Yesterday I downloaded the latest CentOS dvd iso.. took like nearly all day thanks to our saturated 6/6 wireless connection. (Thanks you Facebook, and Fox Sports browsers!) Anyway finally got the image downloaded and installed and trying to install the centOs app provided by Metaflows and I continuously get an error:
I've tried searching for it.. to no avail. I then went through the process of verifying I had all the libs that this install routine would install.. installed. Libpcap, F77, gcc, etc. And everyone I searched for was installed and apparently up to date.
Pilfering through the setup.log the only negatives I see are:
So PF_RING is my issue.. specifically being able to cp some .ko files. I browsed and could not find them myself, so in usual fashion here I go to manually install PF_RING and see if that helps.
Found instructions Here, But ran into issues installing DKMS, which according to this page is needed. *sigh*
It was about this time when my download of the Bothunter virtual machine completed downloading. So with my 'OOO Shiney' attitude I stopped jacking with the first vm instance and opted instead to try this one. It booted successfully, a no gui having CentOS 6.5 os with all the requirements already installed save for the rules files. I chose option 4 for standalone sensor, community license and fille dout the remainder of the network specific info.
Initially I had trouble with the virtual nic (since I am running this in VirtualBox 4.3.12), I had chosen Bridged mode, the Broadcom nic my desktop uses and enabled Promiscuous mode. Something did not play well because my VM was not capturing any packets. I enabled a secondary Netgear nic I already had in the box and specified it under Bridged and now I'm collecting packets quite well.
It obviously needs to run for a while to collect enough info but at least lighttp is running and it says it's seeing traffic.
So we shall see.
Here's the BotHunter web interface
Short follow-up: I've decided to can BotHunter. It may be a great product but Ill be damned if I can't get it to work. The VM image will not convert to ESXi for nothing, and in VirtualBox w/o pass-through mode on the nic it can't capture enough packets to be worth it. i'm looking at Security Onion now running on Xubuntu.
ReplyDelete