Basic understanding of Snort rules

An IDS, such as Snort, is practically useless without a strong and up-to-date set of rules of signatures. It is the same thing as running an antivirus with outdated virus signatures. You just think you are protected. I tried to understand what is rule and what is it composed of.

A rule or signature is basically a piece of text/code that describes a state and then an action that is to be performed if that state is true. Continue reading “Basic understanding of Snort rules”

Professional Special Subject – w3 log

Week 3 is also developing-related. As the ACIDBASE front-end for Snort proved to be useless and time-wasting for me and the project i’ve decided to try out other front-ends to see what i can do there. On the Snort blog there is a post with all kind of GUIs so i decided i should start from there.

I’ve decided on Snorby and other software required (pulledpork, barnyard2) to have a nice database-updating-GUI to Snort. It turned out that is way too much hastle to install each of them separatly ( you can read a walkthrough on this here ) so i decided to use something faster – a linux distro called SmoothSec that has all the tools that i was thinking and some others already deployed and ready to use. To understand how a network security monitoring system works, check out my other post.

I wouldn’t recommend for anybody to try installing/compiling/building them separately, regardless of the level of linux-know-how because it’s just too much time consuming and you’ll most likely stuck on issues related to linux distros, architecture, missing libraries, different library and software versions and so on.

My next plan is to:

  • set up a real test environment (that should have been done a week or 2 ago, but thats it)
  • dig into Snort rules and create my own rules based on my needs
  • dig into the Snorby code so that i can display the PDF reports that i want

This is part of a series of blogposts that serve as my weekly log for my professional special subject project. It has documentation purposes and it is a nice way to present your work to the teachers. For further information about my work and what i’ve learned and did follow the inbound/outbound links within these posts.

OpenBiblio blurred barcodes

I’ve mentioned that i’ve set up the schools library using OpenBiblio. Everything was working, barcodes were printed, but their quality was questionable. (the text and barcodes were blurred – as in like the printer was shaking when it was printing)

We were sure that the printer is capable of doing a good job , as it did before. When i was generating reports using Firefox as a browser, the PDF would be opened within the browser where i would print it. The resulting print was with the blurred lines. When i was generating reports using Chromium as a browser, the PDF would be downloaded – so i would print directly from the file, but i got a total different result, as you can see in the picture: Continue reading “OpenBiblio blurred barcodes”

How to install Snorby for Snort

In this post i’m going to detail my experience with installing Snorby , a GUI for Snort. I first hopped into installing Snorby (having Snort installed) and thinking that’s it, but it turned out that several other software are were required for a Snorby-Snort system to work properly. I managed to do this relating to other tutorials (which can be found at the end of the post) but i have added what kind of errors i stumbled upon. Continue reading “How to install Snorby for Snort”

Health Games Lab Administrator

I mentioned in an earlier post that i’m responsable with a laboratory at school and everything related to it – devices, cables, organizing, labeling etc. What is Health Games lab? Well, it’s lab belonging to EAL (Erhvervsakademiet Lillebælt) located on Ejlskovsgade 3 in Odense, Denmark.

The original idea for “health games” came from an interesting concept that combines technology and patient rehabilitation. You can find more info on this website dedicated to Health Games, here in Denmark. Some of the schools former students made some cool stuff, including a kinect-version of PacMan. You can find a video here. Other students just used the lab and the equipment for their own projects, like i did. Continue reading “Health Games Lab Administrator”

Pimp the Elevator – an innovation exercise

Teachers here at the faculty prepared a small exercise for us that will also be used in the upcoming “Empower to the people” event. The idea was to “pimp” the elevator so that people coming to the event will actually “feel”/see that the elevator is taking them to a FabLab, by modifying it as we please (except to tamper with the wiring and elevator mechanics). Continue reading “Pimp the Elevator – an innovation exercise”

Snort installation error

I recently tried installing Snort on a Debian system ( apt-get install snort ) and while installing, the associated service couldn’t start which led to a dpkg error.

snort install errorI’ve checked the snort.conf file and everything was ok. My network card was functional and i had network connectivity. I then looked in the /var/log/daemon.log file like the error suggested.

snort var log daemonlogNow everything seems understandable. Note to self – always check log files. I then installed the snort-mysql package and it worked.