest-3.8.tar.gz
# cd cpputest-3.8.tar.gz
# ./configure --libdir=/usr/lib64 --includedir=/usr/include
# make && make install
Flatbuffers
Flatbuffers is an efficient cross platform serialization library for games and other memory constrained apps. It allows direct access
of serialized data without unpacking/parsing it first.
# wget https://github.com/google/flatbuffers/archive/v1.8.0.tar.gz -O flatbuffers-1.8.0.tar.gz
# tar xf flatbuffers-1.8.0.tar.gz
# mkdir fb-build && cd fb-build
# cmake ../flatbuffers-1.8.0
# make -j 8
# make install
Safec
Safec is hosted on Sourceforge and some of the mirrors followed by the direct download link may be broken. If the download hangs
longer than expected, switch to a different mirror.
# wget https://downloads.sourceforge.net/project/safeclib/libsafec-10052013.tar.gz
# tar xf libsafec-10052013.tar.gz
# cd libsafec-10052013
# ./configure --libdir=/usr/lib64 --includedir=/usr/include
# make && make install
Iconv
Iconv is used for converting UTF16-LE filenames to UTF8.
# wget https://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.15.tar.gz
# tar xf libiconv-1.15.tar.gz
# cd libiconv-1.15
# ./configure
# make && make install
3. Installing and Verifying Snort 3 Installation
Now that all dependencies are installed, clone Snort 3 repository from GitHub.
# git clone https://github.com/snortadmin/snort3.git
# cd snort3
Before configuring Snort with the configure_cmake.sh script, set the LD_LIBRARY_PATH environment variable as below.
# export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib:/usr/local/lib
The following command will start configuring Snort with the supplied arguments such as the prefix. Note that the command may
fail and generate an error related to iconv as shown below.
# ./configure_cmake.sh --prefix=/usr/local/snort
-- Looking for iconv_open
-- Looking for iconv_open - found
-- Performing Test ICONV_COMPILES
-- Performing Test ICONV_COMPILES - Failed
CMake Error at cmake/FindICONV.cmake:130 (MESSAGE):
Unable to determine iconv() signature
Call Stack (most recent call first):
cmake/include_libraries.cmake:25 (find_package)
CMakeLists.txt:17 (include)
-- Configuring incomplete, errors occurred!
If the above error is encountered, add --define=ICONV_ACCEPTS_NONCONST_INPUT:BOOL=true argument to the
configuration command to become:
# ./configure_cmake.sh --define=ICONV_ACCEPTS_NONCONST_INPUT:BOOL=true --prefix=/usr/local/snort
Once the configuration completes, the configuration summary is displayed indicating the enabled features.
-------------------------------------------------------
snort version 3.0.0
Install options:
prefix: /usr/local/snort
includes: /usr/local/snort/include/snort
plugins: /usr/local/snort/lib64/snort
Compiler options:
CC: /bin/cc
CXX: /bin/c++
CFLAGS: -fvisibility=hidden -g -ggdb
CXXFLAGS: -fvisibility=hidden -g -ggdb
EXE_LDFLAGS:
MODULE_LDFLAGS:
Feature options:
Flatbuffers: ON
Hyperscan: ON
ICONV: OFF
LZMA: ON
SafeC: OFF
UUID: ON
-------------------------------------------------------
…
-- Build files have been written to: /root/sources/snort3/build
Proceed with installing Snort 3.
# cd build/
# make –j 8
# make install
Once the installation is complete, verify that Snort 3 binary is referencing the expected libraries. Note that Snort 3 binary references
the libsfaec library, however, the feature was reported OFF by the cmake configuration summary.
# ldd /usr/local/snort/bin/snort
linux-vdso.so.1 => (0x00007ffc1f3e3000)
libsfbpf.so.0 => /usr/local/lib/libsfbpf.so.0 (0x00007fa29897e000)
libpcap.so.1 => /lib64/libpcap.so.1 (0x00007fa298737000)
libdnet.so.1 => /lib64/libdnet.so.1 (0x00007fa298526000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fa298322000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa298105000)
libhwloc.so.5 => /lib64/libhwloc.so.5 (0x00007fa297ecb000)
liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fa297ca5000)
libluajit-5.1.so.2 => /usr/local/lib/libluajit-5.1.so.2 (0x00007fa297a34000)
libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007fa2975d3000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fa2973b5000)
libsafec-1.0.so.1 => /lib64/libsafec-1.0.so.1 (0x00007fa2971a9000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fa296fa4000)
libz.so.1 => /lib64/libz.so.1 (0x00007fa296d8e000)
libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007fa296a85000)
libm.so.6 => /lib64/libm.so.6 (0x00007fa296783000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fa29656d000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa2961a9000)
/lib64/ld-linux-x86-64.so.2 (0x0000557373961000)
libnuma.so.1 => /lib64/libnuma.so.1 (0x00007fa295f9d000)
libltdl.so.7 => /lib64/libltdl.so.7 (0x00007fa295d93000)
Verify that Snort 3 reports version and the library names and versions that Snort 3 is using.
# /usr/local/snort/bin/snort –V
,,_ -*> Snort++ <*-
o" )~ Version 3.0.0 (Build 244) from 2.9.11
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 2.2.2
Using LuaJIT version 2.0.5
Using OpenSSL 1.0.2k-fips 26 Jan 2017
Using libpcap version 1.8.1
Using PCRE version 8.41 2017-07-05
Using ZLIB version 1.2.7
Using FlatBuffers 1.8.0
Using Hyperscan version 4.7.0 2018-03-16
Using LZMA version 5.2.2
4. Installing Snort 3 Extra Plugins for Additional Capabilities
Snort 3 Extras is a set of C++ or Lua plugins to extend the functionality of Snort 3 in terms network traffic decoding, inspection,
actions, and logging. One particular Snort 3 extra plugin is emphasized and configured in this guide is the data_log inspector
plugin. The emphasis of this inspector is detailed in a later section.
Since Snort 3 was cloned from GitHub, the extra/ directory containing the plugins source code is already available. The prefix to
install the extra plugins will follow Snort’s initial installation prefix. The below compile commands will install the extra plugins into
/usr/local/snort/extra/.
Before building the extra plugins, the environment variable PKG_CONFIG_PATH must be set, which is also happens to be operating
system (64-bit) dependent in build 244. The path can be verified by simply listing Snort 3 installation directory.
Build 243: PKG_CONFIG_PATH=/usr/local/snort/lib/pkgconfig
Build 244: PKG_CONFIG_PATH=/usr/local/snort/lib64/pkgconfig
# cd snort3/extra
# export PKG_CONFIG_PATH=/usr/local/snort/lib64/pkgconfig
# ./configure_cmake.sh --prefix=/usr/local/snort/extra
# cd build/
# make –j 8
# make install
5. Configuring Snort 3
Snort 3 includes two main configuration files, snort_defaults.lua and snort.lua.
The file snort_defaults.lua contains default values for rules paths, and default networks, ports, wizards, and inspectors, etc.
The file snort.lua is the main configuration file of Snort, allowing the implementation and configuration of Snort inspectors
(preprocessors), rules files inclusion, event filters, output, etc. The file snort.lua uses the file snort_defaults.lua to import
defaults values for various Snort configurations.
An additional file file_magic.lua exists in the etc/snort/ directory. This file contains pre-defined file identities based on the
hexadecimal representation of the files magic headers. These help Snort identify the file types traversing the network when
applicable. This file is also used by Snort main configuration file snort.lua and does not require any modifications. The
configuration changes and the respective Snort 3 .lua files are shown below.
-
-
-
-
-
-
-
-
Configure rules, reputation, and AppID paths > snort_defaults.lua
Configure HOME_NET and EXTERNAL_NET > snort.lua
Configure ips module > snort.lua
Enable and configure reputation inspector > snort.lua
Configure AppID inspector > snort.lua
Configure file_id and file_log inspectors > snort.lua
Configure data_log inspector > snort.lua
Configure logging > snort.lua
Note that Snort inspectors and modules allow variety of customizations and configurations. The configurations made in this section
are minimal with the purpose of getting started with Snort 3.
5.1 Global Paths for Rules, AppID, and IP Reputation
Snort rules, appid, and reputation lists will be stored in their respective directory. The rules/ directory will contain Snort rules
files, the appid/ directory will contain the AppID detectors, and the intel/ directory will contain IP blacklists and whitelists.
# mkdir –p /usr/local/snort/{rules,appid,intel}
Snort Rules
Snort rules consist of text-based rules, and Shared Object (SO) rules and their associated text-based stubs. At the time of writing
this guide, the Shared Object rules are not available yet (http://blog.snort.org/2018/02/snort-30-ruleset-announcement.html).
The rules tarball also contains Snort configuration files. The configuration files from the rules tarball will be copied to the
etc/snort/ directory, and will be used in favor of the configurations files in from Snort 3 source code tarball.
To proceed with the configurations, download the rules tarball from Snort.org (PulledPork is not tested yet), replacing the oinkcode
placeholder in the below command with the official and dedicated oinkcode.
# wget https://www.snort.org/rules/snortrules-snapshot-3000.tar.gz?oinkcode=
-O snortrules-snapshot-3000.tar.gz
Extract the rules tarball and copy the rules to the rules/ directory created earlier.
# tar xf snortrules-snapshot-3000.tar.gz
# cp rules/*.rules /usr/local/snort/rules/
Copy the Snort configuration files from the extracted rules tarball /etc directory to Snort etc/snort/ directory.
# cp etc/* /usr/local/snort/etc/snort/
OpenAppID
Download and extract the OpenAppID package, and move the extracted odp/ directory to the appid/ directory created earlier.
# wget https://www.snort.org/downloads/openappid/6329 -O snort-openappid-6329.tar.gz
# tar xf snort-openappid-6329.tar.gz
# mv odp/ /usr/local/snort/appid/
IP Reputation
Download the IP Blacklist generated by Talos and move it to the intel/ directory created earlier. Enabling the Reputation
inspector while in IDS mode will generate blacklist hit alert when a match occurs, and traffic may not be inspected further.
# wget https://www.talosintelligence.com/documents/ip-blacklist
# mv ip-blacklist /usr/local/snort/intel/
Create an empty file for the IP whitelist, which will be configured along with the IP blacklist in the following section.
# touch /usr/local/snort/intel/ip-whitelist
Edit the snort_defaults.lua file with your favorite editor. The below snapshots of the configurations show the before and after
states of the configuration. The paths shown below follow the conventions mentioned at the beginning of this guide.
Change from:
---------------------------------------------------------------------------
-- default paths
---------------------------------------------------------------------------
-- Path to your rules files (this can be a relative path)
RULE_PATH = '../rules'
BUILTIN_RULE_PATH = '../builtin_rules'
PLUGIN_RULE_PATH = '../so_rules'
-- If you are using reputation preprocessor set these
WHITE_LIST_PATH = '../lists'
BLACK_LIST_PATH = '../lists'
Change to:
---------------------------------------------------------------------------
-- default paths
---------------------------------------------------------------------------
-- Path to your rules files (this can be a relative path)
RULE_PATH = '../../rules'
BUILTIN_RULE_PATH = '../builtin_rules'
PLUGIN_RULE_PATH = '../so_rules'
-- If you are using reputation preprocessor set these
WHITE_LIST_PATH = '../../intel'
BLACK_LIST_PATH = '../../intel'
APPID_PATH = '/usr/local/snort/appid'
All of the remaining changes will be made in Snort configuration file snort.lua.
5.2 Setting up HOME_NET and EXTERNAL_NET
The concept of home and external networks in Snort 3 is the same as in Snort 2.X. The changes made below are just an example to
demonstrate the syntax.
Change from:
-- setup the network addresses you are protecting
HOME_NET = 'any'
Change to:
-- setup the network addresses you are protecting
HOME_NET = [[ 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 ]]
5.3 ips Module
The inclusion of Snort rules files (.rules) occurs within the ips module. Using the snort.lua copied from the Snort rules tarball,
the inclusion of the rules is already configured. As a result, the changes to the ips module are minimal and involves enabling
decoder and inspector alerts with the option --enable_built_rules, and explicitly defining the ips policy to tap mode. The ips
policy mode governs Snort’s operational mode, which includes tap, inline, and inline-test.
Change from:
ips =
{
-- use this to enable decoder and inspector alerts
--enable_builtin_rules = true,
-- use include for rules files; be sure to set your path
-- note that rules files can include other rules files
--include = 'snort3_community.rules'
-- The following include syntax is only valid for BUILD_243 (13-FEB-2018) and later
-- RULE_PATH is typically set in snort_defaults.lua
rules = [[
include $RULE_PATH/snort3-app-detect.rules
include $RULE_PATH/snort3-browser-chrome.rules
.....
include $RULE_PATH/snort3-sql.rules
include $RULE_PATH/snort3-x11.rules
]]
}
Change to:
ips =
{
mode = tap,
-- use this to enable decoder and inspector alerts
enable_builtin_rules = true,
-- use include for rules files; be sure to set your path
-- note that rules files can include other rules files
--include = 'snort3_community.rules'
-- The following include syntax is only valid for BUILD_243 (13-FEB-2018) and later
-- RULE_PATH is typically set in snort_defaults.lua
rules = [[
include $RULE_PATH/snort3-app-detect.rules
include $RULE_PATH/snort3-browser-chrome.rules
.....
include $RULE_PATH/snort3-sql.rules
include $RULE_PATH/snort3-x11.rules
]]
}
5.4 reputation Inspector
The reputation inspector is disabled (commented) by default. Uncomment its section and change the values of the --blacklist
and --whitelist variables to point to the paths IP address lists.
Change from:
--[[
reputation =
{
-- configure one or both of these, then uncomment reputation
--blacklist = 'blacklist file name with ip lists'
--whitelist = 'whitelist file name with ip lists'
}
--]]
Change to:
reputation =
{
-- configure one or both of these, then uncomment reputation
blacklist = BLACK_LIST_PATH .. '/ip-blacklist',
whitelist = WHITE_LIST_PATH .. '/ip-whitelist'
}
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
