SweetSecurity - Network Security Monitoring on Raspberry Pi Type Devices
Scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.
sudo python setup.py
Follow prompts to enter appropriate information for chosen installation type
- Full Install: This will install Bro IDS, Critical Stack (optional), Logstash, Elasticsearch, Kibana, Apache, and Sweet Security Client/Server. Choose this option ONLY if you have 2GB of memory or more.
- Sensor Only: This will install Bro IDS, Critical Stack (optional), Logstash, and Sweet Security Client
- Web Server Only: This will install Elasticsearch, Kibana, Apache, and Sweet Security Server
- Modularized Installation - Choose to deploy all the tools on one device, or split among multiple for better performance.
- Full Install - Deploy Bro IDS, Critical Stack, Elasticsearch, Logstash, Kibana, Apache, and Sweet Security
- Sensor Install - Deploy Bro IDS, Critical Stack, Logstash, and Sweet Security
- Web Admin Install - Deploy Elasticsearch, Kibana, and Apache
- ARP Spoofing - Full code to monitor all network traffic out of the box without network changes.
- Complete Bro Log Support - All Bro log files are now normalized by Logstash
- Kibana Content - Searches, Visualizations, and Dashboards are now included
- Architecture Support - Now supports installing on non ARM architectures
- Custom NMAP Pre-Fix - updated NMAP pre-fixes based on the IEEE OUI list
- Web Administration - apache/flask based web administration to manage known devices and system health
Most of the dependencies will be installed during installation. However you will need to make sure these are followed before trying to install the code.
Supported Operating Systems
- Raspbian Jessie
- Debian Jessie
- Ubuntu 16.04
- RaspberryPi 3
- ARM, x86, or x86_64 CPU
- 2GB RAM
- 8GB Disk Storage
- 100 MB NIC (Recommended 1GB) Note: 2GB of storage is required while the Raspberry Pi 3 only has 1GB. The code can be split to run on two devices, such as two Raspberry Pi's or a Raspberry Pi and AWS.
- Optimized Logstash Config
- Updated Bro IDS to 2.5.1
- Updated Logstash to version 5.5.1
- Updated Elasticsearch to version 5.5.1
- Update kibana to version 5.5.1