Knoppix-NSM removes complexity of Snort-based network security monitoring
This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
|NSM on Demand|
LiveCD gives you instant (almost) network security monitoring.
This figure shows a simple architecture that matches what you'd be utilizing via the Knoppix-NSM LiveCD in its default configuration, as well as the NSM framework utilized by this distribution.
Source: Intelguardians (
Once you've booted from the Knoppix-NSM LiveCD, you can immediately start monitoring using the following command sequences:
At this point, you have a Sguil analysis console at your disposal, as well as BASE and ntop from the Iceweasel browser bookmark toolbar.
- From a root console, if you didn't assign a static IP at boot, execute pump –i eth0 to attain an address dynamically. For permanent installations, only a static IP is recommended.
- From a root console (right click on the desktop) execute:
/etc/init.d/mysql start to start the MySQL database
/etc/init.d/apache2 start to start the Web server
/etc/init.d/sguild start to start the Sguil server daemon
sensor default start to start the Sguil sensor
/etc/init.d/ntop.default start to start ntop if you wish to see traffic details. This step can cause performance issues from LiveCD, so use it with caution and stop it if need be.
- From a non-root console execute:
sguilc with squil as username, and password as password.
This was first published in October 2007