Nsense IDS sensor: This branch is used for testing only
Runs well on Debian based linux distributions Requires the following to run:
- gcc
- make
- sqlite3
- libsqlite3-dev
- liblua-5.3
- libcurl-dev
Recommened stats for machine running:
- Recommended 8GB RAM, minimum of 4GB
- Fast CPU, as many cores as possible
- Preferably a fast network connection
- Large hard drive for logs if they are not outsourced
- Packet capturing using the raw sockets
- Basic rules for signature based attack identification
- Logging
You just need to run install.sh and make Please note that the database comes preconfigured and empty with the package. It is in the file "/vigil.db".
- Add monitoring for total amount of packets sent and recieved
- Add monitoring for some layer 3 protocols for IPv4
- Add the above for IPv6
- Add traffic size monitoring
- Add a background logging function[s]
- Come up with some configuration options
- Better plan monitoring of hosts on the intranet
- Set up hexadecimal printing of packet data
- Figure out basic rule set up
- Reimplement the rule parser
- Add support for more than one rule per rule file
- Add support for protocol matching in rules
- Set up logging
- Set up alerting
- Figure out the SNMP stuff
- Figure out email alerts
- Add everything from the ip_stats struct to the watchlist_member struct
- Figure out the brute force stuff
- Add arp cache and monitoring for it
- Add internal and external mode
- Add ports for rules
- Add networks for rules
- IPv6 shortener
- DNS Response
- SPI for RST
- SPI for UDP
- SNMP
- Testing with NAGIOS and Rsyslog
Conner Macolley - Writing most of the code
TheSecAtlas - Conceptual help and logo design