Network Security Monitoring on Demand

Tools needed, or actually, tool needed~~~~Knoppis-NSM LiveCD

Once you’ve booted from the Knoppix-NSM LiveCD, you can immediately start monitoring using the following command sequences:

From a root console, if you didn’t assign a static IP at boot, execute pump -i eth0 to attain an address dynamically. For permanent installations, only a static IP is recommended.
From a root console (right click on the desktop) execute: /etc/init.d/mysql start to start the MySQL server
/etc/init.d/apache2 start to start the Web server
/etc/init.d/squild start to start the Squil server daemon sensor default start to start the Squil sensor
/etc/init.d/ntop.default start to start ntop if you wish to see traffic details. This step can cause performance issues from LiveCD, so use it with caution and stip it if need be.
From a non-root console execute: squilc with squil as username, and password as password.

At this point, you have a Squil analysis console at your disposal, as well as BASE and ntop from the Iceweasel browser bookmark toolbar.

SOURCE: Intelguardians

Linux, Network Security

Leave a Reply