Using BackTrack5 R3 to provide Snort

I am using Oracle VM VirtualBox and the BT5R3-KDE-32.iso


At the menu screen, select Default Boot Text Mode, and wait for terminal screen to load.

startx [Enter] to get to the GUI.

Click the Install BackTrack  icon






----
Thanks

http://www.backtrack-linux.org/wiki/index.php/VirtualBox_Install
http://www.backtrack-linux.org/wiki/index.php/Install_BackTrack_to_Disk

Snort little piggy

Install default Ubuntu 12.04 Server

sudo su

apt-get update
apt-get upgrade


Install SSH to enable remove admin

sudo apt-get install  openssh-server

From a putty session


apt-get install mysql-server nmap nbtscan apache2 php5 php5-mysql php5-gd libpcap0.8-dev libpcre3-dev g++ bison flex libpcap-ruby make zlib1g-dev libmysqld-dev libdnet libdnet-dev libpcre3 libpcre3-dev gcc make flex byacc bison linux-headers-generic libxml2-dev libdumbnet-dev zlib1g zlib1g-dev

Enter and confirm a MySQL password

mkdir /usr/local/src/snort
cd /usr/local/src/snort

wget http://www.snort.org/dl/snort-current/daq-2.0.0.tar.gz

tar -xvzf daq-2.0.0.tar.gz


cd daq-2.0.0
./configure

make

make install

cd /usr/local/src/snort

wget http://www.snort.org/dl/snort-current/snort-2.9.4.5.tar.gz

tar -zxvf snort-2.9.4.5.tar.gz

cd snort-2.9.4.5

./configure --prefix /usr/local/snort && make && make install

groupadd snort

useradd -g snort snort

ln -s /usr/local/snort/bin/snort /usr/sbin/

ln -s /usr/local/snort/etc /etc/snort

cd /usr/local/src/snort

wget -O snortrules-snapshot-2941.tar.gz http://www.snort.org/reg-rules/snortrules-snapshot-2941.tar.gz/9efdb56ce6e1409f2c3904c284bd1af8d506d6e4

--
Thanks

http://wiki.aanval.com/wiki/Community:Snort_2.9.2.3_Installation_Guide_for_Ubuntu_12.04,_with_Barnyard2,_Pulledpork,_and_Aanval#Setup_the_network_interface_you_will_be_using_for_sniffing_traffic_in_promiscuous_mode

https://github.com/da667/Autosnort

Adding DionaeaFR

following the 3 minute script.

apt-get install unzip
apt-get install make

apt-get install git
apt-get install python-netaddr


aptitude install g++
apt-get install npm

9) (optional) Edit DionaeaFR’s settings file located at /opt/DionaeaFR/DionaeaFR/settings.py. There you might want to change line 17 that points to Dionaea’s SQLite db. If you have followed the official installation guide for Dionaea this is already correct.




change /opt/dionaea/var/dionaea/logsql.sqlite to /var/dionaea/logsql.sqlite

---
Thanks

https://github.com/andrewmichaelsmith/honeypot-setup-script/
http://bruteforce.gr/visualizing-dionaeas-results-with-dionaeafr.html

Automatic Honeypot Setup Script

Now looking at a system to add honeypot to an Ubuntu server.

The write up says 3 mins to get it going, so well worth a look see

First get the Ubuntu -12.04.1-server-amd64.iso

Perform a default install.

After install and first logon, wget is not yet available.

sudo bash
apt-get update
apt-get -f install
apt-get install wget

wget -q https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/setup.bash -O /tmp/setup.bash && bash /tmp/setup.bash

---
Thanks


http://www.ubuntu.com/download/desktop/alternative-downloads

http://andrewmichaelsmith.com/2013/01/automatic-honeypot-setup-script/

http://serverfault.com/questions/131816/how-to-install-wget-on-this

DionaeaFR

A graphical Front end to Dionaea.

Been investigating Honeydrive http://bruteforce.gr/honeydrive

Linux static address

edit /etc/network/interfaces

auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1


Restart the neworking service using the following command
/etc/init.d/networking restart


---
Thanks

http://www.ubuntugeek.com/change-ubuntu-system-from-dhcp-to-a-static-ip-address.html

OpenVAS Security Scanner

Install CentOS 6.3 from the ISO:http://www.mirrorservice.org/sites/mirror.centos.org/6.3/isos/i386/CentOS-6.3-i386-bin-DVD1.iso

when built

ifup eth0

The follow

http://www.openvas.org/install-packages.html#openvas_centos_atomic


yum -y install wget

wget -q -O - http://www.atomicorp.com/installers/atomic |sh


yum install openvas -y

openvas-setup





---
Thanks

http://www.blogger.com/blogger.g?blogID=79461662083673586#editor/target=post;postID=7180450781596906845
http://www.openvas.org/install-packages.html#openvas_centos_atomic

Install a graphical interface on Ubuntu

rrdtool@ubuntu:~$ sudo apt-get install xinit


sudo startx

Useful links

http://andrewmichaelsmith.com/2012/02/quick-install-of-dionaea-on-ubuntu/

Set Linux time / date

Have noticed that virtual machines may not have the same time as host.

So, some systems like OpenVAS may not allow logons.

to set the time use

# date +%T -s "10:13:13"

or for time and date

sudo date newdatetimestring

where newdatetimestring has to follow the format nnddhhmmyyyy.ss which is described below

• nn is a two digit month, between 01 to 12
• dd is a two digit day, between 01 and 31, with the regular rules for days according to month and year applying
• hh is two digit hour, using the 24-hour period so it is between 00 and 23
• mm is two digit minute, between 00 and 59
• yyyy is the year; it can be two digit or four digit: your choice. I prefer to use four digit years whenever I can for better clarity and less confusion
• ss is two digit seconds. Notice the period ‘.’ before the ss.

Let’s say you want to set your computer’s new time to December 6, 2007, 22:43:55, then you would use:

sudo date 120622432007.55

date mmddhhmmyyy




---
Thanks to
http://lists.wald.intevation.org/pipermail/openvas-discuss/2011-June/003128.html
http://www.cyberciti.biz/faq/howto-set-date-time-from-linux-command-prompt/
http://codeghar.wordpress.com/2007/12/06/manage-time-in-ubuntu-through-command-line/