Posted on Wednesday, 23rd September 2009 by Michael
Instant IDS v1.0
Instant IDS v1.0 is a custom shell script that will automatically download, configure and run Snort IDS and BASE web gui.
Though this script has been tested in-depth I the author do not guarantee it will work and or not harm your system. Since this is a shell script and can be easily edited I strongly suggest that you don’t download it from any site but http://www.digitaloffensive.com. Please note that IDS systems need to configure to properly work in your environment. Until they are tuned you may receive false positives.
This script has been tested in-depth on CentOS 5.0, Fedora Core 7 and Fedora Core 6. This script should work on any other Linux flavor that makes use of yum and chkconfig.
This script currently makes use of the snort 2.7 and the rules that were released with this version. We do not download new rules for you as Snort requires a user account to download newer rules. We strongly suggest that if you like the Snort product that you subscribe to their subscription rule base service to receive new rules faster.
What is needed?
a) A default install of Linux with gcc (no need to choose http, mysql or anything like that)
b) A Internet Connection
What Does Instant IDS provide you?
Instant IDS provides you with a fully functional IDS system in minutes. The script will download all needed services, libraries and packages that are needed. It will install and configure each of these items based on the underlying operating system. It will also configure and start the needed services based on user input. Once done it provides you with a fully working IDS system running Snort, MySql and BASE.
What are we planning to do in the future?
Since 96% of the script pulls the newest packages using yum we plan to make sure that we keep the script up to date as new versions of Snort, Base and Libpcap are released. We plan to make the script more customizable by introducing the ability to configure variables. We plan to add more advance means of error checking and improve the code. We also plan to have it lock down the box as much as possible based on user input. With all this said we rely on the users of the script to tell us what they like and don’t like and what they would like us to do in future releases.
How to use Instant IDS
a) cd /root
b) wget http://www.digitaloffensive.com/snort/snort.sh
c) chmod 777 snort.sh
d) ./snort.sh
e) Answer the questions that you are prompted with. Please make sure that if you are using a subnet that you enter it as xxx.xxx.xxx.xxx\\/24 ß or whatever class it is.
f) The wait value you enter will give you some time to make sure there is no show stopping errors, some warning are ok. This is only to be used if there is a major issue and a library or application does not install or compile. If you see a major issue press ctrl +c to cancel the rest of the install.
g) Once instant IDS is installed we suggest you lock down your machine, here are a few examples:
a. Firewall the machine.
b. Disable root ssh access.
c. Create a mysql root password.
d. Update the systems patches
e. Disable unneeded services.
This script is released freely we ask that you keep the original authors information in it though you have right to modify the script as you see necessary. This script may not be sold.
Posted in Code | Comments (0)