What Will I Learn?
In This Tutorial, We will learn the BRO Network Security Monitor Tool . First of All , We wanted to know What is BRO .
BRO : BRO is an Intrusion Detection System. It is a Powerful network analysis framework . It is Adaptable, Efficient, Flexible, Open Interfaces.It is compared to a Network Intrusion detection System(NIDS). It can be used for Collecting network measurements, conducting forensic investigations, traffic baselining and helping with trouble shooting .It provides Users with a domain specific , Turing complete Scripting language for expressing analysis task. BRO Network Security Monitoring Tool has developed by C++ language.
- In this Tutorial, We will learn the BRO Intrusion Detection System ( IDS )
- Also Learn the BRO IDS Command .
Requirements
There are some requirements for this tutorial , that's are given below :
- Kali Linux Operating System and Python 2.6 or greater (for BroControl)
- Libpcap (http://www.tcpdump.org) and OpenSSL libraries ( http://www.openssl.org )
- BIND8 library , Bash (for BroControl)
Difficulty
There is no difficulty in this tutorial. It is easy to learn .
- Basic
Tutorial Contents
In this Tutorial , We are discussing about the BRO Network Security Monitoring Tool. BRO has some features. Let's discuss about that features in given below :
Deployment :
(i) Runs on commodity hardware on standard UNIX-style systems (including Linux, FreeBSD, and Mac OS).
(ii) Real-time and offline analysis.
(iii) Cluster-support for large-scale deployments.
(iv) Open-source under a BSD license.
Analysis :
(i) Comprehensive logging of activity for offline analysis and forensics.
(ii) Support for many application-layer protocols (including DNS, FTP, HTTP, IRC, SMTP, SSH, SSL).
(iii) Comprehensive IPv6 support.
Scripting Language :
(i) Turing-complete language for expression arbitrary analysis tasks.
(ii) Event-based programming model.
(iii) Domain-specific data types such as IP addresses (transparently handling both IPv4 and IPv6), port numbers, and timers.
Interfacing :
(i) Real-time integration of external input into analyses. Live database input in preparation.
(ii) Ability to trigger external processes from within the scripting language.
Reference Link : https://www.bro.org/index.html
BRO Download Link : https://www.bro.org/download/index.html
Let's see the BRO network security monitoring tool Command :
BRO Network security monitoring Tool download from Source with Kali Linux Command :
git clone --recursive git://git.bro.org/bro
Here , We will see the Configuration and Installation Process Command :
./configure
make
make install
There are some requirements for Installation dependencies-
DEB/Debian-based Linux:
sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev
Configure the run time Environment : Let's see a command for configuring the run time environment-
export PATH=/usr/local/bro/bin:$PATH
Now, We will discuss the BRO Control Command :
We can write the BRO Control command like -
broctl
Let's see the BRO Control Intallatin Configuration Command :
[BroControl] > install
Start Up a BRO -
[BroControl] > start
We can want to leave the running script in that given commands -
[BroControl] > stop
We can also check the Traffic Analysis with BRO -
$ bro –r sample1.pcap local
Custom Scripts Of BRO : Let's see a Custom Scripts of BRO command in Kali Linux-
/opt/bro/share/bro/site/local.bro
Also You can add Custom Scripts and referencing the custom scripts that's are given :
/opt/bro/share/bro/policy/
If We want , We can create a new directory under the new Custom Scripts BRO Policy-
sudo mkdir /opt/bro/share/bro/policy/custom-scripts
Add Your Custom Scripts to the directory -
__load__.bro
then See the Modify Scripts in the directory -
@load ./script1.bro
@load ./script2.bro
We can easily restart the BRO with given command:
sudo nsm_sensor_ps-restart --only-bro
Monitoring Live Traffic : In this tutorial , we also see the Live traffic of the network monitoring traffic along with the given commands :
bro -i en0 <list of scripts to load>
packet Capture Files : we can see the capture files from an interface and we can write a file like this -
sudo tcpdump -i en0 -s 0 -w mypackets.trace
After Capturing the traffic, We can write this command -
bro -r mypackets.trace
Local Sit Customization : To Use this Site Specific we can easily use local.bro . Let's see the command -
bro -i en0 local
Running BRO WithOut Installing : Here , We discuss about the BRO IDS Running WithOut Installing . Sometimes we see the developer running the BRO from the directory-
./configure
make
source build/bro-path-dev.sh
bro <options>
Posted on Utopian.io - Rewarding Open Source Contributors
Source: https://www.bro.org/sphinx/intro/index.html
Not indicating that the content you copy/paste is not your original work could be seen as plagiarism.
Some tips to share content and add value:
Repeated plagiarized posts are considered spam. Spam is discouraged by the community, and may result in action from the cheetah bot.
Creative Commons: If you are posting content under a Creative Commons license, please attribute and link according to the specific license. If you are posting content under CC0 or Public Domain please consider noting that at the end of your post.
If you are actually the original author, please do reply to let us know!
Thank You!
Congratulations @mcplexer! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Your contribution cannot be approved because it does not follow the Utopian Rules, and is considered as plagiarism. Plagiarism is not allowed on Utopian, and posts that engage in plagiarism will be flagged and hidden forever.
Everything in your tutorial is either taken from here, here or here.
You can contact us on Discord.
[utopian-moderator]
Your contribution cannot be approved because it does not follow the Utopian Rules.
Utopian rule
You can contact us on Discord.
[utopian-moderator]
This is a free service for new steemit users, to support them and motivate them to continue generating valuable content for the community.
<3 This is a heart, or an ice cream, you choose.Hello @mcplexer, upv0t3
:)
R4ND0M:
5663 5224 6657 7816
9885 1210 5570 2804
4513 5782 8774 2876
7047 1245 8147 2124
Congratulations @mcplexer! You received a personal award!
Click here to view your Board