Installing CIF

All done on Ubuntu 12 server.  Pretty much followed this guide: https://code.google.com/p/collective-intelligence-framework/wiki/ServerInstall_Ubuntu12_v1 Ran into a few issues… Had to force some perl modules. cpanm Net::Abuse::Utils –force And version 1.7 of Linux::Cpuinfo wouldn’t install.  Just removed the @1.7. cpanm git://github.com/gitpan/Linux-Cpuinfo.git –force Then you have to grab this Cpuinfo.pm and place it Read more…

Kibana Installation

CentOS6 again. Download the latest version of kibana from http://www.elasticsearch.org/overview/kibana/installation/cd /var/www/ wget http://www.elasticsearch.org/overview/kibana/installation/ tar zxvf kibana* rm kibana*.gz mv kibana* kibana3 Create a kibana configuration file for Apache. <VirtualHost YOURIP:80>  ServerName FQDN   DocumentRoot /var/www/kibana3  <Directory /var/www/kibana3>    Allow from all    Options -Multiviews  </Directory>   LogLevel debug  ErrorLog /var/log/httpd/error_log  CustomLog /var/log/httpd/access_log Read more…

SiLK Installation

All done on CentOS6 There are scripts to automate this, but I like installing everything from source to learn more about the packages. Here’s an example script along with a gui for SiLK rw commands.FlowBat Download the following source code files from the netsa CERT project home page Fixbuf, netsa-python, Read more…

Logstash with Bro

Logstash InstallationThe Logstash package shares the same GPG Key as Elasticsearch, and we already installed that public key, so let’s create and edit a new Yum repository file for Logstash:sudo vi /etc/yum.repos.d/logstash.repo Add the following repository configuration:[logstash-1.4]name=logstash repository for 1.4.x packagesbaseurl=http://packages.elasticsearch.org/logstash/1.4/centosgpgcheck=1gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearchenabled=1 Save and exit.Install Logstash 1.4.2 with this command:sudo yum Read more…

Bro IDS Install

These installs are on the latest CentOS6 as of October 2014. First we have to install PF_RING to take advantage of the performance boost and to load balance bro processes.  Bro is not multithreaded. Package Prerequisites: sudo yum install subversion cmake make gcc gcc-c++ flex bison libpcap-devel openssl-devel python-devel swig Read more…

Elsa To Moloch

Let’s say you’re using Bro, and you have this bad assed app called ELSA to search through the mountains of logs produced. You find exactly what you’re looking for but you need the payload from the stream. One option is to integrate ELSA and Moloch.  It’s super easy. edit /etc/elsa_web.conf Read more…

Secured By miniOrange