SweetSecurity icon indicating copy to clipboard operation
SweetSecurity copied to clipboard

Published 20 hours ago verified publisher icon TravisFSmith

for those who want to install this project to one single Raspberry Pi

Open cloudstrifeedge opened this issue 7 years ago • 2 comments

I'm writing about this simple guide to help those who want to install SweetSecurity to one single Pi. yes, surely we can save money. one Pi is enough.

well, I use Pi 3B+, 1GB RAM

CPU overload will be 30%-40% after all services been started.

I also have:

  1. a default desktop (but I highly recommend you to install the lite system without a desktop)
  2. a DIY usb LCD to show system's overload & IP address.
  3. a 5V Fan controlled by a S8550 transistor & a simple code

to install all components on a single Pi, you need to do this:

1. use a bigger swap partition. the default partition of Pi 3 B+ is about 100M. we need more! modifying Pi's swap partition is different from other Debain Linux! do NOT use makeswap command, because it's useless. instead, you need to modify /etc/dphys-swapfile

change CONF_SWAPSIZE from 100 to 2000000

restart the service:

sudo /etc/init.d/dphys-swapfile restart

now we have 2GB Swap partition

2.modify setup.py comment line 82,83,85,86 in file SweetSecurity/setup.py

3.modify a pre-install lib Pi uses Debain linux. to install Bro on Pi, you need to modify line 24,26,38,40,45,47 in file SweetSecurity/install/packages.py

change libssl-dev to libssl1.0-dev

4. now run the setup.py

NOTICE:

critical-stack-intel in this project is still not working for me(2018-08-10). there's a server issue, you can see it here: https://groups.google.com/forum/#!topic/security-onion/axOCfBgjva4

so even I do this manually:

sudo -u critical-stack /usr/bin/critical-stack-intel --debug pull

it fails to update critical stack ip databse

when I run this:

sudo -u critical-stack /usr/bin/critical-stack-intel list

I find there's no feed been downloaded forever. no way no how.

so currently I suggest you guys use Alien Vault instead.

happy hacking

cloudstrifeedge avatar Aug 10 '18 04:08 cloudstrifeedge

I would like to add...that I do not think it is a good idea to install it all on one Pi. I found it was much better to do a separate install for the server/client. This was mainly because if something is wrong you can re-install the client without much difficulty.

In terms of capturing all the network traffic, you will actually have to do the port mirroring. which I don't think is clearly outlined. If you watch the presentation Travis made about the design though you will see it there.

Finally, I am new to GitHub, but you may want to do pull requests for some of the changes you mention in your tutorial.

rndrev avatar Aug 10 '18 05:08 rndrev

I think there are two ways to deploy your IDS device: one is to use a switch to do the port mirroring the other is to use your Pi as a sniffer

I use my Pi as a sniffer to collect packets through eth0 network card because I can't use a switch due to the layout of my home....

and why I use only one Pi to install this project? simply because I just want to save money......

of cause using two devices is a better choice. you can even use PCs or Servers if you want.

cloudstrifeedge avatar Aug 10 '18 06:08 cloudstrifeedge