NM-CIDS测试经历-阿里云开发者社区

NM-CIDS测试经历

2017-11-18 1249

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介：

+关注继续查看

今天主要测试了NM-CIDS模块（当初为什么没有买好一点的呢。。。）
主要就是一探针，里面sig设置还是满复杂的，顺便update了一下；
首先，了解了一下升级包的含义：
比如：
IPS-K9-maj-5.0-1-S149.rpm.pkg
maj代表主要升级
IPS-K9-min-5.1-1g.pkg
min代表次要升级
IPS-K9-sp-5.1-3.pkg
sp代表服务包（更加次要）
IPS-K9-r-1.1-a-5.1-1.pkg
r代表恢复升级（这里的恢复指IDS的系统恢复）

注意，大部分升级都是每年才一次的，自由IPS-SIG的才是每周，不过这次没有弄到

由于手头的IDS已经是5.0，因此做了min升级之后，接下来的sp升级log出来看看：

sensor(config)#:upgrade [url]ftp://10.1.1.100/IPS-K9-sp-5.1-3.pkg[/url]
User: aa
Password: **
Warning: Executing this command will apply a service pack to the application partition. The system may be rebooted to complete the upgrade.
Continue with upgrade? []: yes

Broadcast Message from root@sensor
(somewhere) at 15:07 ...

Applying update IPS-K9-sp-5.1-3.pkg. IPS applications will be stopped and syste
m will be rebooted after upgrade completes .

Broadcast Message from root@sensor
(somewhere) at 15:07 ...

Shutting down IPS applications. Applications will be restarted when update is
complete..

接下来就重启了：

Broadcast Message from root@sensor
(somewhere) at 15:09 ...

Update complete

Sending SIGKILL to all processes.
Please stand by while rebooting the system.
flushing ide devices: hda
Restarting system.

Initializing memory. Please wait. 512 MB SDRAM detected
……………………………………此处省略N内容
实际上就是linux的引导过程，redhat的。
这也是为什么IPS可以装在PC上的原因。

升级完成后我们看看：

sensor# sh ver
Application Partition:

Cisco Intrusion Prevention System, Version 5.1(3)S240.0

Host:
Realm Keys key1.0
Signature Definition:
Signature Update S240.0 2006-07-12
Virus Update V1.2 2005-11-24
OS Version: 2.4.26-IDS-smp-bigphys
Platform: NM-CIDS
Serial Number: FOC09300A19
Trial license, expires: 06-Jan-2007 UTC
Sensor up-time is 2 min.
Using 215048192 out of 509448192 bytes of available memory (42% usage)
system is using 17.4M out of 29.0M bytes of available disk space (60% usage)
application-data is using 42.4M out of 174.7M bytes of available disk space (26% usage)
boot is using 35.0M out of 75.9M bytes of available disk space (49% usage)
application-log is using 49.8M out of 2.8G bytes of available disk space (2% usage)

MainApp 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Running
AnalysisEngine 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Running
CLI 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500

Upgrade History:

* IPS-K9-min-5.1-1 05:47:00 UTC Tue Nov 15 2005
IPS-K9-sp-5.1-3.pkg 07:07:41 UTC Thu Nov 30 2006

Recovery Partition Version 1.1 - 5.1(1)

好，都已经打上去了；

接下来升级recovery application
sensor# conf t
sensor(config)# upgrade [url]ftp://10.1.1.100/IPS-K9-r-1.1-a-5.1-1.pkg[/url]
User: aa
Password: **
Warning: Executing this command will re-image the recovery partition. The system may be rebooted to complete the upgrade.
Continue with upgrade? []: yes

Broadcast Message from root@sensor
(somewhere) at 15:15 ...

Applying update IPS-K9-r-1.1-a-5.1-1.pkg

这个升级是不用重启的；这样，就升级完成了。easy把～～～

本文转自 beansprouts 51CTO博客，原文链接：http://blog.51cto.com/netwalk/66263，如需转载请自行联系原作者