|
Anyone know any good GUI frontends for Snort?
|
# ¿ Mar 30, 2007 02:37 |
|
|
# ¿ Apr 26, 2024 05:31 |
|
Alowishus posted:BASE? Or do you mean fat native desktop GUI? I meant anything. I'll give BASE and ACID a try once I get Fedora up and running. Right now I'm working in a VM only and having some trouble with Fedora 6 (in parallels on a MBP).
|
# ¿ Mar 31, 2007 03:22 |
|
I'm running Fedora 6 with three NICs and I'm having a little trouble bonding two of them. Interface eth0 is the normal, connected to the switch line. Interfaces eth1 and eth2 are each taking a line from a network tap (homebrew passive network tap) that sits between my DSL adapter and router. eth1 is taking the receive side and eth2 is taking the transmit side. I want to bond these for easier use in Snort (single interface vs multiple). Starting from scratch everything went well. I followed the instructions at http://www.cyberciti.biz/tips/linux-bond-or-team-multiple-network-interfaces-nic-into-single-interface.html and everything worked fine the first time. The only difference was when I did it then, I issued the command "modprobe bonding", which I didn't not do during the next boot (obviously). So I have the /etc/sysconfig/network-scripts/ifcfg-bond0 created, edited ifcfg-eth1 and -eth2, and edited /etc/modprobe.conf just as the instructions said. I ran the "modprobe bonding" command, then "service network restart" and it was all great. I reboot the machine and on boot I get down to the network startup. It starts by attempting to enslave eth1 to bond0, but then I get: code:
I've had a mix of either eth1 or eth2 "not being present". If it helps any, eth1 is the on-board NIC on the motherboard. eth2 is a USB NIC. The both work separately if I set it up that way. I set it up separately at first and checked the lines with Ethereal and saw plenty of traffic flowing. I just can't get the bond interface to work correctly. Any suggestions? If needed I can post my ifcfg and modprobe.conf files.
|
# ¿ Apr 15, 2007 21:07 |
|
dfn_doe posted:I'm curious what exactly you hope to accomplish with this setup. This sounds like an entirely overly complicated network setup. What could there possibly be to gain by splitting your upstream and downstream traffic across two bonded nics and then uplinking them to a router which goes to a connection which cannot possible under even the best circumstances come close to saturating even a single 100fdx nic? I think you have it backwards. I'm tapping the DSL to Router connection with a homebuilt passive tap. I'm feed that into the Fedora machine and monitoring it with Snort. But it is purely academic. I'm not really worried about people on my network. I'm just trying to learn and explore. I'm not splitting the upstream and downstream because I want to. It's the only way I could find to build a tap. If I could mirror/SPAN a port on my router/switch I'd do it that way. If you have a solution for doing that on DD-WRT, I'm all ears. Basically, I want a way to realistically play with Snort, Ethereal, OSSIM and other network security tools on my local network. So far, this is the only way I've found to get all traffic on my network.
|
# ¿ Apr 16, 2007 01:34 |
|
Stupid, simple question probably, but I can't find anything reliable. How do you run an app in Gnome as root. As a regular user, I want to run Wireshark as root. Basically a graphical sudo. I can't find a decent solution, however. Anyone have any suggestions?
|
# ¿ Aug 29, 2008 04:53 |
|
Ashex posted:gksu/gksudo What distro are you using? Those don't seem to be well supported in Fedora 9. And the consolehelper solution isn't working well either.
|
# ¿ Aug 29, 2008 05:31 |
|
rugbert posted:thats weird, I LOVE gnome and dont feel like its stale at all. Then again, I havent used KDE in a long rear end time, whats cool about it now? I'm with you there. Many of my co-workers prefer KDE, but it always feels old fashioned to me. Probably because one of our generic builds uses KDE on Slackware and Slackware was the first Linux I ever used (hello box of 50 floppies). Since picking up RedHat and transitioning to Fedora, I've just gotten much more accustomed to Gnome. I think it's just personal preference.
|
# ¿ Oct 20, 2008 17:24 |
|
I'd like to differentiate some characteristics between my USB mouse and touchpad in Fedora 10 on my Dell D820. I've read a few partial solutions, but can't find a complete how-to like reference. For instance, I'd like the pointer speed to be different when using an external mouse than when using the touchpad. Can anyone point me in the right direction or give a tutorial?
|
# ¿ Feb 10, 2009 18:26 |
|
Theseus posted:So I booted from the Live CD and as I suspected I can't quite figure out how to access the wireless. I can get a wired connection with no problems whatsoever. I've posted a thread in the Haus if anyone can help. What type of wireless card are you using? I have a Dell D820 at work and run Fedora 10. It has a Dell wireless card that doesn't work at all with the stock drivers. None of the Dells I have work well with the stock Broadcom drivers. I have to load up NDISWrapper, which is pretty easy. On the other hand, my personal Sony laptop has and Intel wireless card which works flawlessly with a stock Ubuntu or Fedora install. You should be able to install NDISWrapper in a Live CD, but it won't stick between reboots. Google and NDISWrapper HOWTO for more information.
|
# ¿ May 7, 2009 04:06 |
|
kyuss posted:There's sufficient info on creating your own custom Ubuntu Live CD on the web. I tried this last year and it was a breeze. Good point. I know Slax is pretty easy to customize a Live CD or USB. I've never attempted it, however.
|
# ¿ May 10, 2009 04:12 |
|
Kaluza-Klein posted:Can some one confirm/disconfirm for me that the following setup would be "mostly" secure? Bots will attempt to brute force your SSH server. Setup some sort of fail2ban+denyhosts solution at a minimum. Also disallow root from connecting remotely via SSH as well. Edit: also thoroughly test any web application you host. See OWASP (http://www.owasp.org) for some guidance there. Postal fucked around with this message at 23:48 on Jul 1, 2009 |
# ¿ Jul 1, 2009 23:46 |
|
Kaluza-Klein posted:Ah yes, I do have denyhosts setup. I only use fail2ban for my SSH server. I'm not sure if/how it would be setup for any other service. It is geared around logs, so if your PHP app logged in some sort of syslog format, you could probably set it up to be watched by fail2ban. But that's probably not the case, and also probably more trouble than it's worth. My web server only runs very simple apps or file repositories. My hosts.deny file has grown rather large since I started using it just for SSH, though. Seems there are always people trying to brute force my SSH server. Another thing to do is disable anything that isn't necessary. I doubt you need the RPC services, NFS, etc.
|
# ¿ Jul 2, 2009 14:15 |
|
Zom Aur posted:They're guessing. It's just a script. Either install fail2ban or just change the default port. fail2ban works well and allows you to keep addresses open for you to connect from other locations. If you have a small set of locations you access from just put those in your /etc/hosts.allow file and put sshd: ALL or ALL: ALL in your /etc/hosts.deny file
|
# ¿ Aug 20, 2009 20:39 |
|
Wicaeed posted:
You don't need the wildcard in the if option. code:
If you want "Sony Vaio HDD Image" to be a directory name, use something like this: code:
|
# ¿ Sep 9, 2009 02:38 |
|
Xenomorph posted:I had a lot of fun poking around Slackware back in the 1990s. I was so excited when I got 3.3 on CD (I had only used Floppy installs before). I remember the Box O' Fifty Floppies(TM). I had a blast blowing away my 386 and installing Slackware or SLS.
|
# ¿ Jun 8, 2011 19:46 |
|
nitrogen posted:Considering how Gnome has been going, pissing everyone off is their S.O.P., so i would not be surprised. This was my first thought when I read that earlier post as well. Seems like they are trying to run themselves into the ground.
|
# ¿ Oct 16, 2011 14:55 |
|
dolicf posted:Don't go with 6.x, though, do 5.x if you can. Just out of curiosity, why do you say this? Are there notable problems in 6? I haven't run CentOS since version 5.5.
|
# ¿ Oct 23, 2011 22:04 |
|
nitrogen posted:Can I just say that I LOVE xfce? That was my move as well with the demise of GNOME.
|
# ¿ Dec 29, 2011 01:19 |
|
Bob Morales posted:Blowing away a perfectly fine install of Ubuntu 10.04 to try Arch. That is somewhat my thought as well. On the other side, I've never had a problem dist-upgrading Ubuntu yet. So I don't have a huge need to build a whole system from scratch like that. Plus, whenever I play with Arch, I can't get it all nice and polished like Ubuntu or even Fedora.
|
# ¿ Dec 29, 2011 01:44 |
|
spankmeister posted:Yeah if you run SSH open to the internet port scanners WILL find you and they WILL try to bruteforce you. A better solution would be to disable root logins through SSH and use a regular account to connect. Edit /etc/ssh/sshd_config (or the same file in the appropriate location for your distro) and ensure the following line is set appropriately: PermitRootLogin no Then setup your /etc/sudoers so that you can sudo from your regular account to do anything you'd do as root. The fail2ban (or alternatively denyhosts) recommendation is good in addition to this. You can set the number of failed attempts and then ban that IP from connecting using either hosts.deny or firewall rules. Additionally, if you want visibility into your system, setup logwatch and have it email you daily summaries of system activity. There is a section for sshd that will show you IPs and usernames attempted.
|
# ¿ Feb 20, 2012 15:45 |
|
spankmeister posted:Yeah I agree completely but didn't want to go into it. I don't get many chances to nerd out in Linux security any longer, so I take them where I can get them.
|
# ¿ Feb 20, 2012 16:02 |
|
Longinus00 posted:While getting laughed at for talking about RHEL is weird there's nothing inherently wrong with using ubuntu server in production. Yes, but wouldn't you want the LTS version? 11.04 isn't LTS and it's not even the most recent version.
|
# ¿ Apr 6, 2012 02:12 |
|
Longinus00 posted:Why is it so hard to believe people purchase support for RHEL? The US military buys into RHEL big. There is a prevailing idea that we cannot use free software. We must pay something for it. And we also don't want to train our users/maintainers very well to support it, so support contracts are vital to keeping things going.
|
# ¿ Apr 13, 2012 15:03 |
|
|
# ¿ Apr 26, 2024 05:31 |
|
evol262 posted:IRIX? The US Air Force still uses it in some space ground systems.
|
# ¿ May 10, 2012 19:31 |