A little bit of security

I would like to take some time to talk about security and all those little packets going to your servers. I am sure that you are familiar with Snort which has been around for years to help you being made aware of attacks on your servers. Another initiatve was actually created a few years back : Suricata. Once installed, you will need to grab the latest snort rules, then edit /etc/suricata/suricata.yaml. Once configured, you can launch it with: /usr/local/bin/suricata -D -c /etc/suricata/suricata.yaml -i eth0 (remove -D if you don’t want to run it in daemon mode).

Then I discovered Barnyard2 which allows you to read suricata logs (but also snort logs, since the snort team wrote it). I have packaged an RPM for CentOS 5.5 amd64 for those who don’t like sources.

At last, you can make your boss happy by installing Smooth Sec which as a nice GUI to analyze logs (based on Snorby). Right, i’m getting back to writing rules…