Installing Suricata on FreeBSD – Part 7

Dan O'Connor — Wed, 10 Mar 2010 20:13:53 +0000

To get the unified2 events coming out of Suricata into the database that was setup, you will need to install something to open that file format.

One of the choices listed is barnyard2, it’s a large install and needs to have snort installed as a dependency but it will do the job.

http://www.openinfosecfoundation.org/index.php/faqs

cd /usr/ports/security/barnyard2/
make install clean

I am not going to rehash the setup of barnyard2 there is plenty of sites that can guide you through the setup.

The next thing I will be attempting to install is OpenVAS on FreeBSD 8.0 or 7.2, I am not sure if it will run on either at this point.

Verifying System Integrity

Dan O'Connor — Tue, 16 Feb 2010 03:28:48 +0000

The team at isc.sans.org has an BETA version of hash checking application. http://isc.sans.org/tools/hashsearch.html

I tired a few files from a FreeBSD machine I have, but it was not able to locate a match. I am sure there would have been more success if files from a Windows based system had been tried.

This will be an excellent tool to verify the integrity of files on systems, more then once I have been in a situation where I needed to validate the integrity of a file with out a know good sample available.

If the status of a machine is in question I would not even collect the has off the system while it is running, booting into a liveCD like Knoppix ( http://www.knoppix.org/ ) or my favorite FreeBSD ( http://www.freebsd.org/where.html ) is the best way to ensure the integrity of the hash.

On freebsd you can use the md5 or sha1 command.

> md5 /lib/libc.so.7
MD5 (/lib/libc.so.7) = e16f4e5c137bd7f445b32733f45ac268

Irregular Expressions » barnyard freebsd

Installing Suricata on FreeBSD – Part 7

Verifying System Integrity