nl /etc/snort/snort.conf | grep output 34 # 6) Configure output plugins
512 # Step #6: Configure output plugins
518 # output unified2: filename merged.log, limit 128, nostamp,
mpls_event_types, vlan_event_types
520 # output unified2: filename snort.log, limit 128, nostamp,
mpls_event_types, vlan_event_types
521 # output alert_unified2: filename snort.alert, limit 128, nostamp
522 # output log_unified2: filename snort.log, limit 128, nostamp
525 # output alert_syslog: LOG_AUTH LOG_ALERT
528 # output log_tcpdump: tcpdump.log
N O T E Your line numbers may differ slightly as the snort.conf file gets updated. We can see that the line
# Step #6: Configure output plugins
is line 512,
and we know we want the five lines preceding line 512 as well as line 512
itself (that is, lines 507 to 512).
Step 2 kali >
tail -n+507 /etc/snort/snort.conf | head -n 6 nested_ip inner, \
whitelist $WHITE_LIST_PATH/white_list.rules, \
blacklist $BLACK_LIST_PATH/black_list.rules
###################################################
# Step #6: Configure output plugins
Here, we use
tail
to start at line 507 and then output into
head
, and we
return just the top six lines, giving us the five lines preceding the
Step #6
line, with that line included.
Using sed to Find and Replace The
sed
command lets you search for occurrences of a word or a text
pattern and then perform some action on it. The name of the command
24 Chapter 2
is a contraction of stream editor. In its most basic form,
sed
operates like the
Find and Replace function in Windows.
Search for the word mysql in the snort.conf file using
grep
, like so:
kali >
