VMWareIDSIPS.docx
- 文档编号:2392686
- 上传时间:2022-10-29
- 格式:DOCX
- 页数:10
- 大小:19.83KB
VMWareIDSIPS.docx
《VMWareIDSIPS.docx》由会员分享,可在线阅读,更多相关《VMWareIDSIPS.docx(10页珍藏版)》请在冰豆网上搜索。
VMWareIDSIPS
RunningCiscoIDS/IPSv5SoftwareinVMWare
===========================================
ThisHowtodescribeshowtogettheCiscoIDS/IPSSoftwareRelease5running
insideVMWare.Aftersuccessfulinstalltion,theVMwillemulateaIDS-4215
platformwith3GigabitEthernetinterfaces;-)
IdevelopedthisHowtobyusingVMWareWorkstationforLinux,Ididnttested
thiswithanyVMWareversionforWindows.
REQUIREMENTS
============
-VMWareWorkstation,Iuseversion5.5,runningonadebianetchhostsystem
InevertestedwithaWindowshostsystem
-CiscoIPSrecoveryCDimage,IusedIPS-K9-cd-1.1-a-5.1-4.iso
ThisfilecanbedownloadedfromCCO.
CCOdownloadaccessrequiresavalidsupportcontract.
-modifiedVMWareBIOS(CISCO_IDS4215_440.BIOS.ROM)
ThisfileshouldbeinthearchivefromwhereyouextractedthisHowto
-somebasicUNIXskillsforworkingwithashellandusingvi
-knowledgeoftheenglishkeyboardlayout;-)
TECHNICALDESCRIPTION
=====================
ItseemsthatwithIDS/IPSsoftwarerelease5,Ciscoimplementedamorestrict
hardwareidentificationchecks,makingitimpossibletoloadthecodeon4.x
custom-buildsystemsorinVMWare.
I'mnotskilledenoughtoproduceanythingusefulwiththeBIOSthatcanbe
downloadedfromCCO;-),soIinvestigatedinhowtogetVMWaretoprovide
anythingtheIPSsoftwarewantstohear.Istillwouldprefertohavethenative
BIOSrunning,butthisisastartforallthedesperatesoulsthatneeda
workingIPSforstudy/LABpreparation.
Iconcentratedmyselfonthe4215platform,becauseitseemsthatitdoesnot
haveanyspecialROM/PROMchipsbuiltin.
Basically,IPSv5isbasedonRedhatLinux,soitisabletoruninsideVMWare.
TherecoveryCDbootsandreimagesfine,aslongasthevirtualharddisksare
largeenough(256Mforhda,4GBforhdb).
hdaistheflashintheapplianceandholdsthecompleteOSandthe
configuration.hdbisarealharddiskandisfor"var"storage(eventstore
etc.).Thereimagefailswhenyouhavedisksthataretoosmall(fdiskwill
complainaboutwrongboundaries/size).
Withafreshsystem,youcanbootintorunlevel1,mounttheremaining
filesystemsandinspectwhatthesystemwilldoatregularstartups.
Theprocedurecollectionfile/etc/init.d/ids_functionswilldeterminethe
platformtypeduringbootup.Becausethe4215doesnthaveaspecialchip,the
routinemakesselectionsbasedontheCPUspeedandprocessorcount.Youcan
tricktheroutinebyenteringtheCPUspeedreportedbylinux.
Butthisisnotenough.Atsomepoint,aprogramcalledsmbios_bios_infois
called,readinginformationfromtheBIOS.Also,thebinarymainAppwilldothis
againlater,sowehavetofindawayhowtotellthesystemswhatitwantsto
hear.Luckily,onthe4215onlyDMIstringsarechecked.
VMWareallowstoextracttherequiredportionoftheBIOS,andwitharesource
editoryoucanmodifytheDMIstringstomatchthevaluesthesoftwarechecks.
BytellingVMWaretoloadthismodifiedBIOS,theIPSsoftwareissatisfiedand
identifiestheVMasa4215sensor.
IbasicallychangedalltheDMIstringstoreadasVendor"CiscoSystems",
Platform"IDS-4215",Chassis/AssetTag"12345678901".
NowthatthesensorbootsandtheCLIisuseable,networkconnectivitymust
work.VMWareandtheIPSlinuxbothsupportIntele1000cards,sothislooks
promising
Thephysicalinterfaceconfigurationlayoutofalltheappliancesaredefinedin
/usr/cids/idsRoot/etc/interface.conf.Byreplacingthepcidevice-idvalueswith
theoneprovidedbyVMWare(see/proc/pci),thesensorrecognizedtheVMWare
virtualethernetcards.
Bymodifyingthisfileyouareabletouseinterfacetypesaplatformnormally
willnotsupport(Gigabitcardsinthe4215).
WiththisVMIwasabletouseIDMfromawindozesystem,createownsignatures
andputasensinginterfacebetweentwodynamipsinstances(aletringeach
timeitseesEIGRPpackets).Thisshouldbeproofenough!
Well,thisarenearlyalltheinformationIcollectedduring8-12hoursof
experimentinginafewsentences.However,therearestillsomequirksandareas
Idontunderstandwell,forexample,theproblemscausedbytheabsenceofthe
file/usr/share/zoneinfo/cidsZoneInfo.
IhopethisHowtoisastartandencouragespeopletomodifyandenhanceit.
Havefun!
einval
INSTALLATION
============
1.VMWare
Extractthecontentofthearchivetoaplaceyouremember;you'llneedto
specifythelocationoftheBIOSfilesoon.
StartVMWareandcreateanewVirtualMachine(VM).Thewizardstarts;please
usethefollowingoptions:
-"Custom"configuration
-"Workstation5"format
-Guest:
"Linux"/Version:
"RedHatLinux"
-Name:
whateveryoulike,maybe"Cisco:
IPS"
makesureyourememberthepathlistedin"Location"
-"One"processor
-512MBRAM
-"usebrdgednetworking"
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- VMWareIDSIPS