Week 3 is also developing-related. As the ACIDBASE front-end for Snort proved to be useless and time-wasting for me and the project i’ve decided to try out other front-ends to see what i can do there. On the Snort blog there is a post with all kind of GUIs so i decided i should start from there.
I’ve decided on Snorby and other software required (pulledpork, barnyard2) to have a nice database-updating-GUI to Snort. It turned out that is way too much hastle to install each of them separatly ( you can read a walkthrough on this here ) so i decided to use something faster – a linux distro called SmoothSec that has all the tools that i was thinking and some others already deployed and ready to use. To understand how a network security monitoring system works, check out my other post.
I wouldn’t recommend for anybody to try installing/compiling/building them separately, regardless of the level of linux-know-how because it’s just too much time consuming and you’ll most likely stuck on issues related to linux distros, architecture, missing libraries, different library and software versions and so on.
My next plan is to:
- set up a real test environment (that should have been done a week or 2 ago, but thats it)
- dig into Snort rules and create my own rules based on my needs
- dig into the Snorby code so that i can display the PDF reports that i want
This is part of a series of blogposts that serve as my weekly log for my professional special subject project. It has documentation purposes and it is a nice way to present your work to the teachers. For further information about my work and what i’ve learned and did follow the inbound/outbound links within these posts.