Cisco IPS4360 The IPS4300 series is the latest intrusion prevention/detection system by Cisco Systems, it has two quad core CPUs, 8GB RAM and 8GB flash, it has an option for redundant power supply as well. If you are using Cisco security manager to manage be sure to use Cisco Security Manager version 4.3, Cisco Security … Continue reading Cisco Systems: IPS4360, Cisco Security Manager, simple example on how to create a test plan
The initial setup for Cisco IPS4360. Run the command setup to get started.
Nagios cleartext password is encoded with base64 which can be easily reversed with base64-ascii converter. The rule was fired when basic authentication in base64 is unencrypted. Nice...
I am not good with bash, so I use /etc/rc.local to start the services every time my ubuntu server 12.04 LTS restarted.
This rule can be enabled or disabled in decoder-events.rules, for my case the rules are installed in /etc/suricata/rules under Checksum rules section.
the default rules directory is not the same as the one i am using. I need to change it in order to utilize the rules in my own directory /etc/suricata/rules I changed the config to: Restart suricata: sudo suricata -c /etc/suricata/suricata.yaml -i eth0 -D
Reference 1: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Snorby_and_Barnyard2_set_up_guide Reference 2: http://www.aldeid.com/wiki/Suricata/Setting-up-rules Reference 3: https://www.corelan.be/index.php/2011/02/27/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x/ Reference 4: https://github.com/Snorby/snorby/issues/102#issuecomment-1704653 Reference 5: http://www.aldeid.com/wiki/Snorby Disclaimer I claimed no credits for this post, this post is for my own personal reference while installing the components onto the Ubuntu Server 12.04 LTS. No plagiarism is intended! All setup credits go to References above. Please follow the … Continue reading Building an IDS : installing snorby, suricata and barnyard2