Log in

No account? Create an account
entries friends calendar profile adric.net Previous Previous Next Next
Some SO beta sucesses monitoring home lab network - nil.enroll(aetheric_username, quantum_class_id) — LiveJournal
yljatlhQo'! QIch lo'laltbebej!
Some SO beta sucesses monitoring home lab network

Having all but wrapped up my studies of SEC 503 and stealing a few hours from SEC 401 (teaching it Tuesday nights) and Liar and Outliers (reading a review copy) this afternoon I made good progress with Security Onion 12.04 beta which I've been fooling around with on the lab network at home.

I've got SO beta running monitoring two network interfaces, with Snorby, Squert, squil, and even ELSA all working in their most basic forms. This is all credit to the Onion but I've fussed with previous betas for quite a while off and on trying to get it all up and running so that was pleasant to finally achieve.

I finally found and applied the patch that let's sguil pivot to Wireshark on Windows. This makes sguil even more awesome, though it's age is starting to show. It requires an older version of Tcl/Tk to run and has no IPv6 support :(

I've added some trivial rules to local.rules. All of the tools are seeing them and alerts fire, are categorized, hit the database , show up in reports, as expected. Sguil even gets the rule definitions and pcaps, though snorby doesn't like to find my rule definitions. As above this is exactly what is supposed to happen, but it's cool to be able to add rules, reload the rule configs, reload web pages and see the alerts register. I should be able to make more sophisticated rules using what I learned in SEC 503 when I bring the books home.

So, what did you do on Saturday?

Tags: , ,

1 comment or Leave a comment
From: lafemmedesfemme Date: November 4th, 2012 01:44 am (UTC) (Link)

you know that hurricane that happened up north? well, i managed to get a job from it. i'm temping with a private insurance adjuster helping to input initial loss reports. it'll only last maybe two weeks, possibly up to a month, but it'll get me that much closer to january. :-)
1 comment or Leave a comment