Configuring PC Engine running Voyage Linux as IDS

====install from linux

running ubuntu live

errors:
find proper /dev/sda  by using (ubuntu>Preferences>Disk Utility)
errors:
This disk is currently in use – repartitioning is probably a bad idea.

! may have to unmount volume first

solve: $sudo passwd root
logout, login as root

—add additional programs using apt

>apt-get update
>apt-get install nano

—change hostname

/etc/hostname
/etc/init.d/hostname.sh

—change IPs by editing the

/etc/network/interfaces

#eg:
#auto eth2
#iface eth2 inet dhcp
#
#auto eth3
#iface eth3 inet static
# address 10.1.40.1
# netmask 255.255.255.0
# broadcast 10.1.40.255

After changes you will need:
/etc/init.d/networking restart

—snort—
/etc/snort
snort.conf

#var RULE_PATH /etc/snort/rules
#output alert_syslog: host=10.10.50.200, LOG_AUTH LOG_ALERT
#include $RULE_PATH/unicast.rules

rules/unicast.rules

# Ignore traffic from the following hosts
#pass ip [10.10.102.159,10.10.50.55] any -> any any
# Alert on ICMP traffic
#alert icmp any any -> any any (sid:500;)

—syslog—
/etc/syslog.conf

#restart syslog
/etc/init.d/sysklogd restart

Advertisements