You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm writing about this simple guide to help those who want to install SweetSecurity to one single Pi.
yes, surely we can save money. one Pi is enough.
well, I use Pi 3B+, 1GB RAM
CPU overload will be 30%-40% after all services been started.
I also have:
a default desktop (but I highly recommend you to install the lite system without a desktop)
a DIY usb LCD to show system's overload & IP address.
a 5V Fan controlled by a S8550 transistor & a simple code
to install all components on a single Pi, you need to do this:
1. use a bigger swap partition. the default partition of Pi 3 B+ is about 100M. we need more!
modifying Pi's swap partition is different from other Debain Linux! do NOT use makeswap command, because it's useless. instead, you need to modify /etc/dphys-swapfile
3.modify a pre-install lib
Pi uses Debain linux. to install Bro on Pi, you need to modify line 24,26,38,40,45,47 in file SweetSecurity/install/packages.py
I would like to add...that I do not think it is a good idea to install it all on one Pi. I found it was much better to do a separate install for the server/client. This was mainly because if something is wrong you can re-install the client without much difficulty.
In terms of capturing all the network traffic, you will actually have to do the port mirroring. which I don't think is clearly outlined. If you watch the presentation Travis made about the design though you will see it there.
Finally, I am new to GitHub, but you may want to do pull requests for some of the changes you mention in your tutorial.
I'm writing about this simple guide to help those who want to install SweetSecurity to one single Pi.
yes, surely we can save money. one Pi is enough.
well, I use Pi 3B+, 1GB RAM
CPU overload will be 30%-40% after all services been started.
I also have:
to install all components on a single Pi, you need to do this:
1. use a bigger swap partition. the default partition of Pi 3 B+ is about 100M. we need more!
modifying Pi's swap partition is different from other Debain Linux! do NOT use
makeswap
command, because it's useless. instead, you need to modify /etc/dphys-swapfilechange CONF_SWAPSIZE from 100 to 2000000
restart the service:
sudo /etc/init.d/dphys-swapfile restart
now we have 2GB Swap partition
2.modify setup.py
comment line 82,83,85,86 in file SweetSecurity/setup.py
3.modify a pre-install lib
Pi uses Debain linux. to install Bro on Pi, you need to modify line 24,26,38,40,45,47 in file SweetSecurity/install/packages.py
change
libssl-dev
tolibssl1.0-dev
4. now run the setup.py
NOTICE:
critical-stack-intel in this project is still not working for me(2018-08-10). there's a server issue, you can see it here:
https://groups.google.com/forum/#!topic/security-onion/axOCfBgjva4
so even I do this manually:
sudo -u critical-stack /usr/bin/critical-stack-intel --debug pull
it fails to update critical stack ip databse
when I run this:
sudo -u critical-stack /usr/bin/critical-stack-intel list
I find there's no feed been downloaded forever. no way no how.
so currently I suggest you guys use Alien Vault instead.
happy hacking
The text was updated successfully, but these errors were encountered: