EasyIDS: Intrusion Detection Made Easy

Looking for an easy way to set up and learn Intrusion Detection Systems? Look no further than EasyIDS.

EasyIDS is a complete IDS solution based on the CentOS Linux operating system. Snort can be difficult to set up, especially for those new to Linux. EasyIDS takes all the hard work out and gives you a complete monitoring system with a graphical user interface.

All you need is a machine with  384MB+ of RAM, an 8GB+ hard drive and 2 network cards. EasyIDS does the rest. Just pop the CD in (it formats the drive, make sure the drive you use has no important data on it), follow the prompts and that’s it. It installs Snort, Oinkmaster (updater for Snort), Basic Analysis and Security Engine (BASE), SnortNotify, and PMGraph.

I installed EasyIDS in a VMWare virtual machine. To do so, you need to add an extra virtual network card and use the “I will install my OS later” option. Because it wants a monitoring NIC and an administration NIC, I set one of the VMWare cards as DHCP and the other as bridged. This seemed to work well.

Though VMWare recognizes the disk as Easy Install capable, it does not install right using the auto-install. Just make sure you have the disk in the drive and power up the virtual machine after it is created, it will boot off the CD and do a full install.

Just a safety note, don’t leave the CD in the drive when you are done, especially if you have boot from CD enabled. I did and when one of my family members went to use the computer later, it auto-booted off the CD and wanted to format the drive.  Luckily they asked before hitting the “Enter” key to format.  🙂

Once the program is installed, final configuration and setup is completed through a web interface from another system. One Network card acts as the monitoring nic and connects to the traffic you want to monitor. The other card connects to your switch and is used as a control/ administration port.

Works good, and being a graphical interface, it is fairly easy to use. If you are interested in learning IDS systems, check it out!

~ by D. Dieterle on September 7, 2010.

3 Responses to “EasyIDS: Intrusion Detection Made Easy”

  1. Looks interesting. You should pair it up with the Live Hacking CD and share the results!

    • Yeah, it is a great idea. Showing attack and defense. I have been wanting to do some videos showing Backtrack, and some of the IDS stuff.

      I started a project for another website so I’m a little strained on time now. But, I’ll have more time too when the kids go back to school! 🙂

  2. Welcome! their work hours snort inline want to send mail alerts from snort.
    package that will suit your needs snortnotify find that you can not send my mail address: hoanglongvina@zing.vn thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: