Zeek IDS Setup Commands
Zeek IDS Setup Commands
Zeek IDS Setup Commands
change GRUB_CMDLINE_LINUX=""
to
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
grub-mkconfig -o /boot/grub/grub.cfg
reboot
Interfaces
eth1 = Network adapter connected to the Internet (external)
eth0 = Network adapter connected to a computer in the same subnet (internal)
nano /etc/sysctl.conf
uncomment net.ipv4.ip forward=1
apply the changes
sudo sysctl -p
Iptables
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED
-j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables-persistant
iptables-save >/etc/iptables/rules.v4
export PATH=/usr/local/bro/bin:$PATH
http://gauss.ececs.uc.edu/Courses/c6055/pdf/bro_log_vars.pdf
[zeek-logger]
type=logger
host=172.30.28.58
#
[zeek-manager]
type=manager
host=172.30.28.58
#
[zeek-proxy]
type=proxy
host=172.30.28.58
#
[zeek-worker]
type=worker
host=172.30.28.58
interface=ens33
#
[zeek-worker-lo]
type=worker
host=172.30.28.58
interface=ens33