search

bammv / sguil

Sguil client for NSM
GNU General Public License v3.0
213 stars 74 forks source link

Installiation Guide #56

Open fatihusta opened 4 years ago

fatihusta commented 4 years ago

Hi, I want to install sguil on my system.(web client) Is this installation guide still right? https://github.com/bammv/sguil/blob/master/doc/INSTALL How can I install sguil step-by-step in my system? Thank you.

WingsLikeEagles commented 4 years ago

Have you tried following those instructions yet? If so, how was it?

fatihusta commented 4 years ago

Generally worked. Except OPENSSL certificate section. And you need understand how its work.

Dependencies - without TK(I used squert web app. Maybe you can use itself websocket based web client. sguil/server/html) tcl >= 8.5 tcllib >= 1.18 tcltls >= 1.6.7 tclx >= 8.4.0-23 tclcurl >= 7.22.0-2 tcl-mysqltcl >= 3.052-2 mysql >= 5.7.18 tcpflow >= 1.3.0 barnyard2 >= 1.9-29

For capme netsniff-ng >= 0.6.6 daemonlogger >=1.2.1

Working schema(I understand). http://asciiflow.com/

unified2.log.date +-------+  unified2 output to directory  +---------+
unified2.log.date |       +<-----------------------------+ |         | IDS
unified2.log.date |       |                                |         |
unified2.log.date +---^---+                                +---------+                            +------------------+     +----------------+
                      |                                                                           |                  |     |                |
                      |                                    +---------+                            |  Squert(Web APP) |  +  |  CAPME         |
                      +------------------------------------+         | Barnyard2                  |  PHP             |     |  Packet Anlys. |
                        Barnyard2 read unified2 files      |         |                            +--------+---------+     +----------------+
                        from directory by date.            +----+----+                                     |
                                                                | Port 7735                                |
                                                           +----v----+                                     |
                                                           |         | Sguild agent for barnyard           |
                                                     +-----+         |                                     |
                                                     |     +----+----+                                     |
                                   Agent Register    |          | Port 7736                                |
                                      Port 7734      |     +----v----+                                     |         +------------------+
                                                     +----->         | Sguild                              |         |                  |
                                         +----------------->         |                                     |         |   squil.tk       |
                                         |                 +----+----+                                     |         |   (Desktop APP)  |
                                         |                      |                                          |         +--------+---------+
                                         |                 +----v----+                                     |                  |
                                         |                 |         | Mysql                               |                  |
    +---------------+                    |                 |         |                                     |                  |
    |  ELSA ???     |                    |                 +----^----+                                     |                  |
    |               |                    |                      |              +-------------+             |                  |
    +---------------+                    |                      |              | CLI Script  |             |                  |
                                         |                      |              |             |             |                  |
                                         |                      +--------------+-------------+-------------+                  |
                                         |                                                                                    |
                                   +-----+-----------+                                                                        |
                                   |                 |                                                                        |
                                   |  Squil.tk Agent +------------------------------------------------------------------------+
                                   | SerVer(https)   |                                    ?
                                   +-----------------+