Saturday, February 22, 2020

Setting Up Suricata on an Ethernet Network Bridge with Pi 4

Setup

There should be three eth devices listed for ip a.
For our setup, eth0 will be the "management" network, and not participating in the bridge. eth1 and eth2 will be merged into a single bridged interface.

Bridge the Networks

Install bridge-utils.
sudo apt install bridge-utils
Edit /etc/dhcpcd.conf
denyinterfaces eth1 eth2

Edit /etc/networking/interfaces
auto br0
iface br0 inet manual
    bridge_ports eth1 eth2

Restart

ip a show br0
6: br0: broadcast mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0a:cd:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global noprefixroute br0
       valid_lft forever preferred_lft forever
    ...

Install Suricata

sudo apt install suricata


configuring Suricata rules is left as an exercise to the reader. There are lots of options that might work here.







Sense Traffic Over the Bridge






sudo iptables -I FORWARD -i eth1 -o eth2 -j NFQUEUE
sudo iptables -I FORWARD -i eth2 -o eth1 -j NFQUEUE










Become a Bump in the Wire




sudo iptables -I INPUT -i eth1 -j DROP
sudo iptables -I INPUT -i eth2 -j DROP
sudo iptables -I OUTPUT -o eth1 -j DROP
sudo iptables -I OUTPUT -o eth2 -j DROP






Save iptables Rules


apt install iptables-persistent


sudo iptables-save | sudo tee /etc/iptables/rules.v4












Set Suricata to Queue Mode





Edit /lib/systemd/system/suricata.service;

Modify the ExecStart line so it matches the following:




ExecStart=/usr/bin/suricata -D -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid -q 0




Restart Suricata




sudo systemctl restart suricata.service








References:




















Posted by



at






































          

        

          

        

Thursday, January 16, 2020


          

        









Kindle 3 Notes










As a full-spectrum greyscale cap, color screens are anathema. They suck precious life away as trace stands helplessly by.





What is a trace to do?  Turn to a trusty Kindle!  The Kindle 3 is 10 years old, but it is still working like a champ. Mostly, it reads books. But the Kindle 3 has a keyboard! Some intrepid souls back ages ago discovered how to "jailbreak" it.








It goes without saying that anything with "break" in the name appeals to the darker side of this cap.







Along with this, the souls found it well to add busybox, dropbear, a shortcut launcher and even... for the love of all good things... a terminal that runs on the kindle's perfect, greyscale screen. Oh and there is support for Python 3.7!








With a charming interface for everyday reading and nice terminal, what more could we ask?







Well there are a few things, if it comes to it. 







SMS Support



Trace has a family, and the family likes to communicate -- so the first ask is some sort of SMS support. Everyone always say "use twillo". Well twillo was gotten, but twillo must run on the 3G modem. Perhaps the modem will be so kind as to dispatch some commands if we ask? But REALLY better would be integration with Google Hangouts. While we're at it, what about voice calls? Could the modem be replaced and integrated with the builtin speaker and microphone?







Calendar



Maybe even one that could be read from the kindle reader view.







Security



Now here is where we take a long detour. The Kindle 3 has several ports open that must be investigated. What are these things and how can we keep them safe?










Posted by



at






































        

      









Subscribe to:
Comments (Atom)