Skip to content

sneakymonk3y/foxhound-nsm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

93 Commits
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
cleanup.sh
cleanup.sh
 
 
foxhound.sh
foxhound.sh
 
 
nic.sh
nic.sh
 
 
unattended-sample.txt
unattended-sample.txt
 
 

Repository files navigation

FOXHOUND-NSM

RaspberryPi 3 NSM based on Bro. Suitable for a home 'blackbox' deployment.

Requirements

General Preparation

  • critical stack:
    • get a critical stack account
    • set up a collection and a sensor
    • add feeds to your collection
    • note down sensor API key
  • not down parameters for email server

Prepare Pi

  • download Raspian Lite and put onto micro SD card
  • create empty file ssh on boot file system of SD card
  • connect LAN cable to Pi (make sure DHCP works)
  • optionally: connect WD PiDrive to Pi
  • boot Pi, ssh into devivce
  • change password for user pi (passwd)
  • sudo to root (sudo su -) and use raspi-config to
    • set up WLAN (Network Options)
    • expand filesystem (Advanced Options)
    • exit, don't reboot yet
  • check if you can ssh into Pi using the WLAN IP of the Pi
  • optionally: prepare PiDrice (see Hints below)
  • reboot (reboot)
  • detach LAN cable

Install Foxhound

  • ssh into Pi using WLAN IP
  • update base OS:
sudo su -
apt-get update
apt-get -y -u dist-upgrade
  • install git: apt-get -y install git
  • change into root's home directory: cd
  • clone repository: git clone https://github.com/sneakymonk3y/foxhound-nsm.git (as long as the pull request hasn't been accepted by the maintainer pls use my repo: git clone https://github.com/gebhard73/foxhound-nsm.git
  • prepare installation:
cd foxhound-nsm
chmod +x foxhound.sh
  • optionally: copy unattended-sample.txt to unattended.txt and adopt to your needs
  • begin installation: ./foxhound.sh
  • shuwdon device: shutdown -h now

Start Sniffing

  • configure switch (set up port mirroring)
  • plug switch into your home LAN on a suitable spot
  • connect switch mirror port with Pi
  • power up Pi and see if it works as expected (see e.g. Further Reading below)

Hints

  • the script isn't meant to be run multiple times on one installation (yet), so to get reliable results you should use a fresh OS SD card (and erase /nsm if using PiDrive) when re-running the script
  • use cheap micro SD card for OS, e.g. 8 GB ones (get multiple and have one ready with current Raspbian distro)
  • use separate file systeem for /nsm, e.g. Western Digital PiDrive Foundation Edition
    • delete existing partitions
    • create primary partition and label it, e.g. NSM
    • format with ext4, e.g. mkfs.ext4 /dev/sda1
    • mount into /nsm, e.g. add LABEL=NSM /nsm ext4 defaults 0 0 to /etc/fstab and mkdir /nsm && mount /nsm

To Do

  • adopt script so it can be run multiple times in a row without creating strange side effects
  • add logging and error handling to script

Further Reading

About

Foxhound: Blackbox - A Raspberry Pi NSM

Resources

Readme
Activity

Stars

37 stars

Watchers

4 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages