Networks and computers that are opened to the public facing hacker attacks from all over the world every day. Once we are compromised, we would be one of the cyber crime victims. Our tasty Croissants is a high performance and ultra-low latency Intrusion Detection and Prevention System (IDPS). Unlike well known and famous brands for large business enterprises in the market, Croissants is available free of charge that everyone can afford. It is ideal for home, Small Office Home Office (SOHO) and Small Medium Business (SMB).
Not a Network Security Monitoring (NSM) or Information Security (InfoSec) expert? No problem! Our Croissants really is the "Plug, Play and Forget" system of your dreams. Don't be the next cyber crime victims, try Croissants now!
Croissants is designed by a hacker to defend against hackers. He knows what hackers are doing and thinking, regardless of whether they are ethical or malicious.
- Blocks known malicious activities
- Blocks known malware and virus
- Easy and straight forward web interfaces
- Compatible with Bittorrent and 4K video streaming
- Ultra-low latency for demanding online games
- Compatible with Microsoft Windows, GNU Linux, Apple macOS, Apple iOS and Google Android
- No subscription fee
- Automatically update and upgrade
- Plug, Play and Forget!
每当电脑或网络连接互联网时,我们的电脑或网络就有机会被恶意黑客的攻击。为免成为下一个网络罪行的受害者,我们美味的牛角面包可以助你免于被袭击。不像其他知名的商业品牌,她是完全免费,每个人都能够负担的入侵防御系统。
我们的牛角面包是随插即用,用户的参与性极少,适合一般大众使用。
牛角面包是由黑客设计来对付黑客的有效工具,不论其为道德黑客抑或是恶意黑客。
- 有效阻挡已知的恶意行为
- 有效阻挡已知的恶意程式
- 简单直接的用户介面
- 极低的延迟性能有效地播放 4K 多媒体和玩要求速度的网络游戏
- 兼容微软视窗、苹果电脑、Linux 等系统
- 开源项目,完全免费
- 自动更新
- 随插即用,并且可以忘记之
Croissants is an Open Source Project which is released under GPLv3 License and it is developed by Samiux.
Please keep in mind that Croissants is available FREE OF CHARGE.
Croissants is designed and developed by Samiux since 2012.
- Multi-Core Intel / AMD x86 CPU (e.g. AMD Ryzen R7-4800U for home usage)
- 16GB DDR4 RAM or more (Croissants use at least 6GB RAM)
- 256GB hard drive or more (SSD for better performance)
- 3 Network Interface Cards/Ports (Network Based only)
- 1 Network Interface Card/Port (Host Based only)
- CPU with AVX2 or better (at least SSSE3)
- More cores and faster CPU the better performance
- Ubuntu Server 20.04.3 LTS (64-bit) (support until April 2025)
- netplan as default
- Support WIFI (for Monitoring Interface only) (Intel AX200 for WPA3 is not recommended as it is unstable unless the kernel is 5.11.0-36 or later)
- Suricata 6.0.3
- Hyperscan 5.2.1 (Ubuntu 20.04)
- netdata
sudo -sH
cd /root
sudo apt install git net-tools
git clone https://github.com/samiux/idps
cd idps
If your monitoring network interface is a WIFI device, you need to copy /root/idps/wifi
directory to /root
. When your monitoring network interface is a Ethernet device, you need to copy /root/idps/lan
directory to /root
.
cp wifi/* /root
or
cp lan/* /root
cd /root/idps
cp -R lua/ /root
cp -R rules/ /root
cp * /root
cd /root
nano nsm.conf
chmod +x nsm_install
sudo ./nsm_install
Make sure you edit nsm.conf
before running nsm_install
The definition of nsm.conf is here.
sudo -sH
cd /root
sudo apt install git net-tools
git clone https://github.com/samiux/idps-host
cd idps-host
cp * /root
cd /root
nano nsm.conf
chmod +x nsm_install
sudo ./nsm_install
Make sure you edit nsm.conf
before running nsm_install
The definition of nsm.conf is here.
You are required to update the rules. However, you should wait until the Suricata is starting up completely. You may wait for about 15 minutes for the start up. Or see <Notice> - rule reload complete
at the end of the following command.
sudo tail -f /var/log/suricata/suricata.log
Then run :
sudo nsm_rules_update
WARNING : Make sure port 19999 is not opened to the public.
Text mode monitoring tool for the performance of Croissants.
glances
Graphic mode monitoring tool for the performance of Croissants.
Network based only
sudo sed -i 's/127\.0\.0\.1/0\.0\.0\.0/' /etc/netdata/netdata.conf
sudo systemctl restart netdata
Network based
http://[monitoring_ip]:19999
e.g. http://192.168.20.180:19999
Host based
http://127.0.0.1:19999
Since netdata is now on the cloud and the performance of it is dropped a lot for some countries. If you encounter the performance problem, you may consider to disable it.
sudo systemctl disable netdata
sudo systemctl stop netdata
sudo tail -f /var/log/suricata/stats.log | grep drop
Press CTRL+c
to exit.
sudo tail -f /var/log/suricata/fast.log
Press CTRL+c
to exit.
If you want to disable some rules as they are false positive, you can edit the "disable.conf" of suricata-update.
sudo nano /etc/suricata/disable.conf
If you want to drop some traffic, you can edit the "drop.conf" of suricata-update.
sudo nano /etc/suricata/drop.conf
If you want to modify some rules, you can edit the "modify.conf" of suricata-update.
sudo nano /etc/suricata/modify.conf
After updated the configuration files, you should run the following command to make the changes effective.
sudo nsm_rules_update
sudo update_ubuntu
Whenever you changed the nsm.conf file, you need to run the following command in order to make it effective.
sudo nano /etc/croissants/conf.d/nsm.conf
sudo /etc/croissants/conf.d/auto_config
Nathan Paquin - Unix System Expert and InfoSec guy (IRC nick : sys)
Omnish - Gamer with InfoSec in mind (IRC nick : omnish)
Alpharyon - Ultra speed internet user with InfoSec in mind
If you cannot access internet when you are behind the Croissants, Suricata may be down unexpectedly. You can check if it is running or not by the following command :
sudo ps aux | grep suricata
If it is not running, you can issue the following command to start it :
sudo systemctl restart suricata
You can check the suricata.log at /var/log/suricata/suricata.log
. Please allow about 15 minutes for Suricata fully starting.
One is for incoming traffic (from modem or ISP) and the other is for outgoing traffic (to router or switch). The third one is connected to the switch for management purpose. It is also used for updating the rules and system.
The monitoring network interface is good for installation. Incoming and outgoing network interfaces may cause problem during the installation.
ls /sys/class/net
The following is the recommended connection method of Croissants. However, you can connect it behind router too.
Network Based
Internet --- Modem (if any) --- Croissants --- Wifi Router --- Switch --- PCs
| |
+-----------------------------+
5G Modem --- Croissants --- Wifi Router --- Switch --- PCs
| |
+-----------------------------+
Do not use the wifi that comes with 5G modem as the traffic flow does not protected by Croissants.
The DNS entries at 5G Modem and Wifi Router should be identical; otherwise, the speed of internet browsing would be delayed a little bit.
Host Based
Internet --- Croissants (with application on it)
Nil
Minisforum Elitemini HM80 is a Mini PC that ideal for home based or SOHO based Intrusion Detection and Prevention System (IDPS). An external USB Ethernet dongle is required for the management purpose. It comes with AMD Ryzen R7-4800U (8-core with 16 threading) CPU and the memory can be up to 64GB.
When installing Linux with USB dongle, you are required to use Front Panel USB ports instead of Rear ones. You may need to add "iommu=soft" to the Grub in order to use the Rear Panel USB ports for the later.