Skip to content

1. Mata Elang Sensor

Jump to bottom
Fadhil Yori Hibatullah edited this page Feb 12, 2021 · 4 revisions

Back

  1. Installing Docker https://docs.docker.com/install/

  2. Enable and start Docker Service

    $ sudo systemctl enable docker
$ sudo systemctl start docker

  3. Server preparation, configure the network interface in promiscuous mode. Install ifupdown package. Then, edit /etc/network/interfaces file, add some line like the down below:

    auto eth1
iface eth1 inet manual
   up ip address add 0/0 dev eth1
   up ip link set eth1 up
   up ip link set eth1 promisc on
   down ip link set eth1 promisc off
   down ip link set eth1 down

auto eth2
iface eth2 inet dhcp

    Note :

    • Don't forget to change the eth1 and eth2 with your server network interface name
    • eth1 must be connected to the tapper port where the port is set for mirroring destination port

  4. Restart network service or restart your server

    $ sudo systemctl restart networking

  5. Download Sensor Installer from mata-elang-pens/sensor-installer GitHub repository

  6. Add executable permission to setup.sh

    $ sudo chmod +x setup.sh
$ sudo chmod +x update-rule.sh

  7. Run the setup.sh script with the following command and wait until the setup finished

    $ sudo ./setup.sh

  8. And Done

  9. To Update Snort Rules use these command :

    $ sudo ./update-rule.sh

Back

Clone this wiki locally