Professional Special Subject – w3 log

Week 3 is also developing-related. As the ACIDBASE front-end for Snort proved to be useless and time-wasting for me and the project i’ve decided to try out other front-ends to see what i can do there. On the Snort blog there is a post with all kind of GUIs so i decided i should start from there.

I’ve decided on Snorby and other software required (pulledpork, barnyard2) to have a nice database-updating-GUI to Snort. It turned out that is way too much hastle to install each of them separatly ( you can read a walkthrough on this here ) so i decided to use something faster – a linux distro called SmoothSec that has all the tools that i was thinking and some others already deployed and ready to use. To understand how a network security monitoring system works, check out my other post.

I wouldn’t recommend for anybody to try installing/compiling/building them separately, regardless of the level of linux-know-how because it’s just too much time consuming and you’ll most likely stuck on issues related to linux distros, architecture, missing libraries, different library and software versions and so on.

My next plan is to:

  • set up a real test environment (that should have been done a week or 2 ago, but thats it)
  • dig into Snort rules and create my own rules based on my needs
  • dig into the Snorby code so that i can display the PDF reports that i want

This is part of a series of blogposts that serve as my weekly log for my professional special subject project. It has documentation purposes and it is a nice way to present your work to the teachers. For further information about my work and what i’ve learned and did follow the inbound/outbound links within these posts.

How to install Snorby for Snort

In this post i’m going to detail my experience with installing Snorby , a GUI for Snort. I first hopped into installing Snorby (having Snort installed) and thinking that’s it, but it turned out that several other software are were required for a Snorby-Snort system to work properly. I managed to do this relating to other tutorials (which can be found at the end of the post) but i have added what kind of errors i stumbled upon. Continue reading “How to install Snorby for Snort”

Snort installation error

I recently tried installing Snort on a Debian system ( apt-get install snort ) and while installing, the associated service couldn’t start which led to a dpkg error.

snort install errorI’ve checked the snort.conf file and everything was ok. My network card was functional and i had network connectivity. I then looked in the /var/log/daemon.log file like the error suggested.

snort var log daemonlogNow everything seems understandable. Note to self – always check log files. I then installed the snort-mysql package and it worked.

Professional Special Subject – w2 log

Week 2 was about an early development phase, where i just install necesary software and play around to see what posiblities i have.

The plan was to:

– install Snort with a front-end interface and start playing with to see what can i do. You can read a detailed walkthrough here. It took much more longer than i expected, because of the lack of proper documentation related to the acidbase software and things simply not working. This turned out to be a total waste of time, becase it was too much of a hastle and i didn’t acomplish anything.

– install already made solutions out there, that can provide an inspiration to my development phase or can stop me from reinventing the wheel, thus saving time. It turned out that there are a few really interesting open-source projects that can be of use. The projects below resemble my idea, but not entirely:

– setup a test environment with a server/PC running a Snort and a front-end solution, a hub and some machines that can generate traffic. I can get the traffic needed from another class that has a networking project running. Initially, i wanted to use a pfsense powered machine that can mirror traffic from the network to me. I ran into more problems than i expected but you can read about it here.

This is part of a series of blogposts that serve as my weekly log for my professional special subject project. It has documentation purposes and it is a nice way to present your work to the teachers. For further information about my work and what i’ve learned and did follow the inbound/outbound links within these posts.

How to install Snort and AcidBase GUI

I needed to install Snort and a nice GUI for it for one of my projects. I have used a virtual machine running Debian 7. I have followed some tutorials but none of helped me install everything succesfully. I ran into some weird errors but i managed to fix them.

Basically, all software needed to have a nice front-end to the IDS of choice (Snort) are:

– apache2 (webserver), php5(main backend programming language), mysql (databases), phpmyadmin (gui for databases)

– snort (what good is a front-end if we don’t have a backend), ACIDBASE (basic analysis and security engine) Continue reading “How to install Snort and AcidBase GUI”

Professional Special Subject – w1 log

As part of my current education, i have to specialise and gain more knowledge in my AP degree field, which is IT Networking with everything related – IT security, python programming, php programming, linux etc.

My subject is – Network monitoring solution for small/medium size companies.

Reason of choosing – an increase in hack attempts targeted on small/medium size company networks all over the world (see links below)

Fields and sub-fields  – IT security, IT Networking, IDS/IPS, open-source security tools Continue reading “Professional Special Subject – w1 log”