There are many NSM based tools that we don't install because it is not available via FreeBSD port system, don't blame us of not creating the package for it since we are all busy and some of them are not yet into production release but very useful in many conditions, here we have included extra NSM based tools that you can download, decompress and run it! We call it as HeXtra(HeX Extra) and its version is 1.0 Beta(similar to the HeX liveCD version) so it won't create confusion for future release. Here are the tools that we have included -
- Afterglow
- Argus3 RC
- Bro-Nids
- Chaosreader
- Sguil Client(CVS)
It is pretty easy to get them running, just do the following -
shell>mkdir ~/rp-Mnt
Mount your usb thumb drive to rp-Mnt -
shell>sudo sysctl vfs.usermount=1
shell>sudo chmod 777 /dev/da0s1 (it's da0s1 in my case but it may be differ)
shell>mount -t msdosfs /dev/da0s1 ~/rp-Mnt
shell>cd ~/rp-Mnt
shell>wget \
http://rawpacket.org/anonymous/projects/HeXtra-1.0B.tar.bz2
shell>tar xvjf HeXtra-1.0B.tar.bz2
All the tools reside in its specified directory and you can run them any time by now. On the other hand, we have also included clamav signature database to make it easy for user who want to use clamAV, snort signatures are not included but you can easily fetch it using oinkmaster, I will write up the howto later. I have also added the script call NSM-Offline.sh which you just need to run it against the network data(pcap) and it will generate NSM output for examination. Credit goes to Niklas who has initially written this script. I just modified it to run flawlessly using this liveCD. Make sure you have snort signatures in place in order to run this script as well.
Cheers ;]
 
No comments:
Post a Comment