g3tsyst3m / briarids Goto Github PK
View Code? Open in Web Editor NEWAn All-In-One home intrusion detection system (IDS) solution for the Raspberry PI.
License: MIT License
An All-In-One home intrusion detection system (IDS) solution for the Raspberry PI.
License: MIT License
Work towards a more automated URL retrieval method instead of using hard-coded URLs for source tarballs. That way every resource that is downloaded remains current and the likelihood for broken links is low.
No really an issue, but thought to ask here; Will BriarIDS setup work if I replace a tomato-supported router with an OpenWRT one?
From what I see all you'd need is IPTABLES, and as far as I know OpenWRT supports it as well.
Thanks!
After clicking the "Install Bro-2.5 and Intel Feed Agent" button, it leaves me with a prompt saying
Almost done. What you will want to do now is to add some feeds. Since the raspberry pi is limited in its processing power, signing up for too many feeds will overload the unit.
I would suggest signing up for just a few feeds initially, such as 'Phish Tank Intel Feed' and 'Known Tor exit nodes'.
Once you have added your feeds to your sensor, go ahead and pull that info into Bro by issuing the following command:
sudo -u critical-stack critical-stack-intel pull
Now, you will want to perform three final changes. Go to /opt/nsm/bro/etc
edit Networks.cfg and be sure to add something similar to the following:
10.0.0.0/8 Private IP space
192.168.0.0/16 Private IP space
pubicipgoeshere/32 Public WAN IP space
Now, edit nodes.cfg and add in your interface, either eth0 or eth1, etc
finally, start bro. go to /nsm/opt/bro/bin/ as ROOT and do: ./broctl
type in 'deploy' which should auto start the application. Log files will be in /nsm/opt/bro/logs/current for active scans and folder archives for completed scans.
That's it. Congrats!
However, /opt/nsm/bro is empty. There are 3 files in /root/bro-2.5.tar.gz.[123], but I couldn't find hide nor hair of bro elsewhere on the system.
While doing this install I needed to SSH as root and as such the hardcoded path in checkXauth.sh failed
ls /home/pi/.Xauthority > /dev/null
if [ "$?" == "0" ]; then
sudo cp /home/pi/.Xauthority /root/
I'd suggest doing something like
ls $HOME/.Xauthority > /dev/null
if [ "$?" == "0" ]; then
sudo cp $HOME/pi/.Xauthority /root/`
instead so as many users may not do this as the default "pi" account.
Additionally, as I did this as root the "cp" was redundant so you may want to add a check for whether the user is root and if so, skip the "cp".
Trying to understand how to use BriarIDS to inspect 802.11 frames. I have nexmon (https://github.com/seemoo-lab/nexmon) running on my Raspberry Pi 3 Model B and am installing BriarIDS. Will I be able to use the wifi card in monitor mode and pipe 802.11 frames into BriarIDS for easy inspection, or should I be using wireshark instead?
Second, does BriarIDS / Suricata support reading radiotap frames?
Thank you!
Hi there!
First of all, this is awesome. I have been looking for something like this for a long time and working on getting it setup as I type. I do have a question but I just may have missed it and if so my apologies. Is there a way to run this w/o a GUI or is the only way to install everything is with the PyQT app?
menu break when opened directly from desktop (over ssh working fine)
here is the error :
pi@raspberrypi:~/BriarIDS $ sudo python BriarIDS.py loading main menu... X Error: BadAccess (attempt to access private resource denied) 10 Extension: 129 (MIT-SHM) Minor opcode: 1 (X_ShmAttach) Resource id: 0x2c00001 X Error: BadShmSeg (invalid shared segment parameter) 128 Extension: 129 (MIT-SHM) Minor opcode: 5 (X_ShmCreatePixmap) Resource id: 0x2c0000d X Error: BadDrawable (invalid Pixmap or Window parameter) 9 Major opcode: 62 (X_CopyArea) Resource id: 0x2c0000e X Error: BadDrawable (invalid Pixmap or Window parameter) 9 Major opcode: 62 (X_CopyArea) Resource id: 0x2c0000e X Error: BadDrawable (invalid Pixmap or Window parameter) 9 .....
After downloading the code and running the setup.py install command I get the following error:
~/Desktop/BriarIDS $ briar
QXcbConnection: Could not connect to display
Aborted
Any thoughts?
Hi !
I search a simple way to convert a Pi to IDS for home network. Your project seems cool ! But is it still alive/updated ? It's not a reproach, i just want to install a maintained IDS, thanks for your project anyway !
Could this be configured to be running using switch port mirroring on a switch or in-line with multiple interfaces
From https://github.com/musicmancorley/BriarIDS/wiki/Installation
Shouldn't you SSH in to the PI first and then clone the repo second? Otherwise you're just cloning it to your local machine and then expecting it to also show up on the PI when you execute step 3.
bro install fails on the latest raspian distribution with all patches.
To get arround the compile problems you have to manually install the libssl1.0-dev package before starting the install process
I will correct this soon. thanks
-Robbie
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.