Saturday, April 13, 2013

New AS release, New init scripts, bug fixes and more!

Hello AS users,

Got a lot to talk about today, so let's get down to business:

First and foremost I've finally gotten around to writing half-decent documentation for autosnort. I've pushed a pdf file to github featuring documentation with screenshots on how to install Autosnort via vmware player, including an interesting hack on how to get bridging to work on multiple interfaces on vmware player 5.

I chose CentOS as the vmware player operating system, but the instructions should be easy to follow for Debian Ubuntu or Backtrack. Any major differences were noted. All said and done it was about 23 pages of documentation with screenshots peppered in.

I focused on using VMware player this time around, and generally speaking the VMware player guidance can be used just as well for VMware Fusion or Workstation. I may do an alternate document for ESXi and/or Virtualbox in the near future.

I've also included general troubleshooting steps and things you *should* see after running autosnort.

Next in line is an update to the autosnort script for Debian, Ubuntu, and CentOS. Banyard2.13 BETA2 has changed how barnyard2 behaves. As a result of this, I had to change how arguments are passed to barnyard2 in Autosnort. The details are available for each operating system's readme files. Suffice to say, everything works fine now.

Finally, I've gotten around to testing and posting init scripts for Ubuntu and Debian to control snort and barnyard2. The Ubuntu and Debian init scripts support start, stop and restart functions and are pretty easy to implement. Implemtation details are also available via the Readme files for Ubuntu and Debian Autosnort scripts, but suffice to say, its incredibly easy.

I may release a modification to the init script that detects if you installed aanval and automatically start/stop the BPUs along with snort and barnyard2, but that will come a little later.

The documentation, new scripts, readmes and init scripts should all be available via github as of now.

Cheers,

DA

3 comments:

  1. Hi, used your code. It ran well.

    A bug report tho.
    The only problem was that for the ubuntu version before installing snort report or aanval, it was not in the autosnort ubuntu folder. I had to add 'cd [autosnort ubuntu folder]' to make it work.

    Thanks for the wonderful script!

    ReplyDelete
  2. Hey Niklas,

    Glad to hear that It works well for you. Can you elaborate on the bug/problem you experienced? I would like to fix it for future users.

    Are you saying that the snortreport/aanval scripts were not in the Ubuntu folder when you downloaded it from github, or that the script wasn't able to find the scripts?

    Contact me offline at deusexmachina667@gmail.com or if you prefer, you can add a bug report to the github.com project. Please be as detailed as you can.

    Regards,

    DA_667

    ReplyDelete
  3. I'm very sorry that I can't reply to email right now.

    But you understand it correctly, it could not find the snortreport or aanval scripts because the bash in execution was not in the autosnort ubuntu folder, so I had to change directory before proceeding on.

    So it's the 2nd case.

    ReplyDelete