Celebrating my 100th post of the blog with the OpenBSD Sguil VMware Image released, you can just download it from here and load it to your VMplayer now. This release without sguil client installed since I don't want to add X to it. It's about 410MB and I have compressed it using tar and gzip and it is around 105MB after compression. I will start testing Hanashi's InstantNSM and try to release Centos Sguil VMImage as soon as I have time in hand. Below is the info of the OpenBSD Sguil Vmware Image.
Basic Info
System User
Username: root
password: r00t
Username: sguil
password: sguilNSM
Mysql Database
Username: root
password: r00t
Username: sguil
password: sguil
Sguild client User
Username: sguil
password: sguil
Sguil server - pcn0[192.168.0.170]
Sguil sensor - pcn1[192.168.0.171]
/etc/sguild - sguil server configuration
autocat.conf
sguild.access
sguild.conf
sguild.email
sguild.queries
sguild.reports
sguild.users
/etc/sguil - sguil sensor configuration
barnyard-pcn1.conf
sancp.conf
sensor_agent-pcn1.conf
snortrules-pcn1 - directory that storing sensor snort rules and config
/nsm - storing all NSM data
/nsm/mysql - storing nsm mysql database
/nsm/sguild_data - storing sguil server data including archive and rules
/nsm/snort_data - storing intrusion, portscan, session data
To change your Network configuration
Changing NIC's config(/etc/hostname.$NIC storing the NIC config)
shell>echo "inet 192.168.0.x 255.255.255.0 NONE" > /etc/hostname.pcn0
shell>echo "inet 192.168.0.x 255.255.255.0 NONE" > /etc/hostname.pcn1
Changing default router ip(/etc/myfate storing default gateway IP)
shell>echo "192.168.0.1" > /etc/mygate
Changing DNS info(/etc/resolv.conf - similar to linux)
shell>echo "nameserver 1.2.3.4" > /etc/resolv.conf
shell>echo "nameserver 5.6.7.8" >> /etc/resolv.conf
To reset your network config without reboot OS
shell>sh /etc/netstart
You will have to run Sguil server, sensor, barnyard, sancp, snort and mysql by hand, you just have to run the script in /root and /home/sguil, there are total six scripts and you have to run it in order.
Login as root,
shell>./mysql_start.sh
shell>./snort_start.sh
shell>./ sancp_start.sh
Login as user sguil in another screen
shell>./sguild_start.sh
shell>./sensor_agent_start.sh
shell>./barnyard_start.sh
That's all, if you have any doubt about the Sguil VM, I do welcome any question and feedback. But NO SPAM, please!!!!! Hopefully I will be able to continue this blog with much efforts, improvements and benefits others.
Cheers and Enjoy (:])
Basic Info
System User
Username: root
password: r00t
Username: sguil
password: sguilNSM
Mysql Database
Username: root
password: r00t
Username: sguil
password: sguil
Sguild client User
Username: sguil
password: sguil
Sguil server - pcn0[192.168.0.170]
Sguil sensor - pcn1[192.168.0.171]
/etc/sguild - sguil server configuration
autocat.conf
sguild.access
sguild.conf
sguild.email
sguild.queries
sguild.reports
sguild.users
/etc/sguil - sguil sensor configuration
barnyard-pcn1.conf
sancp.conf
sensor_agent-pcn1.conf
snortrules-pcn1 - directory that storing sensor snort rules and config
/nsm - storing all NSM data
/nsm/mysql - storing nsm mysql database
/nsm/sguild_data - storing sguil server data including archive and rules
/nsm/snort_data - storing intrusion, portscan, session data
To change your Network configuration
Changing NIC's config(/etc/hostname.$NIC storing the NIC config)
shell>echo "inet 192.168.0.x 255.255.255.0 NONE" > /etc/hostname.pcn0
shell>echo "inet 192.168.0.x 255.255.255.0 NONE" > /etc/hostname.pcn1
Changing default router ip(/etc/myfate storing default gateway IP)
shell>echo "192.168.0.1" > /etc/mygate
Changing DNS info(/etc/resolv.conf - similar to linux)
shell>echo "nameserver 1.2.3.4" > /etc/resolv.conf
shell>echo "nameserver 5.6.7.8" >> /etc/resolv.conf
To reset your network config without reboot OS
shell>sh /etc/netstart
You will have to run Sguil server, sensor, barnyard, sancp, snort and mysql by hand, you just have to run the script in /root and /home/sguil, there are total six scripts and you have to run it in order.
Login as root,
shell>./mysql_start.sh
shell>./snort_start.sh
shell>./ sancp_start.sh
Login as user sguil in another screen
shell>./sguild_start.sh
shell>./sensor_agent_start.sh
shell>./barnyard_start.sh
That's all, if you have any doubt about the Sguil VM, I do welcome any question and feedback. But NO SPAM, please!!!!! Hopefully I will be able to continue this blog with much efforts, improvements and benefits others.
Cheers and Enjoy (:])
5 comments:
Congratz man...
Cool, dude... Thz for the effort for the hard work & sharing..getting my hand dirty of trying it now... ^_^
Hi --
Do you mind if we point to this image from the VMTN Virtual Machine Center? It's no Slashdot, but you should expect more downloading, and so I like to give people a heads-up.
Drop me a line. Thanks.
John Troyer
VMTN.net
jtroyer atthecomdomain vmware
John Troyer,
It's my pleasure, I don't mind if you point the image from VMTN.
Thanks.
Is there a new location for this download?
Post a Comment