Eaglex- Snort Made Easy

GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers

whiskah

Mar 11 2005, 01:03 AM

Eaglex is a preconfigured IDS with PHP/apache/mysql/snort/ids center
Similar to Demarc's PURESECURE though puresecure isn't free.
Just install this and you'll be runnning snort with GUI in a minute..
http://www.engagesecurity.com/products/eaglex/

QUOTE

Description: Eagle X is an IDS environment using free software.

Snort IDS (www.snort.org) and IDScenter are the core of this distribution.

Apache server (www.apache.org), PHP (www.php.net), MySQL (www.mysql.com) and ACID (www.cert.org/kb/acid)
are used to see latest alerts in a nice front-end, using http authentication.

Platform: Windows NT/2000/XP
Version: 2.1

Author: U. Kistler

Features:
Full working IDS with database backend and PHP data analyzer frontend
o Snort IDS - powerfull intrusion detection system
o Apache webserver HTTP server, running PHP
o MySQL database - stable database server for storing Snort logs
o IDScenter configuration and management software for Snort
IDScenter
o control Snort easily using the wizards, e-mail notification feature, etc.
o Online updates of Snort ruleset
HTTP authentication
o Protects the webserver from unauthenticated access
o Basic authentication or Message Digest-5 Hash authentication possible
Snort IDS
o Running in service mode
o Preconfigured using Eagle X configuration tool to adapt to your system environment
Easy installation

Requirements:

AMD Athlon, Intel Pentium III or better
no MySQL server installed, because it will be replaced

myth

Mar 11 2005, 11:42 AM

Can i also make a note, its still a b-i-t-c-h to get a perfect ruleset... If your wanting in on IDS, concentrate on the ruleset first.

The GUI is nice, but once its working, most work i found was straight to the mysql db... add phpmyadmin to the list of proggies when playing with IDS ... IMHO

Red Section

Mar 11 2005, 01:59 PM

QUOTE(Myth1368 @ Mar 11 2005, 12:42 PM)

I have to agree with Myth1368, all IDS nomatter if you pay for it or not live and die by thier rule base. I have worked with a few different IDS's and if you get ir wrong then you will be in IDS log HELL!!! But if you get it right you will know when ever a stray packet enters you LAN.

ntxploits

Apr 15 2005, 01:21 AM

anyone have complete manual / guide how to configure it (eagle x)...i search in the net but only found manual about idscenter...

ntxploits

Apr 15 2005, 09:54 AM

ah..finaly i did it..maybe this can help you guys who trying to do the same thing like i do...

http://www.engagesecurity.com/products/eaglex/

but some problem occured when i try to configure alert...

here is the alert.bat file

QUOTE

net send localhost "WARNING!!!"

here is the configuration of alert

user posted image

but this error occured

user posted image

forza

Apr 18 2005, 10:09 AM

Check the IDS Policy Manager
http://www.activeworx.org/index.htm

It' s free

myth

Apr 19 2005, 04:15 AM

go through your snort config and look for the Back Up Directory/DB location

verify the directory does exist (or doesnt in this case) and/or change create directory

ntxploits

Apr 27 2005, 02:56 AM

QUOTE(Myth1368 @ Apr 18 2005, 11:15 PM)

go through your snort config and look for the Back Up Directory/DB location

verify the directory does exist (or doesnt in this case) and/or change create directory

i check into snort.conf but did't find any Backup Directory / DB location...could you explain to me how to do that...

whiskah

Apr 27 2005, 06:29 PM

it's not in snort.conf

check your settings in IDSCENTER->WIZARDS->ONLINE UPDATE
especially on the options tab..the default backup is c:\TEMP change that 2 something else if u dnt have a temp folder in drive c or create that folder..

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.