Building an IDS : installing snorby, suricata and barnyard2

Reference 1: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Snorby_and_Barnyard2_set_up_guide Reference 2: http://www.aldeid.com/wiki/Suricata/Setting-up-rules Reference 3: https://www.corelan.be/index.php/2011/02/27/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x/ Reference 4: https://github.com/Snorby/snorby/issues/102#issuecomment-1704653 Reference 5: http://www.aldeid.com/wiki/Snorby Disclaimer I claimed no credits for this post, this post is for my own personal reference while installing the components onto the Ubuntu Server 12.04 LTS. No plagiarism is intended! All setup credits go to References above. Please follow the … Continue reading Building an IDS : installing snorby, suricata and barnyard2

Building an IDS/IPS on a Linux machine Part 1 – Preparation work

I am learning how to build an IDS/IPS machine from Centos 6.3 minimal installation from a friend, so here's the preparation work. I claim no credit for this post, this is the instruction by my great friend William. For CentOS 6.2 minimal installation I will need libcap-ng, libcap-ng-devel, libdnet, file and file-devel, magic and magic-devel, … Continue reading Building an IDS/IPS on a Linux machine Part 1 – Preparation work

ASA5505: Basic IPS support

Ths software IPS support in ASA5505 without the AIP-SSC is very minimal, the signature categories are ATTACK and INFO. For more information regarding the ATTACK and INFO signatures you can read the book written by Richard Deal - Cisco ASA Configuration - Chapter 24: Network Attack Preventions, page 587. Create IP audit name There are … Continue reading ASA5505: Basic IPS support

OSSEC analysisd: Testing rules failed. Configuration error. Exiting.

When you start Ossec version 2.6 there is this message: This is because in /var/ossec/bin/ossec-control the path of ossec-logtest is wrong. The location of ossec-logtest is /var/ossec/ossec-logtest which is wrong, ossec-logtest is in /var/ossec/bin/ directory, either you change the ossec-control source code to echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1; or use a symbolic link ln … Continue reading OSSEC analysisd: Testing rules failed. Configuration error. Exiting.

Snort: libsfbpf.so.0 error

While I was doing snort -c /usr/local/snort/etc/snort.conf --dump-dynamic-rules=/usr/local/snort/so_rules CentOS6.2 received an error like this: error while loading shared libraries: libsfbpf.so.0: cannot open shared object file: No such file or directory The same error occurs when doing snort -c /usr/local/snort/etc/snort.conf -T The way to solve this is to type ldconfig, after that try the snort -c … Continue reading Snort: libsfbpf.so.0 error