Rapid installation of the visual IDs system

Rapid installation of the visual IDs system

This section for you to introduce the software called security onion Onion, root ossim like, it is based on debianlinux system, the internal integration of a lot of open source security tools, NIDS, HIDS, various monitoring tools, and so on, let's take a look at how it does defense in depth.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/82/0C/wKiom1dJBNzxxVBkAAF_icwFlK0877.png "title=" Aaeaaqaaaaaaaae1aaaajdy4otixmzhhlwmwotmtngzhzc05mwm1ltdkztq0ytvjmgnmyq.png "alt=" wKiom1dJBNzxxVBkAAF_ Icwflk0877.png "/>

In order to understand this system, we must first teach Xiao Bai how to quickly install this set of available IDs system. The ISO installation file (: https://sourceforge.net/projects/security-onion/) for the experiment should be prepared first. Then do the following:

1. Install so on the hard drive

Boot the system from so's ISO file, select Live, then wait to boot to the desktop environment and click the Install icon to follow the prompts for system installation. The installation completes rebooting the system.

Then use the following command

$sudo apt-get update && sudo apt-get dist-upgrade (update installed software).

Just after the system is installed, it will enter the system to start the Xfce desktop.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image002 "border=" 0 "alt=" clip_ image002 "src=" http://s3.51cto.com/wyfs02/M01/82/0C/wKiom1dJAfSitIIgAACnthroNBQ696.jpg "height=" 401 "/>

Figure 1

Click Setup to prompt for a password.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image004 "border=" 0 "alt=" clip_ image004 "src=" http://s3.51cto.com/wyfs02/M01/82/0A/wKioL1dJAu7Dhz1-AABhdV2mO64189.jpg "height=" 401 "/>

Enter the login password for the current user and you will see the Welcome screen of the security Onion Setup, click yes,continue! Button.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image005 "border=" 0 "alt=" clip_ image005 "src=" http://s3.51cto.com/wyfs02/M02/82/0A/wKioL1dJAu_g_aPmAAClYTgPOSE258.png "height=" 177 "/>

Next, Configure the network interface .

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image007 "border=" 0 "alt=" clip_ image007 "src=" http://s3.51cto.com/wyfs02/M00/82/0C/wKiom1dJAfjj_IN-AACOmeG_cqg926.jpg "height="/>

At this point the system will automatically optimize your network card, including disabling some features that may interfere with monitoring. For more information, if you choose No,not right now, you will manually configure your management and listening interfaces. In general, we still choose Yes,configure/etc/network/interfaces.

2. Select the Management interface

Usually, the system will default to the first network card is set as the management interface, if there is only one NIC, then the management interface and monitoring interface is merged.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image009 "border=" 0 "alt=" clip_ image009 "src=" http://s3.51cto.com/wyfs02/M01/82/0C/wKiom1dJAfmRS-BoAAAoZUz5HqY785.jpg "height=" "/>"

When you click the OK button, you usually need to specify a static IP address for the NIC. Select DHCP to get automatically unless you have configured static mappings in DHCP.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image010 "border=" 0 "alt=" clip_ image010 "src=" Http://s3.51cto.com/wyfs02/M00/82/0C/wKiom1dJAfqyzgj6AACXSoyaW5A821.png "height=" 217 "/>

Specify IP

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image011 "border=" 0 "alt=" clip_ image011 "src=" Http://s3.51cto.com/wyfs02/M02/82/0C/wKiom1dJAfvxV3BbAAB7jklFv5k756.png "height=" 131 "/>

Click OK, and then specify the mask.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image012 "border=" 0 "alt=" clip_ image012 "src=" http://s3.51cto.com/wyfs02/M00/82/0A/wKioL1dJAvTis_hZAABoift8M7A395.png "height="/>

Click OK, and then set the gateway.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image013 "border=" 0 "alt=" clip_ image013 "src=" Http://s3.51cto.com/wyfs02/M00/82/0C/wKiom1dJAf6gpYvmAABc9o70-zU132.png "height=" 131 "/>

Click OK to set up DNS.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image014 "border=" 0 "alt=" clip_ image014 "src=" http://s3.51cto.com/wyfs02/M00/82/0A/wKioL1dJAvehC152AABu7Cic3LE527.png "height="/>

After clicking OK, in the popup setting local Domain Name dialog box, we enter the local domain name test.com.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image015 "border=" 0 "alt=" clip_ image015 "src=" Http://s3.51cto.com/wyfs02/M01/82/0C/wKiom1dJAgDjqib7AABgbixwDXE390.png "height=" 131 "/>

After clicking OK, the system gives the network configuration list of the management interface.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image017 "border=" 0 "alt=" clip_ image017 "src=" http://s3.51cto.com/wyfs02/M02/82/0A/wKioL1dJAvqzaYdQAACZi9ue5PM387.jpg "height=" 327 "/>

Click on the Yes,make changest button after checking, and the system prompts you to restart. Click yes,reboot!

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image019 "border=" 0 "alt=" clip_ image019 "src=" http://s3.51cto.com/wyfs02/M02/82/0A/wKioL1dJAvuAugV9AAB3o3sk9xk693.jpg "height=" 241 "/>

Note : To manually modify the network configuration, you can open the/etc/network/interfaces file to edit the configuration of iface eth0 inet static.

Restart the network service after editing is complete.

$sudo/etc/init.d/networking Restart

3. Component Installation

After rebooting the system, we re-enter the system XFCE desktop environment. Select Setup as shown in Figure 1, which pops up in Figure 2 and Figure 3.

Select the Yes,continue button and then eject.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image021 "border=" 0 "alt=" clip_ image021 "src=" http://s3.51cto.com/wyfs02/M00/82/0A/wKioL1dJAvyAM9zQAAA54OlfR_8029.jpg "height=" "/>"

We choose the Yes,skip network configuration, which is recommended for beginners to choose quick configurations.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image023 "border=" 0 "alt=" clip_ image023 "src=" http://s3.51cto.com/wyfs02/M01/82/0A/wKioL1dJAv6DiXj0AADm5gN2K1U112.jpg "height=" 437 "/>

Click OK to continue. Since so is using an e-mail address as an independent authentication mechanism, enter your usual e-mail box below, which will be used by Snorby to generate an alarm log.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image024 "border=" 0 "alt=" clip_ image024 "src=" Http://s3.51cto.com/wyfs02/M00/82/0C/wKiom1dJAgfQNlzsAABnR9LLPwo362.png "height=" 166 "/>

After clicking the OK button, you need to provide the user name of the Sguil module in the NSM component, so it will be used in several other NSM tools. Be sure to remember.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image025 "border=" 0 "alt=" clip_ image025 "src=" Http://s3.51cto.com/wyfs02/M00/82/0A/wKioL1dJAwDCnX1JAACgkzdsCw8358.png "height=" 202 "/>

The user name set in the instance is cgweb.

Note : a naming convention can only be a combination of letters .

After entering OK, select a character-digit password to use for the NSM software certification so installed. You can change the password later through Sguil and Snorby.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image027 "border=" 0 "alt=" clip_ image027 "src=" http://s3.51cto.com/wyfs02/M01/82/0A/wKioL1dJAwLTXekMAABW8NG3AQA474.jpg "height=" 192 "/>

After clicking OK, confirm the password.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image028 "border=" 0 "alt=" clip_ image028 "src=" Http://s3.51cto.com/wyfs02/M00/82/0A/wKioL1dJAwOxe0-hAABjdU6fRrU899.png "height=" 135 "/>

When you confirm the password again, click the OK button, that is, the so NSM application created the voucher, the configuration script will ask you whether you want to install the Enterprise Log Search and archive Elsa.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image030 "border=" 0 "alt=" clip_ image030 "src=" http://s3.51cto.com/wyfs02/M02/82/0A/wKioL1dJAwWS8BITAACs6yy8IiM736.jpg "height="/>

You need to choose yes,enable Elsa,elsa to provide a search engine interface for NSM log data.

At this point, so will prompt the user, ready to change, to see if you agree.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image031 "border=" 0 "alt=" clip_ image031 "src=" Http://s3.51cto.com/wyfs02/M01/82/0A/wKioL1dJAwfinqLbAAGxMq46Hq4046.png "height=" 354 "/>

We choose to continue to change. So to configure the system's time zone, you can use UTC and then install all the NSM applications that are packaged with it.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image032 "border=" 0 "alt=" clip_ image032 "src=" Http://s3.51cto.com/wyfs02/M02/82/0C/wKiom1dJAhDRQMB1AABT2MCfF6M860.png "height=" 119 "/>

The system will then be set automatically, and you can see the installation status report in the/var/log/nsm/sosetup.log file when the settings are complete.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image033 "border=" 0 "alt=" clip_ image033 "src=" http://s3.51cto.com/wyfs02/M01/82/0C/wKiom1dJAhHwW6kmAADpm-4AK_U469.png "height=" 251 "/>

You can use Sostat to check the service health status.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image035 "border=" 0 "alt=" clip_ image035 "src=" http://s3.51cto.com/wyfs02/M02/82/0C/wKiom1dJAhLRHDCAAABFuGxvVPQ518.jpg "height=" 157 "/>

Click OK, and then note the content involved in the management of IDS rules.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image036 "border=" 0 "alt=" clip_ image036 "src=" Http://s3.51cto.com/wyfs02/M02/82/0A/wKioL1dJAwziozkRAAFLvW4pAWQ906.png "height=" 367 "/>

Sites that have problems to access

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image037 "border=" 0 "alt=" clip_ image037 "src=" Http://s3.51cto.com/wyfs02/M00/82/0C/wKiom1dJAhWxtVwYAACuERBy1ik568.png "height=" 262 "/>

4. Check the installation status

When the stand-alone system completes the installation, you should take a look at the installation status, first open the terminal, run the following command to see if the NSM agent is online.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image039 "border=" 0 "alt=" clip_ image039 "src=" http://s3.51cto.com/wyfs02/M00/82/0A/wKioL1dJAw_B5ci-AACcBRwCanI299.jpg "height=" 244 "/>

If you find that a component does not start successfully, you can try the sudo service nsm restart command restart.

In troubleshooting, you also need to verify that the Autossh tunnel to which the sensor is connected to the server is normal.

Note: An IP can only connect to one so server at a time.

5.Web Browser Access

After checking, you can enter the newly assigned IP address in the browser, https://192.168.91.228/will open the Welcome screen as follows.

The first time you log in with your browser, you will encounter a hint that the HTTPS certificate is untrusted because it has no signature.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image041 "border=" 0 "alt=" clip_ image041 "src=" http://s3.51cto.com/wyfs02/M01/82/0A/wKioL1dJAxGwsLQGAADF7p6jaIE115.jpg "height=" 408 "/>

When you click Trust, you won't be prompted again.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image043 "border=" 0 "alt=" clip_ image043 "src=" http://s3.51cto.com/wyfs02/M01/82/0A/wKioL1dJAxOg6_S_AADwqeJpt6M560.jpg "height=" 437 "/>

You can access the Snorby NSM application through this interface, click the Snorby connection and pop up the following interface.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image045 "border=" 0 "alt=" clip_ image045 "src=" http://s3.51cto.com/wyfs02/M02/82/0C/wKiom1dJAhzTK_MqAACGjoYccY0678.jpg "height=" 437 "/>

The interface will display your so IP address and port 444. Snorby will prompt you to enter the email address and password you just made. Click the Welcome,singn in button to log on to the system. Depending on the location of your sensor deployment and the degree of network activity, you can see different traffic information on the control Panel.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image047 "border=" 0 "alt=" clip_ image047 "src=" http://s3.51cto.com/wyfs02/M00/82/0C/wKiom1dJAh-gvVfvAAD5f6vRq9o374.jpg "height=" 437 "/>

If you are interested in the two specific alerts that appear below the screen, click on the entry to view the details. The detailed analysis will be explained in the book "Open Source Safe operation Dimensional plane Ossim best practices".

6. Upgrade Considerations

first you need to understand What is the difference between upgrade and Dist-upgrade.

If you run upgrade, you get a set of options, and selecting Dist-upgrade will result in another set of Xu Xian items.

$sudo Apt-get Upgrade

$sudo Apt-get Dist-upgrade

It is important to note that the update system needs to be overwritten before the system is configured and if you upgrade the system after you have configured the system.

(Distributed IDs installation and debugging is explained next.)

This article is from the "Lee Chenguang Original Technology blog" blog, please be sure to keep this source http://chenguang.blog.51cto.com/350944/1783994

Rapid installation of the visual IDs system