Sunday, September 08, 2013

HOWTO : 30 minutes to deploy a distributed IDS with SmoothSec 3.4

Distributed IDS is one of the features of SmoothSec 3.4. It allows you to monitor more than one sensor with one web interface (Snorby). Furthermore, the distributed IDS can be deployed by virtual machine, such as VMWare, VirtualBox and Parallels.

The basic virtual machines (console and sensor) requirement is 1 CPU, 1GB RAM and 8GB+ virtual storage.

You can install up to 2 IDS engines, Snort and Suricata in one box or either one of them.

Hints for installation

When installing sensor, you will be asked for ssh passphrase, you just press "Enter" and leave it empty. The path of the ssh key pairs should be default (nothing to change).

That's all! See you.