samiux.github.io

CyberSecurity Ninjas 网络空间安全忍者

View on GitHub
Home Projects Articles Apophthegm About

Croissants 牛角面包 - Intrusion Detection and Prevention System

DISCONTINUED - Deprecated

ifupdown as default

Networks and computers that are open to the public facing hacker attacks from all over the world every day. Once we are compromised, we would be one of the cyber crime victims. Our tasty Croissants is a high performance and ultra-low latency Intrusion Detection and Prevention System (IDPS). Unlike well known and famous brands for large business enterprises in the market, Croissants is available free of charge that everyone can afford. It is ideal for home, Small Office Home Office (SOHO) and Small Medium Business (SMB).

Not a Network Security Monitoring (NSM) or Information Security (InfoSec) expert? No problem! Our Croissants really is the “Plug, Play and Forget” system of your dreams. Don’t be the next cyber crime victims, try Croissants now!

Croissants is designed by a hacker to defend against hackers. He knows what hackers are doing and thinking, regardless of whether they are ethical or malicious.

FEATURES

每当电脑或网络连接互联网时,我们的电脑或网络就有机会被恶意黑客的攻击。为免成为下一个网络罪行的受害者,我们美味的牛角面包可以助你免于被袭击。不像其他知名的商业品牌,她是完全免费,每个人都能够负担的入侵防御系统。

我们的牛角面包是随插即用,用户的参与性极少,适合一般大众使用。

牛角面包是由黑客设计来对付黑客的有效工具,不论其为道德黑客抑或是恶意黑客。

功能概览

LICENSE

Croissants is an Open Source Project which is released under GPLv3 License and it is developed by Samiux.

Please keep in mind that Croissants is available FREE OF CHARGE.

Croissants is designed and developed by Samiux since 2012.

MINIMUM REQUIREMENTS

Hardware

Software

MAIN COMPONENTS

DOCUMENTATION

1.0 Installation Guide

1.1 Download and Install

1.1.1 Network Based
sudo -sH

cd /root

sudo apt install git net-tools

git clone https://github.com/samiux/croissants

cd croissants

cp * /root

cd /root

nano nsm.conf

chmod +x nsm_install

sudo ./nsm_install

Make sure you edit nsm.conf before running nsm_install

The definition of nsm.conf is here.

1.1.2 Host Based
sudo -sH

cd /root

sudo apt install git net-tools

git clone https://github.com/samiux/croissants-hidps

cd croissants-hidps

cp * /root

cd /root

nano nsm.conf

chmod +x nsm_install

sudo ./nsm_install

Make sure you edit nsm.conf before running nsm_install

The definition of nsm.conf is here.

1.2 Post Installation (Optional)

You are required to update the rules. However, you should wait until the Suricata is starting up completely. You may wait for about 15 minutes for the start up. Or see <Notice> - rule reload complete at the end of the following command.

sudo tail -f /var/log/suricata/suricata.log

Then run :

sudo nsm_rules_update

1.3 ChangeLog

Croissants ChangeLog

2.0 User Guide

WARNING : Make sure port 19999 is not opened to the public.

2.1 Glances

Text mode monitoring tool for the performance of Croissants.

glances

2.2 Netdata

Graphic mode monitoring tool for the performance of Croissants.

sudo sed -i 's/127\.0\.0\.1/0\.0\.0\.0/' /etc/netdata/netdata.conf
sudo systemctl restart netdata

http://[monitoring_ip]:19999

e.g. http://192.168.20.180:19999

2.3 Suricata Health Check

sudo tail -f /var/log/suricata/stats.log | grep drop

Press CTRL+c to exit.

2.4 Suricata Event Log

sudo tail -f /var/log/suricata/fast.log

Press CTRL+c to exit.

2.5 Rules Management

If you want to disable some rules as they are false positive, you can edit the “disable.conf” of suricata-update.

sudo nano /etc/suricata/disable.conf

If you want to drop some traffic, you can edit the “drop.conf” of suricata-update.

sudo nano /etc/suricata/drop.conf

If you want to modify some rules, you can edit the “modify.conf” of suricata-update.

sudo nano /etc/suricata/modify.conf

After updated the configuration files, you should run the following command to make the changes effective.

sudo nsm_rules_update

2.6 Ubuntu Update

sudo update_ubuntu

2.7 Auto Configuration

Whenever you changed the nsm.conf file, you need to run the following command in order to make it effective.

sudo nano /etc/croissants/conf.d/nsm.conf

sudo /etc/croissants/conf.d/auto_config

2.8 Suricata Performance

To check the performance of suricata :

sudo apt install linux-tools-generic

Then run :

sudo perf top -p $(pidof suricata)

The item(s) that in red colour may be in issue.

3.0 Hall of Fame

Nathan Paquin - Unix System Expert and InfoSec guy (IRC nick : sys)
Omnish - Gamer with InfoSec in mind (IRC nick : omnish)
Alpharyon - Ultra speed internet user with InfoSec in mind

4.0 Troubleshooting

If you cannot access internet when you are behind the Croissants, Suricata may be down unexpectedly. You can check if it is running or not by the following command :

sudo ps aux | grep suricata

If it is not running, you can issue the following command to start it :

sudo systemctl restart suricata

You can check the suricata.log at /var/log/suricata/suricata.log. Please allow about 15 minutes for Suricata fully starting.

5.0 FAQ

What is the function of the third network interface? (Network Based)

One is for incoming traffic (from modem or ISP) and the other is for outgoing traffic (to router or switch). The third one is connected to the switch for management purpose. It is also used for updating the rules and system.

Which network interface is used for the installation? (Network Based)

The monitoring network interface is good for installation. Incoming and outgoing network interfaces may cause problem during the installation.

How to check what network interfaces are in my box? (Network Based)

ls /sys/class/net

How to deploy Croissants?

The following is the recommended connection method of Croissants. However, you can connect it behind router too.

Network Based

Internet --- Modem (if any) --- Croissants --- Router --- Switch (if any) --- PCs

Host Based

Internet --- Croissants (with application on it)

6.0 To-Do-List

Nil

7.0 See Also

Nil

Home Projects Articles Apophthegm About