SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, November 9, 2010

Updates to Sguil on FreeBSD Scripts

Posted on 7:38 PM by Unknown
Early last year I posted Notes on Installing Sguil Using FreeBSD 7.1 Packages where I examined using the various FreeBSD ports for Sguil. In that post I showed that a lot of work was required to deploy Sguil, even if you used the ports or packages. Previously I've written about a set of scripts I maintain for deploying Sguil platforms in my lab. I decided to take a look at those scripts and update them for a modern environment, since a lot has happened in the almost two years since I last used the scripts.

First, I tested my old scripts on FreeBSD 7.x, and now 8.x is common. Second, Snort 2.9.0.1 is available, and with it the new DAQ mechanism for accessing network traffic. Third, Barnyard has been deprecated in favor of Barnyard2, thanks to the guys at the NSMNow project. There have been a lot of changes with rules and other areas. I also wanted to try running a 64 bit environment on a Dell R200 as my primary lab sensor. Finally, I decided to switch from using CVS at Sourceforge to Git at Sourceforge. I'll explain that in a separate post.

The end result of my work is available now at http://taosecurity.git.sourceforge.net. Please remember that these scripts are basically a way for me to document how I installed certain versions of various NSM applications on a specific FreeBSD platform. There's no error checking, and no support available. Basically, if you want to see how I deploy all of the non-client parts of Sguil on FreeBSD 8.1, feel free to check out the scripts.

One aspect of this that might be helpful is that by reading the scripts you can follow how to go from a basic FreeBSD installation to a completely functioning, all-in-one (minus the client) Sguil platform.

Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in sguil | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Practice of Network Security Monitoring Table of Contents
    Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monito...
  • Review of Intelligence, 4th Ed Posted
    Amazon.com just posted my five star review of Intelligence: From Secrets to Policy, 4th Ed by Mark Lowenthall . From the review : I was a...
  • Bejtlich's Thoughts on "Why Our Best Officers Are Leaving"
    Twenty-two years ago today I flew to Colorado Springs, CO and reported for Basic Cadet Training with the class of 1994 at the United States ...
  • Review of Robust Control System Networks Posted
    Amazon.com just posted my five star review of Robust Control System Networks by Ralph Langner . From the review : I am not an industrial ...
  • Mandiant APT1 Report: 25 Best Commentaries of the Last 12 Days
    Two weeks ago today our team at Mandiant was feverishly preparing the release of our APT1 report . In the twelve days that followed public...
  • Happy 7th Birthday TaoSecurity Blog
    Today, 8 January 2010, is the 7th birthday of TaoSecurity Blog . I wrote my first post on 8 January 2003 while working as an incident resp...
  • Tort Law on Negligence
    If any lawyers want to contribute to this, please do. In my post Shodan: Another Step Towards Intrusion as a Service , some comments claim ...
  • Bejtlich Teaching at Black Hat West Coast Trainings
    I'm pleased to announce that I will be teaching at  Black Hat West Coast Trainings  9-10 December 2013 in Seattle, Washington. This is a...
  • Bejtlich to Speak at SANS Forensics and Incident Response 2010
    I am pleased to announce that I will return for the third SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. R...
  • Bejtlich Teaching at Black Hat DC 2011
    Over the holiday break I've been putting the finishing touches on TCP/IP Weapons School 3.0 , to be presented first at Black Hat DC 2011...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ▼  2010 (193)
    • ►  December (14)
    • ▼  November (11)
      • Trying Ubuntu 10.10 in AWS Free Usage Tier
      • 60 Free Minutes with Ubuntu 10.10 in Amazon EC2
      • Stop Killing Innovation
      • The Problem Is with Gmail
      • FreeBSD Sendmail Problem
      • Thanks for Help with Startup Scripts
      • Calling FreeBSD Startup Script Experts
      • Two New Tools in Snort
      • Using Git with FreeBSD Sguil Scripts
      • Updates to Sguil on FreeBSD Scripts
      • Collage: Defeating Censorship [aka Security] with ...
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile