Template:IDS Policy Manager Setup

From ImageStream Router Documentation

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
-
==Installation==
+
===Installation===
:*Download and install the IDS Policy Manager software from www.activeworx.org/programs/idspm
:*Download and install the IDS Policy Manager software from www.activeworx.org/programs/idspm
-
==Add a new policy==
+
===Add a new policy===
:*Double-click on ''Snort Policies'' in the left-hand tree view.
:*Double-click on ''Snort Policies'' in the left-hand tree view.
:*Right-click on ''Snort Policies'' and select ''Add Policy''.
:*Right-click on ''Snort Policies'' and select ''Add Policy''.
Line 10: Line 10:
:*Click ''OK''
:*Click ''OK''
-
==Edit the new policy to add ImageStream Variables==
+
===Edit the new policy to add ImageStream Variables===
:*Click on the new policy to expand the tree view.
:*Click on the new policy to expand the tree view.
:*Click on ''Variables''
:*Click on ''Variables''
Line 17: Line 17:
:*Other [[:Snort/Snort ImageStream Variables]]
:*Other [[:Snort/Snort ImageStream Variables]]
-
==Add a new sensor==
+
===Add a new sensor===
:*Double-click on ''Snort Sensors'' in the left-hand tree view.
:*Double-click on ''Snort Sensors'' in the left-hand tree view.
:*Right-click on ''Snort Sensors'' and select ''Add Sensor''.
:*Right-click on ''Snort Sensors'' and select ''Add Sensor''.
:*''Name'': Enter the router's name.
:*''Name'': Enter the router's name.
:*''Description'': Enter a description for the router.
:*''Description'': Enter a description for the router.
-
===Sensor Settings Tab===
+
====Sensor Settings Tab====
:*''Sensor Host'': Enter the router's hostname or IP address.
:*''Sensor Host'': Enter the router's hostname or IP address.
:*''Policy'': Select the policy you created earlier from the dropdown.
:*''Policy'': Select the policy you created earlier from the dropdown.
:*''Snort Version'': Select ''2.8''.
:*''Snort Version'': Select ''2.8''.
-
===Upload Settings Tab===
+
====Upload Settings Tab====
:*''Upload Protocol'': Select ''SFTP'' from the dropdown. Leave the default SSH port (22). Enable ''Use Compression''.
:*''Upload Protocol'': Select ''SFTP'' from the dropdown. Leave the default SSH port (22). Enable ''Use Compression''.
:*''Upload Directory'': Enter ''/usr/local/snort/etc''
:*''Upload Directory'': Enter ''/usr/local/snort/etc''
:*''Configuration File'': Leave default ''snort.conf''
:*''Configuration File'': Leave default ''snort.conf''
:*''Test Connectivity Command'': Leave default ''uname -a;id''
:*''Test Connectivity Command'': Leave default ''uname -a;id''
-
===Authentication Tab===
+
====Authentication Tab====
:*''Username'': Enter ''root''
:*''Username'': Enter ''root''
:*''Authentication Mode'': Leave default ''Password'' from the dropdown.
:*''Authentication Mode'': Leave default ''Password'' from the dropdown.
:*''Password Settings'': Enter and confirm the router's password for root.
:*''Password Settings'': Enter and confirm the router's password for root.
-
===Restart Settings Tab===
+
====Restart Settings Tab====
:*''Restart after Upload'': Enable
:*''Restart after Upload'': Enable
:*''Restart method'': Select ''Script via SSH'' from the dropdown.
:*''Restart method'': Select ''Script via SSH'' from the dropdown.

Revision as of 00:04, 12 May 2009

Contents

Installation

  • Download and install the IDS Policy Manager software from www.activeworx.org/programs/idspm

Add a new policy

  • Double-click on Snort Policies in the left-hand tree view.
  • Right-click on Snort Policies and select Add Policy.
  • Enter a name for the policy.
  • Select Snort Version Snort 2.7
  • Make sure the Initialize Policy checkbox is checked.
  • Click OK

Edit the new policy to add ImageStream Variables

  • Click on the new policy to expand the tree view.
  • Click on Variables
  • Right-click on the right-hand pane with the list of variables and select Add Item
  • Enter SNORT_IFACE for the Name and the interface name for the Value.
  • Other Snort/Snort ImageStream Variables

Add a new sensor

  • Double-click on Snort Sensors in the left-hand tree view.
  • Right-click on Snort Sensors and select Add Sensor.
  • Name: Enter the router's name.
  • Description: Enter a description for the router.

Sensor Settings Tab

  • Sensor Host: Enter the router's hostname or IP address.
  • Policy: Select the policy you created earlier from the dropdown.
  • Snort Version: Select 2.8.

Upload Settings Tab

  • Upload Protocol: Select SFTP from the dropdown. Leave the default SSH port (22). Enable Use Compression.
  • Upload Directory: Enter /usr/local/snort/etc
  • Configuration File: Leave default snort.conf
  • Test Connectivity Command: Leave default uname -a;id

Authentication Tab

  • Username: Enter root
  • Authentication Mode: Leave default Password from the dropdown.
  • Password Settings: Enter and confirm the router's password for root.

Restart Settings Tab

  • Restart after Upload: Enable
  • Restart method: Select Script via SSH from the dropdown.
  • Restart script: Enter Restart snort
  • Run Test Snort Before Restart: If the router has 512 MB of RAM or more you may enable this option.
  • Test Command: If Run Test Snort Before Restart is enabled, enter Checkconf snort
  • Test Fails if Output Contains: Enter Failure
Personal tools
Router software releases