diff --git a/12/1.txt b/12/1.txt new file mode 100644 index 0000000..a81a3e0 --- /dev/null +++ b/12/1.txt @@ -0,0 +1,44 @@ +Używając polecenia `ethtool -k ` możemy zobaczyć poniższe opcje (wyciąłem te fixed): +Features for enp2s0f0: + +rx-checksumming: on + +tx-checksumming: on + +tx-checksum-ipv4: on + +tx-checksum-ipv6: on + +scatter-gather: on + +tx-scatter-gather: on + +tcp-segmentation-offload: on + +tx-tcp-segmentation: on + +tx-tcp-mangleid-segmentation: off + +tx-tcp6-segmentation: on + +generic-segmentation-offload: on + +generic-receive-offload: on + +large-receive-offload: off + +rx-vlan-offload: on + +tx-vlan-offload: on + +receive-hashing: on + +rx-vlan-filter: on + +tx-udp_tnl-segmentation: on + +tx-udp_tnl-csum-segmentation: on + +tx-gso-partial: on + +tx-nocache-copy: off \ No newline at end of file diff --git a/12/2.txt b/12/2.txt new file mode 100644 index 0000000..e69de29 diff --git a/12/3.txt b/12/3.txt new file mode 100644 index 0000000..e69de29 diff --git a/13/1.txt b/13/1.txt index 7a2e039..460423d 100644 --- a/13/1.txt +++ b/13/1.txt @@ -3,21 +3,18 @@ 2. Dodawanie sygnatur a) HTML - ClamAV contains HTML normalization code which makes it easier to write signatures for HTML data that might differ based on white space, capitalization, and other insignificant differences. Running sigtool --html-normalise on a HTML file can be used to see what a file’s contents will look like after normalization. This command should generate the following files: + ClamAV zawiera znormalizowany dla ułatwienia HTML. Uruchomienie `sigtool --html-normalise ` pokaże nam jakby wyglądał znormalizowany. Ta komenda wyprodukuje: nocomment.html - znormalizowany, lower-case, wyrzucone komentarze i white-spaces notags.html - jak powyżej, ale tagi html są wyrzucone - javascript - any script contents are normalized and the results appended to this file - - The code automatically decodes JScript.encode parts and char ref’s (e.g. f). To create a successful signature for the input file type, the rule must match on the contents of one of the created files. Signatures matching on normalized HTML should have a target type of 3. For reference, see Target Types. - + javascript - każdy skrypt jaki był załączony w html'u, również znormalizowany b) Pliki tekstowe - Similarly to HTML all ASCII text files get normalized (converted to lower-case, all superfluous white space and control characters removed, etc.) before scanning. Running sigtool --ascii-normalise on a text file will result in a normalized version being written to the file named ‘normalised_text’. Rules matching on normalized ASCII text should have a target type of 7. For reference, see Target Types. + Tak jak powyżej, znormalizowane pliki ASCII. Uruchomienie `sigtool --ascii-normalise ` pokaże nam jakby wyglądał znormalizowany. Ta komenda wyprodukuje plik ‘normalised_text’. Reguły dopasowania normalizacji ASCII powinny być typu siódmego. c) Skompresowane pliki wykonywalne (UPX, FSG, Petite, ...) - ClamAV będzie próbował automatycznie wypakować plik. To inspect the executable that results from ClamAV’s unpacking process, run clamscan with --debug --leave-temps. Example output for a FSG compressed file: + ClamAV będzie próbował automatycznie wypakować plik. By zobaczyć wynik uruchom clamscan z opcjami --debug --leave-temps. Przykładowy wynik: LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: FSG: found old EP @119e0 diff --git a/13/2/2.html b/13/2/2.html new file mode 100644 index 0000000..2fd09da --- /dev/null +++ b/13/2/2.html @@ -0,0 +1,107 @@ + + + + + + + + CAS UAM + + + + +
+
+ +
+

CENTRALNY SYSTEM

+

UWIERZYTELNIANIA

+
+
+
+ +
+
+

+ UNIWERSYTET IM. ADAMA + MICKIEWICZA W POZNANIU +

+
+
+ + + + + + diff --git a/13/2/javascript b/13/2/javascript new file mode 100644 index 0000000..d098a53 --- /dev/null +++ b/13/2/javascript @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/13/2/nocomment.html b/13/2/nocomment.html new file mode 100644 index 0000000..75c97ba --- /dev/null +++ b/13/2/nocomment.html @@ -0,0 +1 @@ +cas uam

centralny system

uwierzytelniania

uniwersytet im. adama mickiewicza w poznaniu

--> \ No newline at end of file diff --git a/13/2/notags.html b/13/2/notags.html new file mode 100644 index 0000000..6b5d278 Binary files /dev/null and b/13/2/notags.html differ diff --git a/13/3.txt b/13/3.txt new file mode 100644 index 0000000..5ccd850 --- /dev/null +++ b/13/3.txt @@ -0,0 +1,30 @@ +Konfiguracja IDS i IPS w Suricata: + + +10.1.10.2. IDS mode +Runmode AutoFp: + +management-cpu-set - used for management (example - flow.managers, flow.recyclers) +receive-cpu-set - used for receive and decode +worker-cpu-set - used for streamtcp,detect,output(logging),reject +Rumode Workers: + +management-cpu-set - used for management (example - flow.managers, flow.recyclers) +worker-cpu-set - used for receive,streamtcp,decode,detect,output(logging),respond/reject + + +10.1.10.3. IPS mode +Runmode AutoFp: + +management-cpu-set - used for management (example - flow.managers, flow.recyclers) +receive-cpu-set - used for receive and decode +worker-cpu-set - used for streamtcp,detect,output(logging) +verdict-cpu-set - used for verdict and respond/reject +Runmode Workers: + +management-cpu-set - used for management (example - flow.managers, flow.recyclers) +worker-cpu-set - used for receive,streamtcp,decode,detect,output(logging),respond/reject, verdict + + +Źródło: +https://suricata.readthedocs.io/en/suricata-6.0.1/configuration/suricata-yaml.html diff --git a/14/1.txt b/14/1.txt new file mode 100644 index 0000000..e69de29 diff --git a/14/2.txt b/14/2.txt new file mode 100644 index 0000000..e69de29 diff --git a/14/3.txt b/14/3.txt new file mode 100644 index 0000000..e69de29 diff --git a/426254-l10.tb2 b/426254-l10.tb2 deleted file mode 100644 index c496e6c..0000000 Binary files a/426254-l10.tb2 and /dev/null differ diff --git a/426254-l9.tb2 b/426254-l9.tb2 deleted file mode 100644 index c5b7784..0000000 Binary files a/426254-l9.tb2 and /dev/null differ