Skip to content

sneakymonk3y/foxhound-nsm

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.gitattributes
 
 
README.md
 
 
cleanup.sh
 
 
foxhound.sh
 
 
nic.sh
 
 
unattended-sample.txt
 
 
FOXHOUND-NSM Requirements General Preparation Prepare Pi Install Foxhound Start Sniffing Hints To Do Further Reading

README.md

FOXHOUND-NSM

RaspberryPi 3 NSM based on Bro. Suitable for a home 'blackbox' deployment.

Requirements

General Preparation

  • critical stack:
    • get a critical stack account
    • set up a collection and a sensor
    • add feeds to your collection
    • note down sensor API key
  • not down parameters for email server

Prepare Pi

  • download Raspian Lite and put onto micro SD card
  • create empty file ssh on boot file system of SD card
  • connect LAN cable to Pi (make sure DHCP works)
  • optionally: connect WD PiDrive to Pi
  • boot Pi, ssh into devivce
  • change password for user pi (passwd)
  • sudo to root (sudo su -) and use raspi-config to
    • set up WLAN (Network Options)
    • expand filesystem (Advanced Options)
    • exit, don't reboot yet
  • check if you can ssh into Pi using the WLAN IP of the Pi
  • optionally: prepare PiDrice (see Hints below)
  • reboot (reboot)
  • detach LAN cable

Install Foxhound

  • ssh into Pi using WLAN IP
  • update base OS:
sudo su -
apt-get update
apt-get -y -u dist-upgrade
  • install git: apt-get -y install git
  • change into root's home directory: cd
  • clone repository: git clone https://github.com/sneakymonk3y/foxhound-nsm.git (as long as the pull request hasn't been accepted by the maintainer pls use my repo: git clone https://github.com/gebhard73/foxhound-nsm.git
  • prepare installation:
cd foxhound-nsm
chmod +x foxhound.sh
  • optionally: copy unattended-sample.txt to unattended.txt and adopt to your needs
  • begin installation: ./foxhound.sh
  • shuwdon device: shutdown -h now

Start Sniffing

  • configure switch (set up port mirroring)
  • plug switch into your home LAN on a suitable spot
  • connect switch mirror port with Pi
  • power up Pi and see if it works as expected (see e.g. Further Reading below)

Hints

  • the script isn't meant to be run multiple times on one installation (yet), so to get reliable results you should use a fresh OS SD card (and erase /nsm if using PiDrive) when re-running the script
  • use cheap micro SD card for OS, e.g. 8 GB ones (get multiple and have one ready with current Raspbian distro)
  • use separate file systeem for /nsm, e.g. Western Digital PiDrive Foundation Edition
    • delete existing partitions
    • create primary partition and label it, e.g. NSM
    • format with ext4, e.g. mkfs.ext4 /dev/sda1
    • mount into /nsm, e.g. add LABEL=NSM /nsm ext4 defaults 0 0 to /etc/fstab and mkdir /nsm && mount /nsm

To Do

  • adopt script so it can be run multiple times in a row without creating strange side effects
  • add logging and error handling to script

Further Reading

About

Foxhound: Blackbox - A Raspberry Pi NSM

Resources

Readme

Stars

36 stars

Watchers

4 watching

Forks

15 forks

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages