{"id":4164,"date":"2024-06-15T09:03:58","date_gmt":"2024-06-15T01:03:58","guid":{"rendered":"https:\/\/www.aqwu.net\/wp\/?p=4164"},"modified":"2024-06-16T11:02:24","modified_gmt":"2024-06-16T03:02:24","slug":"fireeyetrellix%e4%b8%80%e4%ba%9b%e4%ba%a7%e5%93%81%e7%9a%84%e5%b8%b8%e8%a7%84%e5%91%bd%e4%bb%a4%e6%93%8d%e4%bd%9c","status":"publish","type":"post","link":"https:\/\/www.aqwu.net\/wp\/?p=4164","title":{"rendered":"FireEye(Trellix)\u4e00\u4e9b\u4ea7\u54c1\u7684\u5e38\u89c4\u547d\u4ee4\u884c\u64cd\u4f5c"},"content":{"rendered":"\n

1. \u4e32\u53e3\u53c2\u6570\uff1a<\/strong><\/h2>\n\n\n\n

\u6ce2\u7279\u7387(Baud rate)\uff1a115200\uff1b<\/p>\n\n\n\n

\u6570\u636e\u4f4d\u6570(Data bits)\uff1a8\uff1b<\/p>\n\n\n\n

\u505c\u6b62\u4f4d\u6570(Stop bits)\uff1a1\uff1b<\/p>\n\n\n\n

\u5947\u5076\u6821\u9a8c(Parity)\uff1a\u65e0(None)\uff1b<\/p>\n\n\n\n

\u6d41\u63a7\u5236(Flow control\uff09\uff1aXON\/XOFF<\/p>\n\n\n\n

\u5c31\u662f\u4e00\u822c\u8f6f\u4ef6\u7684\u9ed8\u8ba4\u503c<\/p>\n\n\n\n

2. \u66f4\u6539\u8bbe\u5907\u9ed8\u8ba4\u7528\u6237\u5bc6\u7801<\/strong><\/h2>\n\n\n\n
hostname > enable \nhostname # configure terminal\nhostname (config) # username admin password newpassword\nhostname (config) # write memory\nSaving configuration file \u2026 Done!\nhostname (config) #\n<\/pre><\/div>\n\n\n\n
3. \u66f4\u6539\u8bbe\u5907\u9ed8\u8ba4IP<\/strong><\/h2>\n\n\n\n
hostname > enable \nhostname # configure terminal\nhostname (config) # no interface ether1 dhcp\nhostname (config) # interface ether1 ip address 192.168.88.225 \/24\nhostname (config) # ip default-gateway 192.168.88.1 ether1 \nhostname (config) # ip name-server 192.168.88.1\nhostname (config) # write memory\nSaving configuration file \u2026 Done!\nhostname (config) #\n<\/pre><\/div>\n\n\n\n
4. \u91cd\u542f<\/strong><\/h2>\n\n\n\n
hostname > enable \nhostname # configure terminal\nhostname (config) # reload\nConfiguration has been modified; save first? [yes] yes\nhostname (config) # \n<\/pre><\/div>\n\n\n\n
5. \u5173\u673a<\/strong><\/h2>\n\n\n\n
hostname > enable \nhostname # configure terminal\nhostname (config) # reload halt  \nConfiguration has been modified; save first? [yes] yes\nhostname (config) # \n<\/pre><\/div>\n\n\n\n
6. \u663e\u793a\u5f53\u524d\u914d\u7f6e<\/strong><\/h2>\n\n\n\n
hostname > enable \nhostname # configure terminal\nhostname (config) # show run-config\nhostname (config) #\n<\/pre><\/div>\n\n\n\n
7. metadata \u66f4\u65b0<\/strong><\/h2>\n\n\n\n
hostname (config) # fenet metadata refresh\ncms.version.latest: check-done: New system image 10.0.1 is available\ncms.version.latest: check-done: New system image 10.0.1 is available\nmeta data deployed successfully.\nhostname (config) #\n\n<\/pre><\/div>\n\n\n\n
\u8fd9\u4e2a\u662f\u68c0\u67e5\u7cfb\u7edf\u955c\u50cf image \u662f\u5426\u6240\u6709\u9700\u8981\u66f4\u65b0<\/p>\n\n\n\n
8. image \u68c0\u67e5\u548c\u66f4\u65b0<\/strong><\/h2>\n\n\n\n
hostname (config) # show fenet image status\nProgress of latest action taken:\n  action check initiated                        Sat Jun 15 01:31:35 2024\n  applying check for image                      emps\n  action check completed                        Sat Jun 15 01:31:36 2024\n  check-done: New OS-image available: 10.0.1    status\nhostname (config) #\nhostname (config) # fenet image fetch\nOperation initiated in the background.\n  Run 'show fenet image status' for status\nhostname (config) #\nhostname (config) # show fenet image status\nProgress of latest action taken:\n  action fetch initiated                        Sat Jun 15 01:35:31 2024\n  applying fetch for image                      emps\n  fetching requested image 10.0.1               initiated\n  fetching image-emps_10.0.1                    0 % completed\nhostname (config) #\nhostname (config) # show fenet image status\nProgress of latest action taken:\n  action fetch initiated                        Sat Jun 15 01:35:31 2024\n  applying fetch for image                      emps\n  fetching image-emps_10.0.1                    100 % completed\n  cleaning up disk space                        done\n  fetching requested image 10.0.1               done\n  action fetch completed                        Sat Jun 15 01:36:37 2024\n  fetch-done: OS image downloaded successfully: image-emps_10.0.1.img status\nhostname (config) #\nhostname (config) #\nhostname (config) # fenet image install\nOperation initiated in the background.\n  Run 'show fenet image status' for status\nhostname (config) #\nhostname (config) # show fenet image status\nProgress of latest action taken:\n  action install initiated                      Sat Jun 15 01:37:36 2024\n  applying install for image                    emps\n  installing image-emps_10.0.1.img              initiated\nhostname (config) #\nhostname (config) # show fenet image status\nProgress of latest action taken:\n  action check initiated                        Sat Jun 15 01:41:21 2024\n  applying check for image                      emps\n  install-info: New image installed successfully (Reload required) status\nhostname (config) #\nhostname (config) # show images\nInstalled images:\n\n  Partition 1:\n  emps eMPS (eMPS) 10.0.1.997401 #997401 2024-03-12 10:11:55 x86_64 build@vta934:Trellix\/10.0.x-bona\n\n  Partition 2:\n  emps eMPS (eMPS) 9.1.4.979731 #979731 2022-10-27 00:09:14 x86_64 build@vta948:Trellix\/9.1.x-rainier\n\nLast boot partition: 2\nNext boot partition: 1\n\nImages available to be installed:\n\n  image-emps_10.0.1.img\n  emps eMPS (eMPS) 10.0.1.997401 #997401 2024-03-12 10:11:55 x86_64 build@vta934:Trellix\/10.0.x-bona\n\n  image-emps_9.1.4.img\n  emps eMPS (eMPS) 9.1.4.979731 #979731 2022-10-27 00:09:14 x86_64 build@vta948:Trellix\/9.1.x-rainier\n\nNo image install currently in progress.\n\nBoot manager admin password:      undisclosed password set\nBoot manager tools menu password: undisclosed password set\n\nImage signing: trusted signature always required\nAdmin require signed images: no (not active)\n\nSettings for next boot only:\n   Fallback reboot on configuration failure: yes (default)\nhostname (config) #\nhostname (config) # reload\nConfiguration has been modified; save first? [yes]\nConfiguration changes saved.\nRebooting...\nhostname (config) #\n\nSystem shutdown initiated -- logging off.\n\n\n<\/pre><\/div>\n\n\n\n
\u8fd9\u662f\u4e00\u4e2a EX \u8bbe\u5907\u5b8c\u6210\u7684\u66f4\u65b0\u64cd\u4f5c\u8fc7\u7a0b\uff0c\u5176\u4ed6\u6bd4\u5982HX,NX,FX,AX \u7b49\u7c7b\u4f3c<\/p>\n\n\n\n
9. guest-images \u68c0\u67e5\u548c\u66f4\u65b0<\/strong><\/h2>\n\n\n\n
hostname (config) # \nhostname (config) # show fenet guest-images status\n\nDTI Guest-images Server Settings:\n\n  Dynamic Threat Intelligence Service\n    Update source        : <online>\n    Enabled              : yes\n    Address              : 192.168.88.88 : singleport\n    Username             : fev-xxxxxxxx\n  Guest-images Automatic actions\n    Enabled              : yes\n    Action               : update\n    Email Notify         : no\n    Scheduled            : daily during off-peak at 0:53\n\nFenet Guest-images Metadata:\n  Guest-images Package Info\n    Status ok            : no\n    Supported versions   : -\n    Installed version    : 21.0302\n    Available version    : 23.1202\n\nhostname (config) # \nhostname (config) # guest-images download-and-install\nThe following new profiles will be downloaded and installed:\n  centos-7.2 - 17.0107\n  osx-10.11.3 - 16.1201\n  osx-10.8.2 - 16.1201\n  win10x64m - 23.1202\n  win7-sp1m - 23.1202\n  win7x64-sp1m - 23.1202\n  winxp-sp3m - 23.1202\nDownloading guest-images\nRun 'show guest-images download' to check status.\n\nhostname (config) # \nhostname (config) # show guest-images download\n\nA guest-image download is in progress.\n\n  Overall progress: (12.36 % completed)\n  system is now downloading image osx-10.11.3.img for profile osx-10.11.3\n  time elapsed since start of download: 46m 44s\n\nRun 'guest-images download cancel' to cancel.\n\n  Default download limit-rate: None\n\n\nStatus of most recent guest-images operation:\n\nDownload-Progress: Guest images are being downloaded.\n\nFenet source: CMS (192.168.88.8 : single-port)\nDownload speed: 12.93 MBps\nhostname (config) # show guest-images download\n\nFound New Guest-images Downloaded but NOT installed!\nDownloaded Time: 2024-06-15 11:19:28\n\nThe following downloaded Guest-image profiles are available for install:\n  centos-7.2 (Version 17.0107): Linux OS centos-7.2.\n  osx-10.11.3 (Version 16.1201): Mac OS X 10.11.3 English 64-bit.\n  osx-10.8.2 (Version 16.1201): Mac OS X 10.8.2 English 64-bit.\n  win10x64m (Version 23.1202): Windows 10 English 64-bit (Intel).\n  win7-sp1m (Version 23.1202): Windows 7 SP1 English 32-bit (Intel).\n  win7x64-sp1m (Version 23.1202): Windows 7 sp1 English 64-bit (Intel).\n  winxp-sp3m (Version 23.1202): Windows XP sp3 English 32-bit (Intel).\n\nRun 'guest-images install' to install Guest-image downloads.\nRun 'guest-images download delete' to delete downloads.\n\n\nStatus of most recent guest-images operation:\n\nDownload-Done: Guest images have been downloaded.\n\nFenet source: CMS (192.168.88.8 : single-port)\nhostname (config) # guest-images install\nFound guest-images that can be installed\nInstalling guest-images\nTerminating running workorders and virtual analysis subsystem ............\nInstallation complete!\nhostname (config) #\nhostname (config) # show guest-images\n\nRelease(bundle) version: 23.1202\n\nName            ID      Disabled  Version  Type\ncentos-7.2      30      -         17.0107  Analysis\nosx-10.11.3     93      -         16.1201  Analysis\nosx-10.8.2      90      -         16.1201  Analysis\nwin10x64m       68      -         23.0102  Analysis\nwin7-sp1m       65      -         23.0102  Analysis\nwin7x64-sp1m    66      -         23.0102  Analysis\nwinxp-sp3m      43      -         23.0102  Analysis\n\n\nInstalled at : 2024-06-16 02:54:45\n\n\nA guest-image manifest download is in progress.\n\n\nStatus of most recent guest-images operation:\n\nInstall-Done: operation is complete\n\nFenet source: CMS (192.168.88.8 : single-port)\nhostname (config) #\n<\/pre><\/div>\n\n\n\n
10. CMS \u4e0a\u67e5\u770bsecurity-content\u3001image \u548c guest-images \u7f13\u5b58\u60c5\u51b5<\/strong><\/h2>\n\n\n\n
hostname (config) # show fenet dti proxy cached-content\n\n        Size  Type         File\n\n     2776496  SC-Delta     sc-stable_1479.254_6ff9e8822a5c876e6c6af1c9baca8100734f726c_1479.256.img\n  1078344063  SysImage     image-emps_10.0.1.img\n 19842362556  GI           win7x64-sp1m.23.0102.img\n     2556297  SC-Delta     sc-stable_1479.252_8510ecdd289a872e330413bc8e8d5dcd35066cd8_1479.254.img\n     2564056  SC-Delta     sc-stable_1479.248_9dc78117ad8c847f280dd3cf8e57225b382a0be1_1479.250.img\n  7115302012  GI           winxp-sp3m.23.0102.img\n 18060450158  GI           win7-sp1m.23.0102.img\n     2701752  SC-Delta     sc-stable_1479.250_ffb9fc87525664e5ed0b9459fb6650f9f9c2d08e_1479.252.img\n  3443554927  GI           centos-7.2.17.0107.img\n 13033986812  GI           osx-10.8.2.16.1201.img\n 12399030239  GI           win10x64m.23.0102.img\n\nhostname (config) #\n<\/pre><\/div>\n\n\n\n
\u4f7f\u7528CMS(CM) \u7684\u597d\u5904\u662f\uff0c\u6709\u4e9b\u5185\u5bb9\u4f1a\u7f13\u5b58\uff0c\u6bd4\u5982\u6c99\u7bb1\u7c7b\u7684 NX,EX,AX,FX,VX \u4ea7\u54c1\uff0c\u4f7f\u7528\u7684\u540c\u6837\u7684 guest-images<\/strong> \u548c security-content<\/strong>\u3002\u4e00\u6b21\u66f4\u65b0\uff0c\u5176\u4ed6\u90fd\u4f1a\u7528\u5230\u3002<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
1. \u4e32\u53e3\u53c2\u6570\uff1a \u6ce2\u7279\u7387(Baud rate)\uff1a115200\uff1b \u6570\u636e\u4f4d\u6570(Data bits)\uff1a8\uff1b \u505c\u6b62\u4f4d\u6570 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[14,156],"class_list":["post-4164","post","type-post","status-publish","format-standard","hentry","category-fireeye","tag-fireeye","tag-trellix"],"views":2986,"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4164"}],"version-history":[{"count":13,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4164\/revisions"}],"predecessor-version":[{"id":4180,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4164\/revisions\/4180"}],"wp:attachment":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}