Skip to content
/ SIREN Public

Semi-Intelligent HoneyPot Network - Semi-Intelligent Reactive Environment Network

13 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

blaverick62/SIREN

BranchesTags

Repository files navigation

SIREN Setup Instructions

Download Linux dependencies

  1. Recommend Ubuntu-based, raspbian is good
  2. sudo apt-get install build-essential python-dev libmysqlclient-dev python-virtualenv python-pip If some don’t resolve, install what Linux tells you to

Clone repository

  1. Git clone https://github.com/blaverick62/SIREN.git

Change remote to your repository if using it for dev

Setup VENV and install pip requirements

  1. cd SIREN
  2. . ./VENV/bin/activate
  3. pip install -r requirements.txt

If some pip dependencies don’t install, install what python tells you

  1. sudo apt-get install libkrb5-dev
  2. pip install python-gssapi
  3. pip install paramiko

To run SIREN

  1. sudo ./sirenstart.sh

Setup Snort on Pi

  1. sudo apt-get install flex bison build-essential checkinstall libpcap-dev libnet1-dev libpcre3-dev libmysqlclient15-dev libnetfilter-queue-dev iptables-dev libdumbnet-dev autoconf libtool libdaq-dev
  2. snort setup: sudo apt-get install snort
  3. set up home net and interface
  4. add file siren.rules to /etc/snort/rules
  5. add line alert tcp $HOME_NET any -> any any (msg:"Target file accessed!"; content:"malarkey"; sid:1000037;)
  6. add line include $RULE_PATH/siren.rules to snort.conf near line 550 with other includes

Mysql setup

On SIREN_DB ubuntu server VM

  1. sudo apt-get install mysql-server
  2. mysql -u root -p
  3. Enter root password
  4. create user ‘sirenlocal’@’localhost’ identified by ‘sirenproj’;
  5. grant all privileges on . to ‘sirenlocal’@’localhost’;
  6. quit
  7. mysql -u sirenlocal -p
  8. sirenproj
  9. create schema siren_db;
  10. use siren_db;
  11. quit

On SIREN machine

  1. cd /usr/src
  2. sudo git clone github.com/firnsy/barnyard2 barnyard_src cd barnyard_src
  3. cd barnyard_src
  4. sudo autoreconf -fvi -I ./m4
  5. sudo ln -s /usr/include/dumbnet.h /usr/include/dnet.h
  6. sudo ldconfig
  7. cd /usr/src/barnyard_src
  8. ./configure --with-mysql --with-mysql-libraries=/usr/lib/YOUR-ARCH-HERE-linux-gnu
  9. make
  10. sudo make install
  11. sudo cp etc/barnyard2.conf /etc/snort
  12. sudo mkdir /var/log/barnyard2
  13. sudo chown snort.snort /var/log/barnyard2
  14. sudo touch /var/log/snort/barnyard2.bookmark
  15. sudo chown snort.snort /var/log/snort/barnyard2.bookmark
  16. scp /usr/src/barnyard_src/schemas/create_mysql to siren_db box
  17. Change output format line for unified2 in /etc/snort.conf from snort.log to merged.log and remove nostamp option

On SIREN_DB machine

  1. mysql -u sirenlocal -p
  2. enter password
  3. create schema snort
  4. quit
  5. mysql -u sirenlocal -p snort </home/"username"/create_mysql
  6. find sid-msg.map online, download and copy into /etc/snort
  7. start snort with: sudo snort -q -c /etc/snort/snort.conf -i ens33
  8. start barnyard2 with: sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f merged.log -w /var/log/snort/barnyard2.bookmark

Web service setup

On SIREN_DB ubuntu server VM

  1. sudo apt-get install apache2
  2. sudo service apache2 restart
  3. sudo apt-get install php libapache2-mod-php
  4. sudo nano /etc/apache2/apache2.conf
  5. uncomment <directory /srv/> block
  6. change /srv/ to path to /siren/Website/myapp/public
  7. sudo nano /etc/apache2/sites-available/000-default.conf

About

Semi-Intelligent HoneyPot Network - Semi-Intelligent Reactive Environment Network

Resources

Readme
Activity

Stars

13 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages