![]() Http: //jamieyu.com /snort-sguil-ids / Created: 20120204 Updated: 20120221 I recently built Sguil 0.8 on RHEL 6 64-bit servers. This is a nice upgrade for my IDS systems from the good old Sguil 0.7 on RHEL 5 32-bit IDS systems I built back in 2008. There are a few build guides available on Sguil, but I haven’t found one that addresses this specific environment. ![]() I’m publishing the steps I took to build my IDS systems here. Hopefully it will give some guidance to others who intend to do the same. There are many ways to build IDS systems. Snort-Sguil IDS is my favorite and has been in my production environment for years. Snort does the monitoring and alerting while Sguil provides a GUI Interface for IDS. There are other components running on the sensor that feeds additional information to the GUI. All software components are available free of charge, except the OS. I haven’t tried, but you should be able apply the same setup to a CentOS box, which is almost like a RedHat without logo. I won’t go into details explaining what each software components are for. Using Barnyard2 in Snort: Open Source intrusion detection system and MYSQL server and client as it shown in the command I provided Also we are going to download a MYSQL library by using one of these commands depends on the operating system. There are many good descriptions on the Internet. A few words to new Sguil users If this is the first time you build Sguil, I suggest that you take a look at first. It’s a nice howto guide for Sguil 0.7, to which I referred when I built my old IDS systems. I like the way the author approached to build a versatile and secure IDS systems, and have followed many good ideas in the howto guide. You should also be familiar with the. As far as I know, the basic data flow stayed same from 0.7 to 0.8. Hardware To build and run Sguil, you need: • Sguil Server • Sguil Sensor (with Snort) • Source Compiler to compile source code You can use 3 different machines, or you can combine server and compiler on the same machine.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |