Monday, September 14, 2009

surfnet IDS installation - Sensor (simplified install guide)

The system's sensor is where all the malicious trafic will be directed, where 'replications' of nepenthes (honeypot program) from tunnel server are placed.

sensor must be installed after finish installing and configuring both servers because the sensor is automatically connected to the servers when it is up. keys from the tunnel server are also required for the sensor to be connected to the server.

follow installation instructions here

copy ca.crt from tunnel server into the sensor's surfids folder. type in "surfids-passwd (insert password here) >> (instert surfids config filename with path here)"
edit the config file with suitable info and edit openvpn.conf by inserting ip address of tunnel server. restart the sensor machine and it will boot into the sensor menu if installation succed. once in the sensor menu, config the sensor accordingly with the right network configurations. note: tunnel endpoint is not the ip address of the tunnel server, but ip address within the same subnet of the sensor.

in case your installation fails and you need to restart installation, dont panic, just ssh into the sensor, apt-get remove --purge surfids-sensor and sudo rm -rf the ids folder to remove any remaining files and just reinstall it by typing sudo apt-get install surfids-sensor.

0 comments: