Scribd Logo
Importer

Bienvenue sur Scribd !

  • Prelude Sous Ubuntu 14 - 04

    Transféré par

    sevemasse
    187 vues5 pages
    Prelude is an open source security information and event management (SIEM) system that collects and analyzes security events from various intrusion detection systems. This document provides steps to install Prelude and the Suricata network intrusion detection system on an Ubuntu server, and configure them to integrate so that Suricata events are sent to Prelude. Key steps include installing Prelude, Suricata, and their dependencies; configuring Suricata to send alerts to Prelude; and registering Suricata with Prelude. Once configured, Prelude can provide a centralized interface for viewing security events from Suricata.

    Description originale:

    linux

    Titre original

    Prelude Sous Ubuntu 14_04

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Prelude is an open source security information and event management (SIEM) system that collects and analyzes security events from various intrusion detection systems. This document provides steps to install Prelude and the Suricata network intrusion detection system on an Ubuntu server, and configure them to integrate so that Suricata events are sent to Prelude. Key steps include installing Prelude, Suricata, and their dependencies; configuring Suricata to send alerts to Prelude; and registering Suricata with Prelude. Once configured, Prelude can provide a centralized interface for viewing security events from Suricata.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    187 vues5 pages

    Prelude Sous Ubuntu 14 - 04

    Transféré par

    sevemasse
    Prelude is an open source security information and event management (SIEM) system that collects and analyzes security events from various intrusion detection systems. This document provides steps to install Prelude and the Suricata network intrusion detection system on an Ubuntu server, and configure them to integrate so that Suricata events are sent to Prelude. Key steps include installing Prelude, Suricata, and their dependencies; configuring Suricata to send alerts to Prelude; and registering Suricata with Prelude. Once configured, Prelude can provide a centralized interface for viewing security events from Suricata.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 5

    Enthusiast of Computer Networking

    2014 8 21

    Installing Prelude (HIDS) with Suricata NIDS from packages on Ubuntu-


    14.04.1-desktop-amd64
    Prelude is a Universal "Security Information Event Management" (SIEM) system. It collects,
    archives, normalizes, sorts, aggregates, correlates and reports all security-related events
    independently of the product brand or license giving rise to such events. Prelude will allow to
    log all of the events to the prelude database and be consulted using one interface
    (prewikka). Shortly, we can monitor a number of IDSs on the one central interface.

    Prelude simple architecture (Sensor A, B, C could be Snort, Suricata, OSSEC, SanCP)

    At first time, I had some mysql version and root user related errors, but it is solved by
    removing previous mysql-servert. #sudo apt-get purge mysql-server (If you installed mysql
    before on you pc). One more thing is do not upgrade the ubuntu, bcz of this version related
    error!!!

    Followings are simple steps to setup Prelude HIDS


    1. # sudo su (change user to root)
    2. # apt-get update
    3. # apt-get install ntpdate
    4. # apt-get install dbconfig-common
    5. # apt-get install rng-tools (Edit vi /etc/default/rng-tools -
    >HRNGDEVICE=/dev/urandom)
    6. # apt-get install mysql-server (remember root password!!!)
    7. # apt-get install prelude-manager
    8. # vi /etc/default/prelude-manager ->RUN= yes
    9. # vi /etc/prelude-manager/prelude-manager.conf (change the default listen
    address into th sensor IP)
    10. # vi /etc/prelude/default/client.conf (change the server IP into your IP)
    11. # /etc/init.d/prelude-manager stop
    12. # /etc/init.d/prelude-manager start 22
    13. # ps auxw | grep manager prelude 13178 0.0 0.2 213596 2708 ? Ssl 15:01 0:02
    /usr/sbin/prelude-manager -d -P /var/run/prelude-manager.pid 23
    14. # netstat -pantu | grep
    prelude tcp 0 0 192.168.10.155:4690 0.0.0.0:* LISTEN 13178/prelude-
    manag 24
    15. Need to install prelude-lml on every host you want to monitor. Prelude-LML will
    analyze your logs and reports event to the managers. # apt-get install prelude-
    lml
    On the LML client, run the register
    command:
    #prelude-addmin register prelude-lml "idmef:w" <manager address> --uid 0 --
    gid 0 On the manager, run the
    following:
    #prelude-adduser registration-server prelude-manager
    26
    16. # /etc/init.d/prelude-lml
    start
    Starting Prelude LML: prelude-
    lml 27
    17. # ps auxw | grep
    lml
    root 1946 0.3 0.0 20856 3424 ? Ss 14:35 0:00
    /usr/bin/prelude-lml -d -q -P /var/run/prelude-lml.pid 28
    18. # apt-get install prewikka
    19. Get the password from prelude-manager configuration file /etc/prelude
    manager/prelude-manager.conf and edit prewikka configuration
    file /etc/prewikka/prewikka.conf: #vi /etc/prewikka/prewikka.conf (change
    idmef_database pass!!!)
    20. # apt-get install libapache2-mod-python
    21. # apt-get install apache2
    22. # vi /etc/apache2/sites-available/prewikka (put
    following) <Virt
    ualHost *:80>
    Setenv PREWIKKA_CONFIG "/etc/prewikka/prewikka.conf"
    <Location "/">
    AllowOverride None
    Options ExecCGI
    <IfModule mod_mime.c>
    AddHandler cgi-script .cgi
    </IfModule>
    Order allow,deny
    Allow from all
    </Location>
    Alias /prewikka/ /usr/share/prewikka/htdocs/ ScriptAlias / /usr/share/prewikka/cgi-
    bin/prewikka.cgi
    </VirtualHost>
    23. # chmod 766 /etc/prewikka/prewikka.conf
    24. # a2dissite
    25. # a2ensite 000-default default-ssl
    26. # /etc/init.d/apache2 reload
    27. # prewikka-httpd
    28. On the browser localhost:8000 or "manager ip":8000
    3rd party agent installation (Installing Suricata and configuring it for Prelude)
    1. #apt-get install suricata
    2. Edit /etc/suricata/suricata-debian.yaml file to enable prelude alert
    : #vi /etc/suricata/suricata-
    debian.yaml

    3. - alert-prelude:

    4. enabled: yes

    5. profile: suricata

    6. log-packet-content: yes

    log-packet-header: yes

    7. Registering Suricata
    profile
    On the suricata host
    :
    # prelude-admin register suricata "idmef:w" <manager IP
    address> --uid 0 --gid 0 On the Prelude-
    Manager host
    :
    # prelude-admin registration-server prelude-
    manager After
    your RSA key creation, a password is generated. Paste it from the second terminal to
    the first terminal, then confirm the registration on the second
    terminal
    8. Running
    Suricata
    # LD_LIBRARY_PATH=/usr/lib /usr/bin/suricata -c
    /etc/suricata//suricata-debian.yaml -i eth0
    9. Do step 25-28 again
    1. http://www.prajalkulkarni.com/2012/10/easy-steps-to-set-up-your-own-
    prelude.html
    2. http://www.howtoforge.com/snort-ossec-prelude-on-ubuntu-gutsy-gibbon
    3. https://www.prelude-ids.org/wiki/prelude/InstallingPackageDebian

    : Jargalsaikhan jax : 8:56


    BlogThis!Twitter Facebook Pinterest

    :
    .

    : (Atom)
    ABOUT ME

    11 (1)

    8 (1)
    7 (2)
    10 (1)
    9 (1)
    7 (5)
    Picture Window . : enot-poloskun. Blogger .

    Vous aimerez peut-être aussi