Jakub Stefko, 426254 zadanie 2: Żeby skonfigurować oinkmaster'a w pliku oinkmaster.conf trzeba dodać linię: url = http://www.snort.org/pub-bin/oinkmaster.cgi/d8937d0b824a989352eb5b6d135fec7ecd4a293c/snortrules-snapshot-3000.tar.gz a potem uruchomić program z flagą "o" żeby załapał zmianę w konfiguracji. zadanie 3: logi: 12/31/2020-04:20:34.832397 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:35.833754 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:36.836079 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:37.838630 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:38.839626 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:39.842320 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:40.844130 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:41.846284 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:42.847602 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:43.849375 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:44.851161 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 12/31/2020-04:20:45.853028 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0 zadanie 4: alert icmp any any -> any any (msg:"pakiet nie moze byc dluzszy niz 456B"; itype:8; dsize:456; sid:57000001;) zadanie dodatkowe: zainstalowałem program u2json który wyświetla logi właśnie jako JSON. uruchomienie programu jest dość proste: idstools-u2json /var/log/snort/unified2.log