4

There are some great "appliance" style distributions like pfSense and M0n0wall, that bundle powerful features of their respective operating systems with a nice web application for configuration. In my opinion, these distributions cover a majority the use cases, and make up for what they trade in flexibility for ease-of-use.

Is there a similar kind of "appliance" style distribution for Snort? I'm thinking along the lines of something with the Snort sensor, MySQL (or similar database backend), BASE and Pulled Pork configured with some sensible (although, probably not very useful defaults) and a nice web configuration utility for adding rules, viewing alerts, etc. Basically doing what PfSense does for OpenBSD/pf but only for Snort.

Has anyone come across something like this? Do you think it'd be worth putting together a project if there isn't already one?

2 Answers2

4

Check out Snorby. The "Insta-Snorby" download is the nicely packaged appliance.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
2

You should try the open-source, Linux distro - Security Onion. It's currently xubuntu-based but this will most likely change soon.

The blog is here - http://securityonion.blogspot.com/

and the installation wiki here - http://code.google.com/p/security-onion/wiki/Installation.

It comes with everything pre-package and installed so you can run Snorby, Squert ,Sguil etc incredibly easily. You'll be up and running in 10 minutes with the easy install wizard. The sensor and server can be run on the one system or across multiple systems. Updates are automatically scheduled daily with pulledpork also.

Mark Hillick
  • 280
  • 1
  • 7