Skip to content

Latest commit

 

History

History
33 lines (22 loc) · 1.46 KB

DetectionLab.md

File metadata and controls

33 lines (22 loc) · 1.46 KB

Rough notes:

Install suricata https://suricata.readthedocs.io/en/latest/quickstart.html replace eth0 with your interface, i did around 3 places

sudo systemctl restart suricata sudo systemctl enable suricata

to test signature wget http://testmynids.org/uid/index.html

To work as gateway need to enable net.ipv4.ip_forward = 1 to forward all packets https://www.systutorials.com/setting-up-gateway-using-iptables-and-route-on-linux/

Configure Ubuntu Machine to capture traffic from other machine on the network

This guide is quiet good and give good overview of steps.

ens33 - WAN interface ens38 - LAN interface

  1. In order to have the forwarding rules persisting after a reboot, we need first to change /etc/sysctl.conf to allow IP forwarding. It’s just a mater of uncommenting this line: net.ipv4.ip_forward = 1

  2. Setup iptables, more info

  • sudo iptables --table nat --append POSTROUTING --out-interface ens33 -j MASQUERADE
  • sudo iptables --append FORWARD --in-interface ens38 -j ACCEPT
  • Save iptable using iptables-save
  • Persist iptable using any method mention here using iptables-persistent
  1. Configure bind Server on Linux gateway