IPS/IDS Software for FreeBSD

bryn1u

Well-Known Member

Thanks: 9
Messages: 336

#1
Hello guys,

I'm looking for some IPS/IDS software be able block packets or ip from bad guys. I'm using PF but it's not enough. I was trying Snort/Suricata but it's pain of ass to configure properly. There is a lack to find some solutions.

Thanks.
 

Lamia

Active Member

Thanks: 23
Messages: 162

#2
You actually need bruteforceblocker.

And you can still get snort running. The same goes for BRO.
Interestingly, you can install both Snort & BRO on the same machine, in addition to the bruteforceblocker. I bet it with you, they would do a fantastic job. Check NSM-hunter for BRO & Snort installation. There is a simple guide on the website.
 
OP
OP
B

bryn1u

Well-Known Member

Thanks: 9
Messages: 336

#3
You actually need bruteforceblocker.

And you can still get snort running. The same goes for BRO.
Interestingly, you can install both Snort & BRO on the same machine, in addition to the bruteforceblocker. I bet it with you, they would do a fantastic job. Check NSM-hunter for BRO & Snort installation. There is a simple guide on the website.
Ooo thank you ! I will check it !
 
OP
OP
B

bryn1u

Well-Known Member

Thanks: 9
Messages: 336

#5
You are welcome bryn1u.

For the thank you, may I ask that you give me a thumb up by clicking the thanks (thumb-up) button adjacent the reply?
Hey,

Could you tell me did you install Bro or Snort using this script ?
 

Lamia

Active Member

Thanks: 23
Messages: 162

#6
Could you tell me did you install Bro or Snort using this script ?
The script works, though it looks old. I have used it in the past for the installation of both Bro & Snort. They serve different purposes. One is an IDS and the other is an IPS.
 
OP
OP
B

bryn1u

Well-Known Member

Thanks: 9
Messages: 336

#7
The script works, though it looks old. I have used it in the past for the installation of both Bro & Snort. They serve different purposes. One is an IDS and the other is an IPS.
IM guessing Bro an IDS and Snort IPS. Could you tell me when you were using it, how snort block packages ? Does Snort use IPFW or PF ?
 

Lamia

Active Member

Thanks: 23
Messages: 162

#8
OP
OP
B

bryn1u

Well-Known Member

Thanks: 9
Messages: 336

#9
You should be right.

Snort uses snort rules, which will be downloaded during installation from https://www.snort.org/downloads#rules.

I can't remember making changes in the PF.conf for Snort to work. The script (NSM-hunter) must have catered for any need to change the PF.conf.
Im asking about that things because im using HardenedBSD-11 stable. I think it shouldn't be any diffrences between FreeBSD and HardendBSD, but when im trying install it im getting so many issues related to this script. :(
 

Lamia

Active Member

Thanks: 23
Messages: 162

#10
I think it shouldn't be any diffrences between FreeBSD and HardendBSD, but when im trying install it im getting so many issues related to this script.
HardendBSD would have a feature, in FreeBSD, called kern_securelevel set to something like "3" by default. That would prevent many packages from being installed. I reckon that is the problem you are encountering.
 

gkontos

Daemon

Thanks: 461
Messages: 2,114

#11
Hello guys,

I'm looking for some IPS/IDS software be able block packets or ip from bad guys. I'm using PF but it's not enough. I was trying Snort/Suricata but it's pain of ass to configure properly. There is a lack to find some solutions.

Thanks.
Keep in mind that a proper IPS will require a lot of resources. It really depends on what application you want to secure. Running an IPS just to block ssh brute force is an overkill. Just change your ssh port, use key authentication and or limit access to certain networks.

If you want to secure a web server you might want to have a look at www/mod_security3
 
Top