|
NSM on Demand
LiveCD gives you instant (almost) network security monitoring.
This figure shows a simple architecture that matches what you'd be utilizing via the Knoppix-NSM LiveCD in its default configuration, as well as the NSM framework utilized by this distribution.
[IMAGE] Source: Intelguardians (http://www.intelguardians.com/snortguis.pdf)
Once you've booted from the Knoppix-NSM LiveCD, you can immediately start monitoring using the following command sequences:
- From a root console, if you didn't assign a static IP at boot, execute pump –i eth0 to attain an address dynamically. For permanent installations, only a static IP is recommended.
- From a root console (right click on the desktop) execute:
/etc/init.d/mysql start to start the MySQL database
/etc/init.d/apache2 start to start the Web server
/etc/init.d/sguild start to start the Sguil server daemon
sensor default start to start the Sguil sensor
/etc/init.d/ntop.default start to start ntop if you wish to see traffic details. This step can cause performance issues from LiveCD, so use it with caution and stop it if need be.
- From a non-root console execute:
sguilc with squil as username, and password as password.
At this point, you ...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
have a Sguil analysis console at your disposal, as well as BASE and ntop from the Iceweasel browser bookmark toolbar.
--RUSS McREE
|
 |
|
