The Developers over at
Skynet-Solutions have just released EasyIDS 0.4. This is an excellent turn-key solution for someone wanting to learn about open source security programs up to medium size businesses needing network security. I was fortunate to be included in the beta testing and I think you’ll like what the developers have added and/or improved. Also, a forum has been set up for the community HERE and be sure to check out the screenshots HERE. I have posted the changelog below.
0.4 Changelog
- Designed around Centos 5.4 cd1 with updates.
- Upgraded Snort to 2.8.5.1.
- Upgraded Snort rulesets to 2.8.
- Upgraded BASE to customized version 1.4.4.
- Upgraded ntop to 3.3.8.
- Added Arpwatch 2.1a13.
- Upgraded Nmap to 4.11.
- Added stunnel 4.15.
- Added network traffic graphs (Daily, Weekly, etc).
- Added system usage graphs (Daily, Weekly, etc).
- Modified Snort performance graphs (Daily, Weekly, etc).
- Web selectable management/monitoring network NICs.
- Bridging support for inline placement if 3+ NICs.
- Multiple remote sensor support with Stunnel encryption.
- Added auto restart of failed services with notification script.
- Added customized branding and themes.
- Added upgrade script for future enhancements & replace Snort rule updates script.
- Added basic user with read-only privileges (user:user,password:easyids).
- Added web-based system log viewer.
- Added web-based nmap scanner.
- Added e-mail alerts on ethernet/ip address changes.
- Added specific enabling/disabling of individual ruleset rules.
- Added snort_rules.conf file for inclusion of enabled rulesets.
From http://www.skynet-solutions.net/easyids/:
September 23, 2009
Next release delayed
The next release has been temporarily delayed to fix the issues that were reported during long term testing and work in some additional feature requests that were submitted. Rest assure that the project is not dead but because EasyIDS isn’t our day job we are limited to working on it nights and weekends. We thank everyone for their continued interest in EasyIDS and will release the next version as soon as we can.
I can assure you the Devs are working hard on this next release. I’ve been lucky to download a couple of beta versions and all is looking good. I’ll update when .4 releases.
I recently took on the task of rebuilding my IDS for my home network. In the past I have used EasyIDS, which is a web-based Snort, BASE, and NTOP package pre-built on a CentOS Linux distro. EasyIDS is a great product and I recommend it to any small business or home network user. The time came though when I needed to consolidate all of my intrusion software onto one machine and so I decided to compile all of the programs myself.
The following programs I decided to use in my IDS:
Snort
BASE
IPAudit
OSSEC (server)
I’m not going to do a walk-through of the installation process. The Snort web site has a fairly good installation pdf for a debian based system HERE. For the OS I used Ubuntu 8.04.3 LTS Server Edition. You’ll have to make some changes since this document is a few years old. I had to change the snort.log filenames to snort.unified, I used the documentation from Ubuntu on turning on Apache SSL, and I looked for the newest version of dependencies needed.
If you decide to build your own IDS, I can’t stress enough the word DEPENDECIES. Dependecies was my biggest problem and increased the install time to ridiculous levels, but that was user error. If you take the time to read the documentation for the above programs installation will be much smoother. A bit of a warning though is that installing all of these programs is lengthy. I installed Snort and BASE in one session (4 hours) and the others in another session.
Successfully installing these programs and watching them work is such a reward. Not only did I learn how Snort and BASE work and work together, I now understand a little bit more about Linux itself.
Recent Comments