Wednesday, November 5, 2008

Barnyard2, SanCP, Snort, and Sguil using NSMnow

In my last post, I mentioned that I was working on integrating BASE into the Security Onion LiveCD. I chose BASE because I wanted a quick and easy GUI for Snort until I could get Sguil up and running. Little did I know that there was a quick and easy way to get Sguil up and running (even easier than installing BASE).

The stars aligned and I stumbled upon NSMnow. This is an amazing little project that will analyze your system; download and install Barnyard2, SanCP, Snort, and Sguil; and automatically configure the whole thing! I ran NSMnow in a terminal chrooted into the Security Onion LiveCD build environment (courtesy of Reconstructor) and a few minutes later it was done. I generated a new ISO, booted it, ran the init script, and fired up the Sguil client. That was too easy!

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive