Looking for an easy way to set up and learn Intrusion Detection Systems? Look no further than EasyIDS.
EasyIDS is a complete IDS solution based on the CentOS Linux operating system. Snort can be difficult to set up, especially for those new to Linux. EasyIDS takes all the hard work out and gives you a complete monitoring system with a graphical user interface.
All you need is a machine with 384MB+ of RAM, an 8GB+ hard drive and 2 network cards. EasyIDS does the rest. Just pop the CD in (it formats the drive, make sure the drive you use has no important data on it), follow the prompts and that’s it. It installs Snort, Oinkmaster (updater for Snort), Basic Analysis and Security Engine (BASE), SnortNotify, and PMGraph.
I installed EasyIDS in a VMWare virtual machine. To do so, you need to add an extra virtual network card and use the “I will install my OS later” option. Because it wants a monitoring NIC and an administration NIC, I set one of the VMWare cards as DHCP and the other as bridged. This seemed to work well.
Though VMWare recognizes the disk as Easy Install capable, it does not install right using the auto-install. Just make sure you have the disk in the drive and power up the virtual machine after it is created, it will boot off the CD and do a full install.
Just a safety note, don’t leave the CD in the drive when you are done, especially if you have boot from CD enabled. I did and when one of my family members went to use the computer later, it auto-booted off the CD and wanted to format the drive. Luckily they asked before hitting the “Enter” key to format. 🙂
Once the program is installed, final configuration and setup is completed through a web interface from another system. One Network card acts as the monitoring nic and connects to the traffic you want to monitor. The other card connects to your switch and is used as a control/ administration port.
Works good, and being a graphical interface, it is fairly easy to use. If you are interested in learning IDS systems, check it out!