Focus on IDS
IPS-Builder Aug 11 2009 05:38PM
Augusto Pereyra (aepereyra gmail com) (1 replies)
Hi list:

I' d like to share with all, this script made by me based on root0
script for ips instalation.
This script was tested on fedora 9 but it should work in fedora 10 too.
You need 3 network interfaces (One for management and two for the bridge)
I

When the script finish his execution you will have an IPS with the
following description:
Detection engine:
-Snort
-Easy Update of rules using oinkmaster.pl (just run sh /sbin/oink)
Blocking method (interact with IPtables):
-Quarentine
-Reset Layer 2
How is connected?
-It works as an ethernet bridge using brctl in two interfaces to do it.
-This have a management interface.
Alert Mangement:
-BASE (Logged in mysql)
-Syslog (optional)
System Management:
-Webmin (only from localhost)
-SSH (only in management interface)
Extra
-Startup scripts
-Rule Configuration script (iptsamconf.sh) //this was downloaded from
http://www.root0.net/
It works greate protecting virtual machines
When you config the vmware interfaces for example put one of the NIC
of the bridge in VMNET7 and the other must be set as a bridged
In the next step you must connect all the vmware machines that you
want protect connected to VMNET7
Thats it. All machines in vmnet7 will pass throw the bridge to reach
the real network and the trafic will be analized by snort.

To do
-Daily reports by mail
-Will detect attacks over SSL
-Rule Configuration interface
-Thats it.

You can download it from
http://code.google.com/p/ips-builder/downloads/list

This is just the beta version.
Please send me comments, questions or bugs to aepereyra at gmail dot com

Enjoy
Augusto Pereyra

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]
Re: IPS-Builder Aug 13 2009 12:55AM
BlueT (bluet bluet org)


 

Privacy Statement
Copyright 2010, SecurityFocus