GithubHelp home page GithubHelp logo

dps_ips's Introduction

Overview

dps_ips is a basic IPS written in perl. It integrates and implements several open source technologies including mysql, perl, syslog-ng, sec.pl, and cron. It detects 'unwanted' events using sec.pl and then dynamically provisions and maintains shuns in an ASA firewall. Sec.pl keeps track of the last time the nefarious activity was detected, and cleans up shuns after a defined threshold.

Installation

  1. named pipe configuration:

     sudo mkdir /pipes  
 cd /pipes  
 sudo mkfifo sec  
 sudo chown dps:admin sec

  2. syslog-ng configuration:

    Make modifications in syslog-ng.conf (write to the pipe)

     source UDP4333 {
   udp(port(4333));
 };
 
 destination sec {
   pipe("/pipes/sec ");
 };

  3. SEC Configuration

    Copy the asa.sec somewhere on the system.

  4. MySQL Setup

    create the MySQL Database

     mysqladmin -u root -p create ds_ips

    import the databae

     mysql -u root -p --database dps_ips < user_load.sql

  5. Schedule the cron job.

     */5 * * * * /Users/dps/documents/personal/ds_ips.pl -c

  6. Download sec.pl (tested with 2.5.1) from here:

    http://sourceforge.net/projects/simple-evcorr/files/sec/2.5.1/

Execution

perl -w sec.pl -conf=asa.sec -intevents -input=/pipes/sec \
-pid=/pid/asa.pid -blocksize=1024 -log=/var/log/asa.log \
-debug=6

Troubleshooting

listening to the pipe to test:

tail -f /pipes/sec

putting the test data into the pipe to make sure it works:

cat /Users/dps/documents/Personal/CSPP/syslog_data > /pipes/sec

dps_ips's People

Contributors

a2f0 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.