CyberSecurity Ninjas 网络空间安全忍者

View on GitHub
Home Projects Articles Apophthegm About

Rosemary 迷迭香 - Intrusion Detection and Prevention System 防御入侵系统

As technology advances, so do cybersecurity threats, which can leave individuals and small businesses vulnerable to cybercrime. Public-facing networks and computers are highly susceptible to daily hacker attacks from around the world. In response to this need, the Rosemary Intrusion Detection and Prevention System (IDPS) was developed as a highly efficient and ultra-low latency security solution.

One of the most significant benefits of Rosemary is its user-friendly design, making it accessible to everyone, regardless of their technical expertise in Network Security Monitoring (NSM) or Information Security (InfoSec). This “Plug, Play and Forget” system efficiently eliminates the need for any complex configurations or maintenance. Also, Rosemary is completely free of charge, making it an affordable and ideal solution for home and small office/home office (SOHO) setups.

Rosemary’s creator is an experienced white hat hacker, so the cybersecurity solution’s design effectively detects and prevents sophisticated cyber threats. The Rosemary Intrusion Detection and Prevention System utilizes the malicious hacker’s inside knowledge of current and potential malicious hacker tactics. And it provides complete transparency and is hassle-free for users.

Protecting digital assets should be a priority, and Rosemary Intrusion Detection and Prevention System meets this need. With this reliable and easy-to-use cybersecurity solution, individuals and small office/home office businesses can feel secure knowing that their digital assets are protected, and their data is secured against cyberattacks.

In summary, Rosemary Intrusion Detection and Prevention System is an effective, user-friendly, and accessible cybersecurity solution that can cater to the varying security needs of individuals and small office/home office businesses.


「迷迭香」的主要优势之一是其用户友好设计,它可供任何人使用,无论其在网络安全监控(NSM)或信息安全(InfoSec)方面的技术水平如何。此外,「迷迭香」以「随插即用,并且可以忘记之」的方式运行,无需进行复杂的配置或维护。同时,「迷迭香」 是完全免费的,这使其成为适合家庭和小型办公室/家庭办公室(SOHO)设置的负担得起的解决方案。







FriendlyElec NanoPi R6S



A 16GB micro SD Card (at least Class 10) is required for the installation.

Download the SD Card image (568.7MB) at Google Drive and extract it.

Download Balena Etcher at its official site and burn the image to the SD Card. Then boot the NanoPi R6S with the SD Card. Therefore, faster the SD Card is better the performance.


你需要一张至少 16GB (规格 10) 的 SD 卡。


Balena Etcher 官网下载,并将镜像文件烧录到 SD 卡中,再将 SD 卡启动 NanoPi。所以速度快的 SD 卡在效能上较为占优。


sha256 f8b63ec5f3714ee1694a308051401ba464dc1ba6aee58358eac7c3d5ca0112dd
sha256 e581317910e773f179ee7cbb66fcb63fae44db3e51b7142dafe75a878ee0a657 rk3588-r6s-sd-rosemary-6.0.10-5.10-arm64-20230313.img


Rosemary is developed by Samiux based on Croissants project which is since 2012 and it is released under GPLv3 and FREE OF CHARGE.


「迷迭香」是由 Samiux 基于他另一个开源项目「牛角面包」开发,该项目始于 2012 年。「迷迭香」亦是一项基于 GPLv3 的开源项目。


The following is the recommended connection method of Rosemary. However, you can connect it behind router too.


            (WAN)             (LAN1 to Router's WAN)          (Router's LAN)          
   Modem ----------- Rosemary ----------------------- Router ----------------- PCs & Laptops
                          |                           (WIFI)                      
                          |                             | (Router's LAN)                   
                              (LAN2 to Router's LAN)
                                                                                +------- Laptops
            (WAN)           (LAN1 to Router's WAN)     (Switch's LAN)           |
   Modem ----------- Rosemary ------------------ Router -------- Switch --------+
                          |                      (WIFI)             |           |
                          |                                         |           |
                          +-----------------------------------------+           +------- PCs
                                   (LAN2 to Switch's LAN)

            (WAN)          (LAN1 to WIFI AP's WAN)                  
Modem with ----------- Rosemary --------------- WIFI AP -------------------- PCs & Laptops
WIFI Router (unused)      |                        |               
                          |                        |               
                            (LAN2 to WIFI AP's LAN)

                                                                    +------- WIFI AP
            (WAN)          (LAN1 to Switch's Port #1)               |
Modem with ----------- Rosemary ---------------- Switch ------------+
WIFI Router (unused)      |                        |                |
                          |                        |                |
                          +------------------------+                +------- PCs & Laptops
                            (LAN2 to Switch's LAN)

                                                                    +------- WIFI AP
            (WAN)          (LAN1 to Switch's Port #1)               |
5G Modem ----------- Rosemary ------------------ Switch ------------+
WIFI Router (unused)      |                        |                |
                          |                        |                |
                          +------------------------+                +------- PCs & Laptops
                            (LAN2 to Switch's LAN)

Do NOT use the wifi that comes with 5G modem or modem with WIFI router as the traffic flow will NOT be protected by Rosemary.

不要使用 5G 调解器或调解器有无线网络功能的无线网络,因为其无线网络不受「迷迭香」的保护。


When will the rules are updated?


Between 0600 and 0630 hours every day, Rosemary will do the housekeeping and updating. The defending work of Rosemary may be interrupted during this period.

non 24/7

Rosemary can be turned off and it is not required to operate 24/7. The update will be carried out within half an hour when the Rosemary is booting up. It is advised NOT to turn off the Rosemary between 0600 and 0630 hours as it will do the update automatically. If you do so, you may break the Rosemary. Meanwhile, if you turn off the Rosemary within half an hour of the booting up, you may also break the system too.

How many detecting / blocking rules in Rosemary?

There are over 47,000 rules in Rosemary and they are all free of charge. The number of rules are increasing.

Do you recommend to access Rosemary via SSH in internet?

For security purpose, it is NOT recommended to connect Rosemary via SSH in internet. However, you may connect Rosemary via SSH in intranet. The username and password are “rosemary”. The IP address of the Rosemary is 192.168.x.200, e.g.

Can Rosemary decrypt the SSL/TLS traffic?

Rosemary cannot decrypt the SSL/TLS traffic well. However, it can handle a limited SSL/TLS traffic flow. Therefore, it is not ideal for using it as Web Application Firewall (WAF). For example, Rosemary can detect and drop self signed SSL/TLS certificate traffic and etc.

Do I also need anti-virus on my computer or laptop?

Yes, anti-virus is required. You are also advised to install the following add-ons or extensions for your browser such as Firefox or Chrome in order to increase the security for surfing the internet.




每日的凌晨 0600 至 0630 时更新和维护,其间有可能对防御入侵系统的运作有些少影响。


每当启动后的半小时内其会自行更新维护,所以不要在其间或在 0600 至 0630 时其间内关闭防御入侵系统,因为有可能会损坏防御入侵系统。


所有规则都是免费的,已经超过 4 万 7 千多条,而且亦每日在增加中。

是否建议在互联网中利用 SSH 接驳防御入侵系统?

不建议,但可以在内网连接。其用户名称和密码都是 “rosemary”。至于网址是 192.168.x.200,例如。


不能。但她能够识别及阻挡自签 SSL/TLS 证书的流量。


需要。除此之外,我更建议在「火狐」或 Chrome 浏览器安装以下附加组件,使得上网时更安全。


Since there is no Real-Time-Clock battery in the device, you are required to reboot the device (the FIRST boot of the burning SD Card) after half an hour in order to get the current local time.





Discord @samiux#3445


Home Projects Articles Apophthegm About