[TOC]
1.配置案例 0x00 WAF - 密码忘记重置通过设备的console
WAF : admin@admin
0x01 NIPS - 设置静态路由无法访问设置(该网段其他主机也不能访问改主机)
weiyigeek.top-静态路由
设置静态路由为:IP/子网掩码 :0.0.0.0/0 网管:192.168.1.254(根据情况而定) 最后应用配置生效;
weiyigeek.top-应用配置
0x02 NIPS 设置虚拟线路
除此之外的接口,接口链路状态同步【当一段端口异常时候,对端端口也将发生异常,这时将启动Bybass直通】,设置得两对虚拟线:
weiyigeek.top-虚拟线路
0x03 软件版ESP安装(态势感知)
[TOC]
1.配置案例 0x00 WAF - 密码忘记重置通过设备的console
WAF : admin@admin
0x01 NIPS - 设置静态路由无法访问设置(该网段其他主机也不能访问改主机)
weiyigeek.top-静态路由
设置静态路由为:IP/子网掩码 :0.0.0.0/0 网管:192.168.1.254(根据情况而定) 最后应用配置生效;
weiyigeek.top-应用配置
0x02 NIPS 设置虚拟线路
除此之外的接口,接口链路状态同步【当一段端口异常时候,对端端口也将发生异常,这时将启动Bybass直通】,设置得两对虚拟线:
weiyigeek.top-虚拟线路
0x03 软件版ESP安装(态势感知) 1 2 CentOS 6.5 x86_64,basic server模式。 CentOS 7.0 x86_64,infrastructure server模式。
weiyigeek.top-主机硬件配置
网络防火墙策略占用的端口:1 2 3 4 5 6 7 8 9 10 11 12 13 14 服务名称/用途 占用端口 协议 INPUT规则 OUTPUT规则 在线升级 80 TCP DENY ACCEPT Nginx 443 TCP ACCEPT ACCEPT NPAI V2 5002,5003,50071 TCP ACCEPT DENY NPAI V3 5050 TCP ACCEPT ACCEPT Cloud 5553 TCP DENY ACCEPT Redis 服务 6379 TCP ACCEPT DENY 设备添加 8081 TCP ACCEPT DENY Kafka 9092 TCP ACCEPT DENY Dubbo服务 20980 TCP ACCEPT ACCEPT 级联服务 20001 TCP ACCEPT ACCEPT Dubbo服务 8092, 20990 TCP ACCEPT DENY 采集器添加 8093,20981 TCP DENY ACCEPT FTP存储服务 50061 TCP ACCEPT DENY
WeiyiGeek
安装流程步骤:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 Step0:软件上传 mkdir /home/ESP 创建光盘文件拷贝目录 mkdir /home/iso mount -t iso9660 /dev/cdrom /home/iso ls /home/iso & cd /home/iso cp -r * /home/ESP/ umount /home/iso/ Step1:进行安装NESP cd /home/ESP/Install chmod 777 ESP.centos_x86_64-11242.run ./ESP.centos_x86_64-11242.run Step2:以配置中国时区为例 vi /etc/sysconfig/clock ZONE=Asia/Shanghai UTC=false ARC=false :wq rm /etc/localtime ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime step3.重启系统后登录 b.配置主机时间。 −从NTP服务器同步时间。 ntpdate time.nist.gov −手动配置时间。 date –s "2016-08-30 14:00:00" clock -w Step4.导入证书及其部署 利用账户进行登陆进行系统更改默认密码:admin / admin,完成安装
weiyigeek.top-导入证书
2.入坑案例 0x00)堡垒机OSMS-SSH认证设置
weiyigeek.top-ssh设置
weiyigeek.top-keyboard
weiyigeek.top-nsfocuslogin
0x01)绿盟软件ESPC启动案例 1 2 3 4 5 6 7 8 9 10 11 12 vim /opt/nsfocus/espc/conf/service/jdbc.properties root hooligan@123 /opt/nsfocus/espc/bin/postgressd restart /opt/nsfocus/espc/deps/env/bin/psql -U espcpostgress -d espc -h 127.0.0.1 -p 5432 /etc/rc.d/init.d/espc {start|stop|restart|uninstall} /opt/nsfocus/espc/bin/aserver-new-start.sh
Q:部署时候无法导入证书问题?
weiyigeek.top-导入证书问题
Q:ESPC 403跳转错误?
weiyigeek.top-403
0x02) 绿盟HWAF忘记密码恢复配置 1 2 3 4 5 6 7 8 {"webaudit" :{"name" :"-" ,"password" :"832612fa25d8cccd30db41d3d6f7e5e0" ,"ip" :"*" ,"mail" :"hwaf@nsfocus.com" ,"roles" :["AUDITORS" ],"isSystem" :"1" ,"lastpwd" :"832612fa25d8cccd30db41d3d6f7e5e0" ,"modtime" :1256037410 ,"status" :true}, "weboper" :{"name" :"-" ,"password" :"216c6786c2850781bee10461a56cb6b5" ,"ip" :"*" ,"mail" :"hwaf@nsfocus.com" ,"roles" :["OPERATORS" ],"isSystem" :"1" , "lastpwd" :"216c6786c2850781bee10461a56cb6b5" ,"modtime" :1256037262 ,"status" :true}, "webpolicy" :{"name" :"-" ,"password" :"16b0b09a6b3e46845a3f3e7b49ae85f1" ,"ip" :"*" ,"mail" :"hwaf@nsfocus.com" ,"roles" :["POLICYORS" ],"isSystem" :"1" ,"lastpwd" :"16b0b09a6b3e46845a3f3e7b49ae85f1" ,"modtime" :1256037637 ,"status" :true}}
weiyigeek.top-HWAF默认密码
0x03) 绿盟ESPC(软件)忘记密码恢复配置 1 2 3 4 5 6 {"admin" :{"historyPwd" :"" ,"password" :"fb2d634f1868a1353228c05cf0bd1273c612f10e" ,"name" :"admin" ,"roles" :["ADMINISTRATORS" ],"pwdTime" :1489582423 ,"validateType" :["local" ],"firstLogin" :false,"fingerprint" :[],"mail" :"" ,"isSystem" :true,"ipRange" :"*.*.*.*" }, "operator" :{"status" :false,"password" :"fe96dd39756ac41b74283a9292652d366d73931f" ,"name" :"operator" ,"roles" :["OPERATORS" ],"validateType" :["local" ],"firstLogin" :true,"fingerprint" :[],"mail" :"" ,"isSystem" :true,"ipRange" :"*.*.*.*" },"auditor" :{"status" :false,"password" :"fb2d634f1868a1353228c05cf0bd1273c612f10e" ,"name" :"auditor" ,"roles" :["AUDITORS" ],"validateType" :["local" ],"firstLogin" :true,"fingerprint" :[],"mail" :"" ,"isSystem" :true,"ipRange" :"*.*.*.*" }}
