쫑콩아빠의 지금 이 순간...

SW1#show running-config
Building configuration...
Current configuration : 2057 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
no ip cef
ip routing
!
no ipv6 cef
!no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 12
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 13
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 70
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan12
mac-address 00e0.a364.8001
ip address 7.7.12.254 255.255.255.0
!
interface Vlan13
mac-address 00e0.a364.8002
ip address 7.7.13.254 255.255.255.0
!
interface Vlan70
mac-address 00e0.a364.8003
ip address 7.7.7.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.7.0 0.0.0.255 area 0
network 7.7.12.0 0.0.0.255 area 0
network 7.7.13.0 0.0.0.255 area 0
default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 7.7.7.254
!
ip flow-export version 9
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW2#show running-config
Building configuration...
Current configuration : 1990 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW2
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 12
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 24
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 23
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan12
mac-address 00d0.d33a.8301
ip address 7.7.12.1 255.255.255.0
!
interface Vlan23
mac-address 00d0.d33a.8302
ip address 7.7.23.1 255.255.255.0
!
interface Vlan24
mac-address 00d0.d33a.8303
ip address 7.7.24.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.12.0 0.0.0.255 area 0
network 7.7.24.0 0.0.0.255 area 0
network 7.7.23.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW3#show running-config
Building configuration...
Current configuration : 1990 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW3
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 13
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 35
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 23
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan13
mac-address 0060.2f0d.7c01
ip address 7.7.13.1 255.255.255.0
!
interface Vlan23
mac-address 0060.2f0d.7c02
ip address 7.7.23.2 255.255.255.0
!
interface Vlan35
mac-address 0060.2f0d.7c03
ip address 7.7.35.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.13.0 0.0.0.255 area 0
network 7.7.23.0 0.0.0.255 area 0
network 7.7.35.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW4#show running-config
Building configuration...
Current configuration : 1990 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW4
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 24
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 46
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 45
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan24
mac-address 0090.0c39.3c01
ip address 7.7.24.1 255.255.255.0
!
interface Vlan45
mac-address 0090.0c39.3c02
ip address 7.7.45.1 255.255.255.0
!
interface Vlan46
mac-address 0090.0c39.3c03
ip address 7.7.46.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.24.0 0.0.0.255 area 0
network 7.7.46.0 0.0.0.255 area 0
network 7.7.45.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW5#show running-config
Building configuration...
Current configuration : 1990 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW5
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 35
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 56
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 45
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan35
mac-address 000b.be12.9401
ip address 7.7.35.1 255.255.255.0
!
interface Vlan45
mac-address 000b.be12.9402
ip address 7.7.45.2 255.255.255.0
!
interface Vlan56
mac-address 000b.be12.9403
ip address 7.7.56.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.35.0 0.0.0.255 area 0
network 7.7.45.0 0.0.0.255 area 0
network 7.7.56.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW6#show running-config
Building configuration...
Current configuration : 1988 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW6
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 46
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 56
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 80
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan46
mac-address 0001.97cd.4801
ip address 7.7.46.1 255.255.255.0
!
interface Vlan56
mac-address 0001.97cd.4802
ip address 7.7.56.1 255.255.255.0
!
interface Vlan80
mac-address 0001.97cd.4803
ip address 7.7.8.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.46.0 0.0.0.255 area 0
network 7.7.56.0 0.0.0.255 area 0
network 7.7.8.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

기본 Hadware 정보 및 주요 명령어

uptime : 장비 업타임 확인(부팅이 되고 지난 일 수)

TMOUT=0 : 장비 접속 세션 유지
=> 분 단위이며, 0을 입력하면 시간 제한이 없음

top : IPS의 현재 CPU 정보 확인

cat /proc/cpuinfo : IPS의 CPU 정보 확인

df -h : IPS의 현재 DISK 용량 상태 정보 확인

free : IPS의 현재 Memory 용량 정보 확인

cat /proc/meminfo : IPS의 현재 Memory 사용량 확인

ps -ef : 현재 사용중인 Process 확인

lsmod : 데몬 활성화 / 비활성화 확인
=> IPS의 2세그먼트 기준으로 NIC정보 값이 8이면 데몬 활성화 / 0일 경우 데몬 비활성화 상태

init 0 : 장비 전원 OFF

init 6 : 장비 리부팅

cd /home1/sniper/sniper 디렉토리 이동 후
./sniper : 장비 데몬 ON/OFF
./sniper -v : 현재 IPS 버전 정보 확인
./sniper -O : 현재 IPS SSL버전 정보 확인

Traffic 관련

cd /home1/sniper/sniper 디렉토리 이동 후
./isconfig 혹은 ./wgconfig
=> 장비의 NIC에 따라 명령어 달라짐
=> In, Out 트래픽, 인터페이스 에러, 정책에 의한 Drop 카운트 확인 가능
./isconfig |grep error
=> 점검 시, error값으로 sort하여 이상 유무 확인

Config 백업 관련

cd /home1/sniper 디렉토리 이동 후
cp -rfp config config_YYMMDD : config 파일 복사
tar -cvzf config_YYMMDD.tar.gz config_YYMMDD : config 파일 압축
mv config_YYMMDD.tar.gz /backup : 압축한 config 파일을 /backup 디렉토리로 이동

Log 확인

cat /var/log/messages : IPS 로그 전체 정보 확인

cd /var/log 이동 후
tail -n 숫자 messages : 최근 로그부터 숫자만큼 정보 확인
=> 예를 들어 tail -n 100 messages 명령어인 경우 최근 100개의 로그 메세지 확인 가능

dmesg : 장비 부팅 로그 확인

기타

#df -h
#more /home1/sniper/config/sniper.dat ->제품의 S/N, License 정보
#more /home1/sniper/config/sniper.cfg -> 각종 운영 설정 관련 정보
#sniper_network.sh
#ps -ef|grep sniper
#netstat -na
#cd /home1/sniper/sniper -> #./skill sniper
#cd /home1/sniper/sniper -> #./sniper
#cd /home1/sniper/sniper -> #./nic_setup.sh
#cd /home1/sniper/sniper -> #./wgconfig

WD -i eth0 -s 1600 -w packet.pcap -> 관리포트 패킷 수집

tcpdump -i eth0 -s 1600 -w filename.pcap -> 패킷덤프

auto_create_partition.sh -> HDD장애 시 HDD 교체 후 해당 스크립트를 이용하여 자동으로 Partition 설정함

config_gather -> 설정 정보 확인(결과는 /backup/Config_Gathering/에 txt 파일로 저장됨)

#lspci -> 장착되어 있는 NIC 정보 확인

more /home1/sniper/sniper/is_insmode.sh_ -> mode/speed 등

more /home1/sniper/sniper/sn_insmode.sh_

#/home1/sniper/sniper/sniper -v

rm -rf /home1/sniper/config/master.dat ->> Sniper Daemon Restart 관리자 접속 안될경우

sniper_network.sh eth1