New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setup: configure all available sniffing interfaces and prompt for which interfaces to enable #525

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
Copy link

GoogleCodeExporter commented Mar 24, 2015

Setup: configure all available sniffing interfaces and prompt for which 
interfaces to enable

Original issue reported on code.google.com by doug.bu...@gmail.com on 17 Apr 2014 at 4:17

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

for INTERFACE in $ALL_INTERFACES; do    

...skip...


# We just enabled all available interfaces in /etc/nsm/sensortab.
# Now we need to go back and disable any unwanted interfaces.
INTERFACES_CSV=`for i in $INTERFACES; do echo -n "$i,"; done`
for INTERFACE in $ALL_INTERFACES; do
        if echo $INTERFACES_CSV | grep "$INTERFACE," >/dev/null 2>&1; then
                echo "Leaving $INTERFACE as-is (enabled)." >> $LOG 2>&1
        else
                echo "$INTERFACE not found in selected interfaces.  Disabling." >> $LOG 2>&1
                sed -i "s|^$HOSTNAME-$INTERFACE|#$HOSTNAME-$INTERFACE|g" /etc/nsm/sensortab
        fi
done


...skip...

                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /opt/bro/etc/node.cfg

                # Go ahead and populate the file with all available interfaces
                # Comment out inactive interfaces
                # grep -v "^#" $SENSORTAB | awk '{print $1}' |while read SENSOR
                for INTERFACE in $ALL_INTERFACES; do
                        if echo $INTERFACES_CSV |grep "$INTERFACE," >/dev/null 2>&1; then
                        echo "* Configuring Bro to monitor $INTERFACE" >> $LOG 2>&1
                        cat << EOF >> /opt/bro/etc/node.cfg
[$HOSTNAME-$INTERFACE]   
type=worker
host=$IP
interface=$INTERFACE
lb_method=pf_ring
lb_procs=$BRO_LB_PROCS

EOF
                        else
                        cat << EOF >> /opt/bro/etc/node.cfg
#[$HOSTNAME-$INTERFACE]   
#type=worker
#host=$IP
#interface=$INTERFACE
#lb_method=pf_ring
#lb_procs=$BRO_LB_PROCS

EOF
                        fi
                done

Original comment by doug.bu...@gmail.com on 16 Jul 2014 at 8:39

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/my5dRuEsvBQ/discussion

Original comment by doug.bu...@gmail.com on 16 Jul 2014 at 9:03

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Published:
http://blog.securityonion.net/2014/07/new-securityonion-setup-package.html

Original comment by doug.bu...@gmail.com on 22 Jul 2014 at 2:34

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment