for those who want to install this project to one single Raspberry Pi

[cloudstrifeedge]

I'm writing about this simple guide to help those who want to install SweetSecurity to one single Pi.
yes, surely we can save money. one Pi is enough.

well, I use Pi 3B+, 1GB RAM

CPU overload will be 30%-40% after all services been started.

I also have:

1. a default desktop (but I highly recommend you to install the lite system without a desktop)
2. a DIY usb LCD to show system's overload & IP address.
3. a 5V Fan controlled by a S8550 transistor & a simple code

to install all components on a single Pi, you need to do this：

1. use a bigger swap partition. the default partition of Pi 3 B+ is about 100M. we need more!
modifying Pi's swap partition is different from other Debain Linux! do NOT use makeswap command, because it's useless. instead, you need to modify /etc/dphys-swapfile

change CONF_SWAPSIZE from 100 to 2000000

restart the service:

sudo /etc/init.d/dphys-swapfile restart

now we have 2GB Swap partition

2.modify setup.py
comment line 82,83,85,86 in file SweetSecurity/setup.py

3.modify a pre-install lib
Pi uses Debain linux. to install Bro on Pi, you need to modify line 24,26,38,40,45,47 in file SweetSecurity/install/packages.py

change libssl-dev to libssl1.0-dev

4. now run the setup.py

NOTICE:

critical-stack-intel in this project is still not working for me(2018-08-10). there's a server issue, you can see it here:
https://groups.google.com/forum/#!topic/security-onion/axOCfBgjva4

so even I do this manually:

sudo -u critical-stack /usr/bin/critical-stack-intel --debug pull

it fails to update critical stack ip databse

when I run this:

sudo -u critical-stack /usr/bin/critical-stack-intel list

I find there's no feed been downloaded forever. no way no how.

so currently I suggest you guys use Alien Vault instead.

happy hacking

[rndrev]

I would like to add...that I do not think it is a good idea to install it all on one Pi. I found it was much better to do a separate install for the server/client. This was mainly because if something is wrong you can re-install the client without much difficulty.

In terms of capturing all the network traffic, you will actually have to do the port mirroring. which I don't think is clearly outlined. If you watch the presentation Travis made about the design though you will see it there.

Finally, I am new to GitHub, but you may want to do pull requests for some of the changes you mention in your tutorial.

[cloudstrifeedge]

I think there are two ways to deploy your IDS device:
one is to use a switch to do the port mirroring
the other is to use your Pi as a sniffer

I use my Pi as a sniffer to collect packets through eth0 network card because I can't use a switch due to the layout of my home....

and why I use only one Pi to install this project? simply because I just want to save money......

of cause using two devices is a better choice. you can even use PCs or Servers if you want.