Posted by rvalabs at January 27th, 2014
In order to build this RaspIDS, you will need the following items:
1) USB Hub
2) HDMI cable to hook up to a monitor
5) Class10 SD card
6) Raspberry PI model B
7) Raspberry Pi Case (optional)
8) Raspberry Pi power cable
8) 2 USB to ethernet adapters
9) SD Card reader
1) Format a Class 10 SD card. You can use a tool called SDFormatter (https://www.sdcard.org/downloads/formatter_4/).
2) Once the card has been formatted, you will need to download and extract NOOBS (http://downloads.raspberrypi.org/NOOBS_latest).
3) Copy all of the files within the NOOBS zip file onto the recently formatted SD card.
4) Put the SD card into the Raspberry Pi, and boot up the device.
5) On the boot up screen, select “Raspbian”
6) Click the “Install” key and then hit “Yes” when asked about overwriting your files.
7) When it is done, hit the “OK” button and allow it to Reboot.
8) Now you will need to customize your installation.
- Select #2 – Change password for the default user
- Select #3 – Boot to Command line.
- Select #4 – to select the correct Timezone and Locale
- Select #8 – Change Hostname and Enable SSH
- Now… Select Finish at the bottom
9) When this is completed, change the name of your default user (which is “pi”)
Change to ROOT:
Next, change the password for root by issuing the following command:
Now reboot the device:
Log into the device with the new root account that you set up…. Now it is time to change the name of the default “pi” account..
usermod -l rvalabs pi
usermod -m -d /home/rvalabs rvalabs
groupmod -n rvalabs pi
Exit out of the device and try to log into it with the new credentials.
10) Update your device..
apt-get update && apt-get upgrade
11) Now that your base system has been created, let’s start installing the necessary software. First, install MYSQL.
apt-get install mysql-server
12) Next, you will need to install Apache. Please do the following:
apt-get install apache2
13) Install PHP
apt-get install php5
14) Install snort-mysql:
apt-get install snort-mysql
15) Now that all of that software is installed, we will need to bridge the two “usb to ethernet” adaptors so that SNORT will listen on that address. First, you will need this installed.
apt-get install bridge-utils
16) Let’s set up the bridge.
First, let’s issue the following commands:
brctl addbr br0
ip addr show
brctl addif br0 eth1 eth2
Now, edit the file: /etc/network/interfaces, it should look like this:
auto lo br0
iface lo inet loopback
iface eth0 inet dhcp
iface eth1 inet manual
iface eth2 inet manual
iface br0 inet dhcp
bridge_ports eth1 eth2
17) You will now need to reconfigure snort-mysql.
dpkg-reconfigure -plow snort-mysql