Setup: configure all available sniffing interfaces and prompt for which interfaces to enable #525

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
Setup: configure all available sniffing interfaces and prompt for which 
interfaces to enable

Original issue reported on code.google.com by doug.bu...@gmail.com on 17 Apr 2014 at 4:17

for INTERFACE in $ALL_INTERFACES; do    

...skip...


# We just enabled all available interfaces in /etc/nsm/sensortab.
# Now we need to go back and disable any unwanted interfaces.
INTERFACES_CSV=`for i in $INTERFACES; do echo -n "$i,"; done`
for INTERFACE in $ALL_INTERFACES; do
        if echo $INTERFACES_CSV | grep "$INTERFACE," >/dev/null 2>&1; then
                echo "Leaving $INTERFACE as-is (enabled)." >> $LOG 2>&1
        else
                echo "$INTERFACE not found in selected interfaces.  Disabling." >> $LOG 2>&1
                sed -i "s|^$HOSTNAME-$INTERFACE|#$HOSTNAME-$INTERFACE|g" /etc/nsm/sensortab
        fi
done


...skip...

                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /opt/bro/etc/node.cfg

                # Go ahead and populate the file with all available interfaces
                # Comment out inactive interfaces
                # grep -v "^#" $SENSORTAB | awk '{print $1}' |while read SENSOR
                for INTERFACE in $ALL_INTERFACES; do
                        if echo $INTERFACES_CSV |grep "$INTERFACE," >/dev/null 2>&1; then
                        echo "* Configuring Bro to monitor $INTERFACE" >> $LOG 2>&1
                        cat << EOF >> /opt/bro/etc/node.cfg
[$HOSTNAME-$INTERFACE]   
type=worker
host=$IP
interface=$INTERFACE
lb_method=pf_ring
lb_procs=$BRO_LB_PROCS

EOF
                        else
                        cat << EOF >> /opt/bro/etc/node.cfg
#[$HOSTNAME-$INTERFACE]   
#type=worker
#host=$IP
#interface=$INTERFACE
#lb_method=pf_ring
#lb_procs=$BRO_LB_PROCS

EOF
                        fi
                done

Original comment by doug.bu...@gmail.com on 16 Jul 2014 at 8:39

  • Added labels: ****
  • Removed labels: ****
Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/my5dRuEsvBQ/discussion

Original comment by doug.bu...@gmail.com on 16 Jul 2014 at 9:03

  • Added labels: ****
  • Removed labels: ****
Published:
http://blog.securityonion.net/2014/07/new-securityonion-setup-package.html

Original comment by doug.bu...@gmail.com on 22 Jul 2014 at 2:34

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment