Saturday, January 21, 2012

Security Onion

Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring).  It's based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, argus, Xplico, tcpreplay, scapy, hping, and many other security tools.  The main web site for the project is http://securityonion.blogspot.com/.

The screen captures below were taken from installing the distribution within a VMware Workstation environment.  After the initial installation has completed, access a terminal window and execute the following command as root to update the OS:

apt-get update; apt-get dist-upgrade

securityonion_1

This process may take some time to download.  Once completed, the components of the Security Onion will need to be updated.  On the web site, a link is present concerning updates.

securityonion_2

The page should have a command that you can copy and paste into a terminal window.

securityonion_3

securityonion_4

securityonion_5

Once all components are updated, a icon should be present on the desktop called Setup.  This should launch a configuration wizard.

securityonion_6

securityonion_7

An advanced or quick setup option should be available.

securityonion_8

Below are some of the screens of the setup wizard.

securityonion_9

securityonion_10

securityonion_11

securityonion_12

securityonion_13

securityonion_14

securityonion_15

A summary screen should eventually appear.

securityonion_16

securityonion_17

Back on the desktop, access the Snorby icon.

securityonion_18

Log into the web interface of the application.

securityonion_19

To view alerts, click on the Events menu option.

securityonion_20

In reviewing the details of an alert, a button is available to display the rule that generated the entry.

securityonion_21

securityonion_22

More options are available via the main menu.

securityonion_23

The /etc/snort/snort.conf file may need to be modified to include the IP range on the network in question.

securityonion_24

The FAQ section on the web site includes more configuration hints.

securityonion_25

Saturday, January 14, 2012

Shotty

Shotty is a screen capture utility for Windows that includes an integrated image editor.  During the installation process, a portable option is available.

shotty

http://shotty.devs-on.net/

Thursday, January 12, 2012

vCenter Database Pre-Upgrade Checker

The vCenter Database Pre-Upgrade Checker is a utility to use on your current vCenter Server database to reveal problems that could prevent the upgrade or affect the performance of your database after the upgrade.  A KB article with details on the tool can be found at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2004286.

DBPreUpgradeChecker.zip

Saturday, January 7, 2012

Observium

Observium is an auto discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more.  Observium is not intended to replace an up/down alerting system, but rather to complement it with an easy to manage, intuitive representation of historical and current performance statistics, configuration, visualization, and syslog capture.

www.observium.org

Monday, January 2, 2012

ISO to USB

ISO to USB is a free and small software that can burn the ISO image file directly to the USB drives, these USB drives include USB flash drives, memory sticks and other USB storage devices, it also supports to create a bootable USB disk with Windows operating systems.

http://www.isotousb.com/

Sunday, January 1, 2012

smtp4dev

Windows 7/Vista/XP/2003/2010 compatible dummy SMTP server. Sits in the system tray and does not deliver the received messages. The received messages can be quickly viewed, saved and the source/structure inspected. Useful for testing/debugging software that generates email.

http://smtp4dev.codeplex.com/