Zeek IDS Setup Commands

Download as txt, pdf, or txt
Download as txt, pdf, or txt
You are on page 1of 2

nano /etc/default/grub

change GRUB_CMDLINE_LINUX=""
to
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

grub-mkconfig -o /boot/grub/grub.cfg

reboot

== routing configuraiton ====

Interfaces
eth1 = Network adapter connected to the Internet (external)
eth0 = Network adapter connected to a computer in the same subnet (internal)

nano /etc/sysctl.conf
uncomment net.ipv4.ip forward=1
apply the changes
sudo sysctl -p

Iptables
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED
-j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

save iptables rules


iptables-save > /etc/iptables.rules

iptables-persistant
iptables-save >/etc/iptables/rules.v4

==== zeek installiation =====

sudo sh -c "echo 'deb


http://download.opensuse.org/repositories/network:/bro/xUbuntu_17.04/ /' >
/etc/apt/sources.list.d/bro.list"
sudo apt-get update
sudo apt-get install bro
sudo apt-get install broctl

export PATH=/usr/local/bro/bin:$PATH

http://gauss.ececs.uc.edu/Courses/c6055/pdf/bro_log_vars.pdf

[zeek-logger]
type=logger
host=172.30.28.58
#
[zeek-manager]
type=manager
host=172.30.28.58
#
[zeek-proxy]
type=proxy
host=172.30.28.58
#
[zeek-worker]
type=worker
host=172.30.28.58
interface=ens33
#
[zeek-worker-lo]
type=worker
host=172.30.28.58
interface=ens33

You might also like