RaspberryPi 3 NSM based on Bro. Suitable for a home 'blackbox' deployment.
- Raspberry Pi 3 or ARM based system.
- Raspbian Lite
- Switch with port mirroring capability, e.g:
- Critical Stack Account
- optional: Mailgun Account
- optional: WD PiDrive Foundation Edition
- critical stack:
- get a critical stack account
- set up a collection and a sensor
- add feeds to your collection
- note down sensor API key
- not down parameters for email server
- download Raspian Lite and put onto micro SD card
- create empty file
ssh
on boot file system of SD card - connect LAN cable to Pi (make sure DHCP works)
- optionally: connect WD PiDrive to Pi
- boot Pi, ssh into devivce
- change password for user pi (
passwd
) - sudo to root (
sudo su -
) and useraspi-config
to- set up WLAN (Network Options)
- expand filesystem (Advanced Options)
- exit, don't reboot yet
- check if you can ssh into Pi using the WLAN IP of the Pi
- optionally: prepare PiDrice (see Hints below)
- reboot (
reboot
) - detach LAN cable
- ssh into Pi using WLAN IP
- update base OS:
sudo su -
apt-get update
apt-get -y -u dist-upgrade
- install git:
apt-get -y install git
- change into root's home directory:
cd
- clone repository:
git clone https://github.com/sneakymonk3y/foxhound-nsm.git
(as long as the pull request hasn't been accepted by the maintainer pls use my repo:git clone https://github.com/gebhard73/foxhound-nsm.git
- prepare installation:
cd foxhound-nsm
chmod +x foxhound.sh
- optionally: copy unattended-sample.txt to unattended.txt and adopt to your needs
- begin installation:
./foxhound.sh
- shuwdon device:
shutdown -h now
- configure switch (set up port mirroring)
- plug switch into your home LAN on a suitable spot
- connect switch mirror port with Pi
- power up Pi and see if it works as expected (see e.g. Further Reading below)
- the script isn't meant to be run multiple times on one installation (yet), so to get reliable results you should use a fresh OS SD card (and erase
/nsm
if using PiDrive) when re-running the script - use cheap micro SD card for OS, e.g. 8 GB ones (get multiple and have one ready with current Raspbian distro)
- use separate file systeem for
/nsm
, e.g. Western Digital PiDrive Foundation Edition- delete existing partitions
- create primary partition and label it, e.g.
NSM
- format with ext4, e.g.
mkfs.ext4 /dev/sda1
- mount into
/nsm
, e.g. addLABEL=NSM /nsm ext4 defaults 0 0
to/etc/fstab
andmkdir /nsm && mount /nsm
- adopt script so it can be run multiple times in a row without creating strange side effects
- add logging and error handling to script