I read in Doug Burks’ tweet that his Security Onion LiveCD is now available for download. Being a serious Sguil fan, I can’t do anything but recommend you have a look at this new live distro.
You can download it from the following location:
http://distro.ibiblio.org/pub/linux/distributions/security-onion/
The following information is extracted from Doug’s Security Onion blog:
What is it?
The Security Onion LiveCD is a bootable CD that contains software used for installing, configuring, and testing Intrusion Detection Systems.
What software does it contain?
The Security Onion LiveCD is based on Xubuntu 9.04 and contains Snort 2.8.4.1, Snort 3.0.0b3 (Beta), sguil, idswakeup, nmap, metasploit, scapy, hping, fragroute, fragrouter, netcat, paketto, tcpreplay, and many other security tools.
What can it be used for?
-The Security Onion LiveCD can be used for Intrusion Detection. Simply boot the CD and double-click either the Snort-Sguil or SnortSP-Sguil desktop shortcuts. The Snort and Sguil daemons will then start, listening on eth0 for any suspicious traffic and creating alerts in the Sguil console.
-The Security Onion LiveCD can be used to test an Intrusion Detection System. Simply boot the CD and use the included tools (such as nmap, metasploit, idswakeup, scapy, hping, and others) to test your existing IDS or to test the included Snort 2.8.4.1 and Snort 3.0 Beta 3.
-The Security Onion LiveCD can be used to install an Intrusion Detection System. Simply boot the CD and double-click the Install desktop shortcut. For more information about installation, please see the README desktop shortcut.
I haven’t had a chance to download it yet, but I will definitely give it a try over the next few days. I’m very interested in trying out the IDS installation feature and see how it compares to other Sguil installation scripts like NSMnow. I’m currently working on the deployment of a good number of Sguil servers/sensors and NSMnow has reduced significantly the time needed to get them up and running. Hence, any new development on this topic is more than welcome.
I will keep posting my findings on this new exciting tool!
Thanks for pointing out this LiveCD. It sounds like it could also be useful for training purposes. I look forward to hearing what you think of the Security Onion distro after you have had a chance to use it.
– Dan