์˜์–ดํ”„๋ž‘์Šค์–ด์ŠคํŽ˜์ธ์–ด

Ad


์˜จ์›์Šค ํŒŒ๋น„์ฝ˜

๋นŒ๋“œ FW1 Cisco Netscreen PolicyFromLogs Linux์šฉ ๋‹ค์šด๋กœ๋“œ

๋นŒ๋“œ FW1 Cisco Netscreen PolicyFromLogs Linux ์•ฑ์„ ๋ฌด๋ฃŒ๋กœ ๋‹ค์šด๋กœ๋“œํ•˜์—ฌ Ubuntu ์˜จ๋ผ์ธ, Fedora ์˜จ๋ผ์ธ ๋˜๋Š” Debian ์˜จ๋ผ์ธ์—์„œ ์˜จ๋ผ์ธ์œผ๋กœ ์‹คํ–‰

์ด๊ฒƒ์€ ์ตœ์‹  ๋ฆด๋ฆฌ์Šค๋ฅผ 1AnalyticsLtd-WooterWoot.zip์œผ๋กœ ๋‹ค์šด๋กœ๋“œํ•  ์ˆ˜ ์žˆ๋Š” Build FW360 Cisco Netscreen PolicyFromLogs๋ผ๋Š” Linux ์•ฑ์ž…๋‹ˆ๋‹ค. ์›Œํฌ์Šคํ…Œ์ด์…˜์šฉ ๋ฌด๋ฃŒ ํ˜ธ์ŠคํŒ… ์ œ๊ณต์—…์ฒด์ธ OnWorks์—์„œ ์˜จ๋ผ์ธ์œผ๋กœ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Build FW1 Cisco Netscreen PolicyFromLogs with OnWorks๋ผ๋Š” ์ด ์•ฑ์„ ์˜จ๋ผ์ธ์—์„œ ๋ฌด๋ฃŒ๋กœ ๋‹ค์šด๋กœ๋“œํ•˜์—ฌ ์‹คํ–‰ํ•˜์‹ญ์‹œ์˜ค.

์ด ์•ฑ์„ ์‹คํ–‰ํ•˜๋ ค๋ฉด ๋‹ค์Œ ์ง€์นจ์„ ๋”ฐ๋ฅด์„ธ์š”.

- 1. ์ด ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์„ PC์— ๋‹ค์šด๋กœ๋“œํ–ˆ์Šต๋‹ˆ๋‹ค.

- 2. ํŒŒ์ผ ๊ด€๋ฆฌ์ž https://www.onworks.net/myfiles.php?username=XXXXX์— ์›ํ•˜๋Š” ์‚ฌ์šฉ์ž ์ด๋ฆ„์„ ์ž…๋ ฅํ•ฉ๋‹ˆ๋‹ค.

- 3. ์ด๋Ÿฌํ•œ ํŒŒ์ผ ๊ด€๋ฆฌ์ž์—์„œ ์ด ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์„ ์—…๋กœ๋“œํ•ฉ๋‹ˆ๋‹ค.

- 4. ์ด ์›น์‚ฌ์ดํŠธ์—์„œ OnWorks Linux ์˜จ๋ผ์ธ ๋˜๋Š” Windows ์˜จ๋ผ์ธ ์—๋ฎฌ๋ ˆ์ดํ„ฐ ๋˜๋Š” MACOS ์˜จ๋ผ์ธ ์—๋ฎฌ๋ ˆ์ดํ„ฐ๋ฅผ ์‹œ์ž‘ํ•ฉ๋‹ˆ๋‹ค.

- 5. ๋ฐฉ๊ธˆ ์‹œ์ž‘ํ•œ OnWorks Linux OS์—์„œ ์›ํ•˜๋Š” ์‚ฌ์šฉ์ž ์ด๋ฆ„์œผ๋กœ ํŒŒ์ผ ๊ด€๋ฆฌ์ž https://www.onworks.net/myfiles.php?username=XXXXX๋กœ ์ด๋™ํ•ฉ๋‹ˆ๋‹ค.

- 6. ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์„ ๋‹ค์šด๋กœ๋“œํ•˜์—ฌ ์„ค์น˜ํ•˜๊ณ  ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค.

FW1 Cisco Netscreen PolicyFromLogs ๊ตฌ์ถ•


Ad


๊ธฐ์ˆ 

์ด ์„ธ ๊ฐ€์ง€ ๋„๊ตฌ๋Š” ๋กœ๊ทธ ํŒŒ์ผ์—์„œ Checkpoint, Cisco ASA ๋˜๋Š” Netscreen ์ •์ฑ…์„ ๊ตฌ์ถ•ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋“ค์€ ์ž˜๋ผ์„œ ๋ฐฉํ™”๋ฒฝ์— ๋ถ™์—ฌ๋„ฃ์„ ์ˆ˜ ์žˆ๋Š” ๋กœ๊ทธ์— ํ‘œ์‹œ๋œ ํŠธ๋ž˜ํ”ฝ์— ๋Œ€ํ•ด dbedit, ์•ก์„ธ์Šค ๋ชฉ๋ก ๋˜๋Š” ์ฃผ์†Œ ์„ค์ •, ์„œ๋น„์Šค ์„ค์ • ๋ฐ ์ •์ฑ… ์„ค์ • ๋ช…๋ น์„ ์ž‘์„ฑํ•ฉ๋‹ˆ๋‹ค. ์šฐํŠธ

ํŠน์ง•

  • ๋‚ด๋ณด๋‚ธ ๋กœ๊ทธ์—์„œ Checkpoint FW-1 ์ •์ฑ…์„ ๋นŒ๋“œํ•˜๊ณ  DBEDIT ํ˜•์‹์œผ๋กœ ์ถœ๋ ฅํ•ฉ๋‹ˆ๋‹ค.
  • syslog์—์„œ Netscreen ์ •์ฑ…์„ ๊ตฌ์ถ•ํ•˜๊ณ  ScreenOS 6 ํ˜•์‹์œผ๋กœ ์ถœ๋ ฅ
  • syslog์—์„œ Cisco ASA ACL์„ ๋นŒ๋“œํ•˜๊ณ  ์•ก์„ธ์Šค ๋ชฉ๋ก ํ˜•์‹์œผ๋กœ ์ถœ๋ ฅํ•ฉ๋‹ˆ๋‹ค.
  • ๋ช…๋ น ์ถœ๋ ฅ์„ ์ž˜๋ผ๋‚ด์–ด ๋ฐฉํ™”๋ฒฝ์— ๋ถ™์—ฌ๋„ฃ์–ด ์ •์ฑ…์„ ๋งŒ๋“ญ๋‹ˆ๋‹ค.
  • ๋˜๋Š” CSV ํ˜•์‹์œผ๋กœ ๊ทœ์น™์„ ์ถœ๋ ฅํ•˜์—ฌ ๊ต์ฐจ ํ™•์ธ(Netscreen, Checkpoint)
  • .
  • ํ•˜๋‚˜์˜ ๋ช…๋ น์œผ๋กœ ํ…Œ์ŠคํŠธ ๋„คํŠธ์›Œํฌ์˜ ๊ธฐ์ค€์„ ์„ ์„ค์ •ํ•˜๊ณ  ํ…Œ์ŠคํŠธ ๋ฐฉํ™”๋ฒฝ์— ๋Œ€ํ•œ ์ •์ฑ…์„ ๊ตฌ์ถ•ํ•˜์‹ญ์‹œ์˜ค!!
  • ์—ด๋ฆฐ ๊ทœ์น™ ๋˜๋Š” 'ํ…Œ์ŠคํŠธ' ๊ทœ์น™ ๋ฐ ๋ณด์•ˆ ๊ด€๋ฆฌ ์—ฐ๊ฒฐ ๋‹ซ๊ธฐ
  • ๊ต์ฐจ ํ™•์ธ ํŠธ๋ž˜ํ”ฝ์€ ์˜ฌ๋ฐ”๋ฅธ ์ธํ„ฐํŽ˜์ด์Šค์—์„œ ํ™•์ธ๋ฉ๋‹ˆ๋‹ค.
  • ๊ฐ๊ฐ ๋กœ๊ทธ ํ•ญ๋ชฉ์˜ ๋ชจ๋“  ๋ถ€๋ถ„์„ ํ•„ํ„ฐ๋งํ•  ์ˆ˜ ์žˆ๋Š” ๋‘ ๊ฐœ์˜ ํ•„ํ„ฐ
  • ๋กœ๊ทธ์—์„œ ํ™•์ธ๋œ ์ด๋ฆ„์€ ์ •์ฑ…์—์„œ ์‚ฌ์šฉ๋˜์ง€๋งŒ ๊ฐœ์ฒด cmd๋Š” ์ถœ๋ ฅ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
  • ACL์˜ ์ด๋ฆ„์„ ๋ฐ”๊พธ๊ณ  ์•ก์„ธ์Šค ๊ทธ๋ฃน ๋ฌธ์„ ์‚ฌ์šฉํ•˜์—ฌ ์ถ”๊ฐ€ ํ•„ํ„ฐ๋ง(Cisco)
  • syslog ์„œ๋ฒ„์— ์˜ํ•ด ์ถ”๊ฐ€๋œ ํ—ค๋”๋ฅผ ๋ฌด์‹œํ•˜๋Š” ์‰ฌ์šด ๋ฐฉ๋ฒ•
  • FW-1: ์‹คํ–‰ํ•˜๊ธฐ ์‰ฌ์›€ ./choot logexport.log CMD ์ •์ฑ… filter1 filter2
  • DBEDIT cmd = ๊ทœ์น™ ๋ฐ ๊ฐœ์ฒด๋ฅผ ๋นŒ๋“œํ•˜๊ณ  DBEDIT ํ˜•์‹์œผ๋กœ ์ถœ๋ ฅ
  • - DBEDIT ๋ชจ๋“œ๋Š” ํ•„ํ„ฐ ์•ž์— ์ •์ฑ… ์ด๋ฆ„์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.
  • CSV cmd = ๊ทœ์น™ ๋ฐ ๊ฐœ์ฒด๋ฅผ ๋นŒ๋“œํ•˜๊ณ  CSV ํ˜•์‹์œผ๋กœ ์ถœ๋ ฅ
  • DEBUG cmd = ์ž์„ธํ•œ ์ •๋ณด ์ถœ๋ ฅ - ๊ฐ ํ•ญ๋ชฉ grep | ์•— ...
  • CISCO: ์‹คํ–‰ํ•˜๊ธฐ ์‰ฌ์›€ ./woot logfile CMDorACL filter1 filter2
  • SRCINT cmd = ์†Œ์Šค ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ACL ์ด๋ฆ„์œผ๋กœ ์‚ฌ์šฉ
  • ACLNAME cmd = woot์™€ ๋™์ผํ•œ ๋””๋ ‰ํ† ๋ฆฌ์— ์žˆ๋Š” ACLNAME ํŒŒ์ผ์˜ access-gr cmds ์‚ฌ์šฉ
  • DEBUG cmd = ์ž์„ธํ•œ ์ •๋ณด ์ถœ๋ ฅ - ๊ฐ ํ•ญ๋ชฉ ... | ์ •๋ ฌ -u ๋“ฑ
  • ๋ชจ๋“  ACE๊ฐ€ ํ• ๋‹น๋  ์ด๋ฆ„, ์„ ํƒํ•œ ์•ก์„ธ์Šค ๋ชฉ๋ก ์ด๋ฆ„
  • ๋„ท์Šคํฌ๋ฆฐ: ์‹คํ–‰ํ•˜๊ธฐ ์‰ฌ์›€ ./nwoot logfile CMD filter1 filter2
  • ZONE cmd = Netscreen ScreenOS ํ˜•์‹์˜ ๊ทœ์น™ ๋ฐ ๊ฐœ์ฒด ๋ฐ ์ถœ๋ ฅ ๋นŒ๋“œ
  • CSV cmd = ๊ทœ์น™ ๋ฐ ๊ฐœ์ฒด๋ฅผ ๋นŒ๋“œํ•˜๊ณ  CSV ํ˜•์‹์œผ๋กœ ์ถœ๋ ฅ
  • DEBUG cmd = ์ž์„ธํ•œ ์ •๋ณด ์ถœ๋ ฅ - ๊ฐ ํ•ญ๋ชฉ grep | ํ™”์žฅ์‹ค -l ๋“ฑ
  • ์ฒดํฌํฌ์ธํŠธ FW-1 ์˜ˆ์ œ ๋ช…๋ น:
  • ./choot logexport.log DBEDIT ์ •์ฑ… ์ด๋ฆ„ eth2c0 161
  • ./choot logexport.log CSV ์„œ๋ฒ„ ์ด๋ฆ„ ๋„๋ฉ”์ธ-udp
  • ./choot logexport.log ๋””๋ฒ„๊ทธ 10.0.0 eth1c0
  • ๋˜๋Š”
  • ./choot logexport.log DBEDIT ์ •์ฑ… ์ด๋ฆ„
  • ...ํ‘œ์‹œ๋œ ๋ชจ๋“  ํŠธ๋ž˜ํ”ฝ์— ๋Œ€ํ•ด ๊ตฌ์ถ•๋œ ์ •์ฑ…์„ ์›ํ•˜๋Š” ๊ฒฝ์šฐ
  • Cisco ์˜ˆ์ œ ๋ช…๋ น:
  • cat access-groups-from-asa > ACLNAME
  • ./woot ASA.log ACLNAME 10.10. \/53
  • ./woot ASA.log SRCINT 12:01 10.10.10
  • ./woot ASA.log testaclname 10.50. 10.10.10
  • ./woot ASA.log DEBUG ServerName12 \/443
  • ./woot ASA.log ACLNAME
  • ...๋ชจ๋“  ์•ก์„ธ์Šค ๊ทธ๋ฃน ๋ช…๋ น๋ฌธ์— ๋Œ€ํ•ด ๋ชจ๋“  ์•ก์„ธ์Šค ๋ชฉ๋ก์„ ์ž‘์„ฑํ•˜๋ ค๋Š” ๊ฒฝ์šฐ
  • ๋„ท์Šคํฌ๋ฆฐ ์˜ˆ์ œ ๋ช…๋ น:
  • ./nwoot Netscreen.log ๋””๋ฒ„๊ทธ 10.10. dst_port=53
  • ./nwoot Netscreen.log ZONE 12:01 ์„œ๋ฒ„ ์ด๋ฆ„
  • ./nwoot Netscreen.log CSV ZoneName 443
  • ./nwoot Netscreen.log ์˜์—ญ
  • ...๋ชจ๋“  ์˜์—ญ์— ๋Œ€ํ•ด ๊ตฌ์ถ•๋œ ๋ชจ๋“  ์ •์ฑ…์„ ์›ํ•˜๋Š” ๊ฒฝ์šฐ
  • !! ์–ด๋””์—์„œ๋‚˜ ์ด ๋„๊ตฌ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์„ ๊ถŒ์žฅํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค!! ์œผ์•…!!
  • ๊ฐ„๋‹จํ•œ Perl๋กœ ์ž‘์„ฑ - ํ‘œ์ค€ ๋ชจ๋“ˆ๋งŒ ํ•„์š”


์˜ค๋””์–ธ์Šค (Audience)

์ •๋ณด ๊ธฐ์ˆ , ๊ธˆ์œต ๋ฐ ๋ณดํ—˜ ์‚ฐ์—…, ์‹œ์Šคํ…œ ๊ด€๋ฆฌ์ž, ํ’ˆ์งˆ ์—”์ง€๋‹ˆ์–ด


์‚ฌ์šฉ์ž ์ธํ„ฐํŽ˜์ด์Šค

๋ช…๋ น์ค„


ํ”„๋กœ๊ทธ๋ž˜๋ฐ ์–ธ์–ด

ํŽ„



์ด๊ฒƒ์€ https://sourceforge.net/projects/wooterwoot/์—์„œ๋„ ๊ฐ€์ ธ์˜ฌ ์ˆ˜ ์žˆ๋Š” ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์ž…๋‹ˆ๋‹ค. ๋ฌด๋ฃŒ ์šด์˜ ์ฒด์ œ ์ค‘ ํ•˜๋‚˜์—์„œ ๊ฐ€์žฅ ์‰ฌ์šด ๋ฐฉ๋ฒ•์œผ๋กœ ์˜จ๋ผ์ธ์œผ๋กœ ์‹คํ–‰ํ•˜๊ธฐ ์œ„ํ•ด OnWorks์—์„œ ํ˜ธ์ŠคํŒ…๋˜์—ˆ์Šต๋‹ˆ๋‹ค.


๋ฌด๋ฃŒ ์„œ๋ฒ„ ๋ฐ ์›Œํฌ์Šคํ…Œ์ด์…˜

Windows ๋ฐ Linux ์•ฑ ๋‹ค์šด๋กœ๋“œ

  • 1
    ํŽ˜์ด์ €
    ํŽ˜์ด์ €
    Phaser๋Š” ๋น ๋ฅด๊ณ  ๋ฌด๋ฃŒ์ด๋ฉฐ ์žฌ๋ฏธ์žˆ๋Š” ๊ณต๊ฐœ ํ”„๋กœ๊ทธ๋žจ์ž…๋‹ˆ๋‹ค.
    ์ œ๊ณตํ•˜๋Š” ์†Œ์Šค HTML5 ๊ฒŒ์ž„ ํ”„๋ ˆ์ž„์›Œํฌ
    WebGL ๋ฐ ์บ”๋ฒ„์Šค ๋ Œ๋”๋ง
    ๋ฐ์Šคํฌํ†ฑ ๋ฐ ๋ชจ๋ฐ”์ผ ์›น ๋ธŒ๋ผ์šฐ์ €. ๊ณ„๋žต
    ๊ณต๋™ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค ...
    ํŽ˜์ด์ € ๋‹ค์šด๋กœ๋“œ
  • 2
    ๋ฐ”์‚ด ์—”์ง„
    ๋ฐ”์‚ด ์—”์ง„
    VASSAL์€ ์ œ์ž‘์„ ์œ„ํ•œ ๊ฒŒ์ž„ ์—”์ง„์ž…๋‹ˆ๋‹ค.
    ๊ธฐ์กด ๋ณด๋“œ์˜ ์ „์ž ๋ฒ„์ „
    ๊ทธ๋ฆฌ๊ณ  ์นด๋“œ ๊ฒŒ์ž„. ๋‹ค์Œ์„ ์ง€์›ํ•ฉ๋‹ˆ๋‹ค.
    ๊ฒŒ์ž„ ์กฐ๊ฐ ๋ Œ๋”๋ง ๋ฐ ์ƒํ˜ธ ์ž‘์šฉ,
    ๊ทธ๋ฆฌ๊ณ  ...
    VASSAL ์—”์ง„ ๋‹ค์šด๋กœ๋“œ
  • 3
    OpenPDF - iText์˜ ํฌํฌ
    OpenPDF - iText์˜ ํฌํฌ
    OpenPDF๋Š” ๋‹ค์Œ์„ ์ƒ์„ฑํ•˜๊ธฐ ์œ„ํ•œ Java ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์ž…๋‹ˆ๋‹ค.
    ๋ฐ LGPL๋กœ PDF ํŒŒ์ผ ํŽธ์ง‘ ๋ฐ
    MPL ์˜คํ”ˆ ์†Œ์Šค ๋ผ์ด์„ ์Šค. OpenPDF๋Š”
    iText์˜ LGPL/MPL ์˜คํ”ˆ ์†Œ์Šค ํ›„๊ณ„์ž,
    ์—์ด...
    OpenPDF ๋‹ค์šด๋กœ๋“œ - iText ํฌํฌ
  • 4
    ์‚ฌ๊ฐ€ GIS
    ์‚ฌ๊ฐ€ GIS
    SAGA - ์ž๋™ํ™” ์‹œ์Šคํ…œ
    Geoscientific ๋ถ„์„ - ์ง€๋ฆฌ์ ์ž…๋‹ˆ๋‹ค
    ์ •๋ณด ์‹œ์Šคํ…œ(GIS) ์†Œํ”„ํŠธ์›จ์–ด
    ์ง€๋ฆฌ ๋ฐ์ดํ„ฐ๋ฅผ ์œ„ํ•œ ์—„์ฒญ๋‚œ ๊ธฐ๋Šฅ
    ์ฒ˜๋ฆฌ ๋ฐ ์•„๋‚˜...
    ์‚ฌ๊ฐ€ GIS ๋‹ค์šด๋กœ๋“œ
  • 5
    Java/JTOpen์šฉ ๋„๊ตฌ ์ƒ์ž
    Java/JTOpen์šฉ ๋„๊ตฌ ์ƒ์ž
    IBM Toolbox for Java / JTOpen์€
    ์ง€์›ํ•˜๋Š” Java ํด๋ž˜์Šค ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ
    ํด๋ผ์ด์–ธํŠธ/์„œ๋ฒ„ ๋ฐ ์ธํ„ฐ๋„ท ํ”„๋กœ๊ทธ๋ž˜๋ฐ
    OS/400์„ ์‹คํ–‰ํ•˜๋Š” ์‹œ์Šคํ…œ์— ๋ชจ๋ธ,
    i5/OS, ์˜ค...
    Java/JTOpen์šฉ ๋„๊ตฌ ์ƒ์ž ๋‹ค์šด๋กœ๋“œ
  • 6
    D3.js
    D3.js
    D3.js(๋˜๋Š” ๋ฐ์ดํ„ฐ ๊ธฐ๋ฐ˜ ๋ฌธ์„œ์˜ ๊ฒฝ์šฐ D3)
    ํ•  ์ˆ˜ ์žˆ๋Š” JavaScript ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์ž…๋‹ˆ๋‹ค.
    ๋™์ , ๋Œ€ํ™”ํ˜• ๋ฐ์ดํ„ฐ ์ƒ์„ฑ
    ์›น ๋ธŒ๋ผ์šฐ์ €์˜ ์‹œ๊ฐํ™”. D3์™€ ํ•จ๊ป˜
    ๋‹น์‹ ...
    D3.js ๋‹ค์šด๋กœ๋“œ
  • ๋”ยป

Linux ๋ช…๋ น

Ad