What is it?
The Security Onion LiveCD is a bootable CD that contains software used for installing, configuring, and testing Intrusion Detection Systems.
What software does it contain?
The Security Onion LiveCD is based on Xubuntu 9.04 and contains Snort 22.214.171.124, Snort 3.0.0b3 (Beta), sguil, idswakeup, nmap, metasploit, scapy, hping, fragroute, fragrouter, netcat, paketto, tcpreplay, and many other security tools.
What can it be used for?
- The Security Onion LiveCD can be used for Intrusion Detection. Simply boot the CD and double-click either the Snort-Sguil or SnortSP-Sguil desktop shortcuts. The Snort and Sguil daemons will then start, listening on eth0 for any suspicious traffic and creating alerts in the Sguil console.
- The Security Onion LiveCD can be used to test an Intrusion Detection System. Simply boot the CD and use the included tools (such as nmap, metasploit, idswakeup, scapy, hping, and others) to test your existing IDS or to test the included Snort 126.96.36.199 and Snort 3.0 Beta 3.
- The Security Onion LiveCD can be used to install an Intrusion Detection System. Simply boot the CD and double-click the Install desktop shortcut. For more information about installation, please see the README desktop shortcut.
Please take a look at the Security Onion LiveCD and let me know what you think!
* Special thanks to:
- Marty Roesch and the whole SourceFire team for all of their work these last 10 years to get Snort to where it is today.
- The Sguil team for the best open-source tool to manage Snort alerts.
- The SecurixLive crew for their awesome NSMnow installer, the easiest way to install and configure Snort/Sguil on Ubuntu Linux.
- Ubuntu (and Debian) for their well-made Linux distribution(s).
- The Reconstructor team for a very easy to use tool for remastering Ubuntu LiveCDs.
- All developers in the open-source community who work so hard and produce such amazing tools.