Start barnyard2, suricata, snorby workers after booting up

I am not good with bash, so I use /etc/rc.local to start the services every time my ubuntu server 12.04 LTS restarted.

Advertisements

Change rules location from suricata.yaml

the default rules directory is not the same as the one i am using. I need to change it in order to utilize the rules in my own directory /etc/suricata/rules I changed the config to: Restart suricata: sudo suricata -c /etc/suricata/suricata.yaml -i eth0 -D

Building an IDS : installing snorby, suricata and barnyard2

Reference 1: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Snorby_and_Barnyard2_set_up_guide Reference 2: http://www.aldeid.com/wiki/Suricata/Setting-up-rules Reference 3: https://www.corelan.be/index.php/2011/02/27/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x/ Reference 4: https://github.com/Snorby/snorby/issues/102#issuecomment-1704653 Reference 5: http://www.aldeid.com/wiki/Snorby Disclaimer I claimed no credits for this post, this post is for my own personal reference while installing the components onto the Ubuntu Server 12.04 LTS. No plagiarism is intended! All setup credits go to References above. Please follow the … Continue reading Building an IDS : installing snorby, suricata and barnyard2

Building an IDS/IPS on a Linux machine Part 1 – Preparation work

I am learning how to build an IDS/IPS machine from Centos 6.3 minimal installation from a friend, so here's the preparation work. I claim no credit for this post, this is the instruction by my great friend William. For CentOS 6.2 minimal installation I will need libcap-ng, libcap-ng-devel, libdnet, file and file-devel, magic and magic-devel, … Continue reading Building an IDS/IPS on a Linux machine Part 1 – Preparation work