Downloadable Demo

This page will describe how you can get started with a demo yourself. Downloadable here is a VMware image with the tunnel and logging server pre-installed. This image will enable you to start using and testing the SURFids system within a few minutes.

Image: SURFids_2.0-v4.zip
MD5sum: f020bc3fb5ce61f5105751910544a425

PDF Manual for the image can be found here.

NOTICE: This image is not intended for live production environments. This image is provided as-is and intended for testing and demo purposes only.

Getting started

First download and unzip the demo file:

# unzip SURFids_2.0-v4.zip

Load up the VMware image into either your VMware Workstation 6.0+ or your VMware player and boot up the image. The image sets itself up almost entirely. The only thing needed to get you started is adding the local interface of the guest OS as a sensor.

Configuring the image

Once the image has been started you will be presented with a login prompt.

SURFids login: _

We login using the username “surfids” and the password “surfids2.0”.

SURFids login: surfids
Password: surfids2.0

We switch to the root user:

su
Password: surfids2.0

For security reasons we should now change the password of both users to something more safe:

passwd surfids
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

We do the same for the root user:

passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Now we need to add our local interface as a sensor to the database. First we need to determine the main interface:

ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:45:C7:FC  
          inet addr:10.0.0.23  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:688 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:48015 (46.8 KiB)  TX bytes:2870 (2.8 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1046 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1046 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:630210 (615.4 KiB)  TX bytes:630210 (615.4 KiB)

The interface that has an IP address should be the main interface. In this example, we will assume eth0 is the main interface. (Ignore the lo interface)

Now we will add the eth0 interface as a sensor to the database:

cd /opt/surfnetids/tntools/
./localsensor.pl eth0
[02-11-2007 17:34:38] Connecting to idsserver with DSN: DBI:Pg:dbname=idsserver;host=localhost;port=5432

[02-11-2007 17:34:38] Connect result: Ok

[02-11-2007 17:34:38] Local interface added as sensor!

That's it. Your webinterface is now available on:

http://<ip number>:8080/.

In our example that would be:

http://10.0.0.23:8080/


Login info for the webinterface:
username: admin
password: admin

Enjoy!

Enabling tunneled sensors

To enable the use of tunneled sensors, you will need to edit the xinetd config file for openvpn:
/etc/xinetd.d/openvpn

service openvpn
{
  disable              = no
  type                 = UNLISTED
  port                 = 1194
  socket_type          = stream
  protocol             = tcp
  wait                 = no
  bind                 = 10.0.0.23
  user                 = root
  server               = /usr/sbin/openvpn
  cps                  = 1 5
  log_on_success       = USERID PID HOST EXIT
  server_args          = --config /etc/openvpn/server.conf
}

Replace the <ip number> with the actual IP address of the main interface. You will also have to edit some sensor config files with the actual IP address of the server for the “remote” option:

/opt/surfnetids/updates/client.conf
/opt/surfnetids/updates/client.conf.temp

remote 10.0.0.23
# tls-remote 127.0.0.1

/opt/surfnetids/updates/sensor.conf

$server = "10.0.0.23";

Other stuff

  • PhpPgAdmin: http:<ip number>:8080/phppgadmin/ * Passwords: /home/surfids/passwords.txt ==== Linux users ==== Finally, we need to make sure VMware can setup promiscuous interfaces. First, change the group of the /dev/vmnet device that is used by your VMware (in this example, vmnet0). For example the user that is running VMware is a member of the group surfids. <code> chgrp surfids /dev/vmnet0 chmod g+rw /dev/vmnet0 </code>
 
global/downloadable_demo.txt · Last modified: 2012/07/12 11:27 (external edit)
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki