Tuesday, January 17, 2006

100th post - OpenBSD Sguil VMimage released

Celebrating my 100th post of the blog with the OpenBSD Sguil VMware Image released, you can just download it from here and load it to your VMplayer now. This release without sguil client installed since I don't want to add X to it. It's about 410MB and I have compressed it using tar and gzip and it is around 105MB after compression. I will start testing Hanashi's InstantNSM and try to release Centos Sguil VMImage as soon as I have time in hand. Below is the info of the OpenBSD Sguil Vmware Image.

Basic Info

System User

Username: root
password: r00t

Username: sguil
password: sguilNSM

Mysql Database

Username: root
password: r00t

Username: sguil
password: sguil

Sguild client User

Username: sguil
password: sguil

Sguil server - pcn0[192.168.0.170]
Sguil sensor - pcn1[192.168.0.171]

/etc/sguild - sguil server configuration
autocat.conf
sguild.access
sguild.conf
sguild.email
sguild.queries
sguild.reports
sguild.users

/etc/sguil - sguil sensor configuration
barnyard-pcn1.conf
sancp.conf
sensor_agent-pcn1.conf
snortrules-pcn1 - directory that storing sensor snort rules and config

/nsm - storing all NSM data
/nsm/mysql - storing nsm mysql database
/nsm/sguild_data - storing sguil server data including archive and rules
/nsm/snort_data - storing intrusion, portscan, session data

To change your Network configuration

Changing NIC's config(/etc/hostname.$NIC storing the NIC config)

shell>echo "inet 192.168.0.x 255.255.255.0 NONE" > /etc/hostname.pcn0

shell>echo "inet 192.168.0.x 255.255.255.0 NONE" > /etc/hostname.pcn1

Changing default router ip(/etc/myfate storing default gateway IP)

shell>echo "192.168.0.1" > /etc/mygate

Changing DNS info(/etc/resolv.conf - similar to linux)

shell>echo "nameserver 1.2.3.4" > /etc/resolv.conf

shell>echo "nameserver 5.6.7.8" >> /etc/resolv.conf


To reset your network config without reboot OS

shell>sh /etc/netstart

You will have to run Sguil server, sensor, barnyard, sancp, snort and mysql by hand, you just have to run the script in /root and /home/sguil, there are total six scripts and you have to run it in order.

Login as root,

shell>./mysql_start.sh

shell>./snort_start.sh

shell>./ sancp_start.sh

Login as user sguil in another screen

shell>./sguild_start.sh

shell>./sensor_agent_start.sh

shell>./barnyard_start.sh

That's all, if you have any doubt about the Sguil VM, I do welcome any question and feedback. But NO SPAM, please!!!!! Hopefully I will be able to continue this blog with much efforts, improvements and benefits others.

Cheers and Enjoy (:])

5 comments:

Anonymous said...

Congratz man...

Anonymous said...

Cool, dude... Thz for the effort for the hard work & sharing..getting my hand dirty of trying it now... ^_^

Anonymous said...

Hi --

Do you mind if we point to this image from the VMTN Virtual Machine Center? It's no Slashdot, but you should expect more downloading, and so I like to give people a heads-up.

Drop me a line. Thanks.
John Troyer
VMTN.net
jtroyer atthecomdomain vmware

C.S.Lee said...

John Troyer,

It's my pleasure, I don't mind if you point the image from VMTN.

Thanks.

Anonymous said...

Is there a new location for this download?