Light

xxoxx / onestopids Goto Github PK

View Code? Open in Web Editor NEW

This project forked from dustinmhorvath/onestopids

0.0 1.0 0.0 13 KB

Downloads, builds, and installs Suricata IDS, Barnyard2 web-parser, and Snorby web-ui frontend.

Shell 100.00%

onestopids's Introduction

OneStopIDS

###Single machine, single interface intrusion detection.

Downloads, builds, and installs Suricata IDS, Barnyard2 log/database-parser, and Snorby web-ui frontend.
Built and tested for Debian 8 Jessie 64-bit.
This implementation is currently in BETA. Has been confirmed working on clean install of Debian 8, though has only been tested in a limited environment. Expect revisions.

###Install:

Execute install.sh. Requires sudo privileges.
Install takes a long time. Expect a setup time anywhere from 30 to 120 minutes, depending on your hardware.
You'll need to use routing to mirror traffic from the network in question to the machine running OneStopIDS. This can be accomplished with router-supported port mirroring or by using firewall rules such as: iptables -t mangle -A POSTROUTING -d 0.0.0.0/0 -j ROUTE --tee --gw $MACHINE_IP_HERE iptables -t mangle -A PREROUTING -s 0.0.0.0/0 -j ROUTE --tee --gw $MACHINE_IP_HERE

###Requirements:

2170 MB free disk space
1 GB ram
~2?GB swap space for compilation

Note: considerable memory is used for compiling ruby gems, which generally fail gracefully but with unhelpful error messages when memory is filled. Actual required running memory is likely much lower, so this can be reduced for a physical machine or VM after Snorby deployment.

###Components:

Suricata is a next-generation intrusion detection system that supports multi-core architectures as well as additional performance enhancements, and can be considered a more sophisticated version of Snort.
Barnyard2 is a log-parser that can convert Suricata's output detection logs into database entries. It stores these entries with MySQL.
Snorby is a web-ui frontend built using Ruby on Rails. It is relatively complex and relies on quite a few dependencies to be built from source. It's capable of interpreting Barnyard2's database entries (which also work with Snort), and can perform rule lookups using Suricata's ruleset. It supports multiple users, alerts, emails, and other useful features.

###Utilizes:

Apache
Ruby
Rails
MySQL
Git
wkhtmltopdf
Nokogiri
Passenger

onestopids's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.