论坛 › CCNP/CCIE认证 › CCIE安全学习笔记]IOS Firewall—IDS Complete

team470 发表于 2015-5-26 06:03:20

CCIE安全学习笔记]IOS Firewall—IDS Complete

　　The ip audit smtp spam Command
Rtr1(config)#ip audit smtp spam recipients
Rtr1(config)# no ip audit smtp spam
　　The ip audit po max-events Command
Rtr1(config)#ip audit po max-events number_events
Rtr1(config)#no ip audit po max-events
　　Initializing the Post Office
The ip audit notify Command
Rtr1(config)#ip audit notify {nr-director | log}
Rtr1(config)#no ip audit notify {nr-director | log}
　　Rtr1(config)#logging 10.x.x.x
Rtr1(config)#logging on
　　The ip audit po local Command
Rtr1(config)#ip audit po local hostid host-id orgid org-id
Rtr1(config)#no ip audit po local
　　The ip audit po remote Command
Rtr1(config)# ip audit po remote hostid host-id orgid org-id rmtaddress ip-add
localaddress ip-add

　　Define Info Audit Actions
Rtr1(config)#ip audit info {action }
Rtr1(config)#no ip audit info
　　Define Attack Audit Actions
Rtr1(config)#ip audit attack {action }
Rtr1(config)#no ip audit info
　　Create Named Audit Rules
Rtr1(config)ip audit name audit-name {info | attack} ]
Rtr1(config)no ip audit name audit-name {info | attack}
　　Using ACLs with Named Audit Rules
Rtr1(config)#ip audit name Attack.7 list 25
Rtr1(config)#access-list 25 deny 192.168.0.0 0.0.255.255
Rtr1(config)#access-list 25 permit host 192.168.1.117
Rtr1(config)#access-list 25 permit any
　　Disabling Individual Signatures
Rtr1(config)#ip audit signature signature-id {disable | list acl-list}
Rtr1(config)#no ip audit signature signature-id
　　Using ACLs When Disabling Individual Signatures
Rtr1(config)#ip audit signature 1001 disable
Rtr1(config)#ip audit signature 1004 list 10
Rtr1(config)#access-list 10 deny 192.168.45.0 0.0.0.255
Rtr1(config)#access-list 10 permit any
　　Apply the Audit Rule to the Interface(s)
Rtr1(config-if)#ip audit audit-name {in | out}
Rtr1(config-if)#no ip audit audit-name {in | out}
　　Rtr1(confisg)#interface e0
Rtr1(config-if)#ip audit Attack.7 in
　　Define the Protected Networks
Rtr1(config)#ip audit protected ip-addr
Rtr1(config)#no ip audit protected
　　Verifying the IDS Configuration
• show ip audit statistics
• show ip audit configuration
• show ip audit interface
• show ip audit all

查看完整版本: CCIE安全学习笔记]IOS Firewall—IDS Complete