Table of Contents
PLEASE NOTE: spike is not yet released, its pre-beta and will be available via sourceforge around nov 23 ... we still have to update the docs, otherwise it would be unuseable, except for people who want to analyze the sources
Intro
Spike is a set of shellscripts that lets you maintain snort-sensor-setups from one machine, keeping one or different rulesets, installation-procedures, oink-update-setups etc under your pillow, right from your local machine. This has been tested heavily on Linux and works with Debian/SuSE/RedHat-based Sensors, while operating from a Debian-Stable workstation.
Spike uses ssh, rsync and some selfmade scripts (check spike_data/). you can invoke all executable scripts with $script_name -h to get a simple help and reminder of usefull options.
The main usage is to automatically deploy new or via oinkmaster updated rulesets to snort-sensors, while always heavily testing via snort -T -c $snort.conf bevore any rulesets or config gets updated. This *might* be done via cronjob, but rather should be done manually on a daily or weekly basis.
Spike is part of DOGTOOLS (since it has no logo yet 
)
Features
- different sensor_setups (installations, rules_setup) configurable via .conf - files
- half_automated sensor_installation via scripts
- heavily testing of snort_rules bevore any deployment takes place
- oink-update of emerging threats/snort-vrt rulesets andf some other usefull .rules (see …)
- snort installation from sourcecode via script
- This script has SpaceDog-Power!
Download
spike is available from sourceforge:
- spike-0.6
Readme
Spike (Snort Update Console) Manual
-----------------------------------
dogtown <dogtown@mare-system.de>
VERSION :: 0.6.x 4 November 2009
-------------------------------------------------------------------------------
Zusammenfassung
---------------
Spike is a Snort Update Console and may be used to maintain different
Snort-Setups or one Setup on different Sensors. This Manual descibes
Installation and Usage. Feel free to send suggestions, bugreports etc
to dogtown@maasdev.de
Copyright-Hinweis
-----------------
(c) 2007-2009 MARE system
This document may used under the terms of the GNU General Public
License (http://www.gnu.org/copyleft/gpl.html)
-------------------------------------------------------------------------------
Inhalt
------
1. Overview and Features
1.1. What Spike is
1.2. What Spike NOT is
1.3. Features
2. Installation, Setup and Requirements
2.1. Spike - Download and Setup
2.2. Setting up the needed Rulesets
2.3. Requirements for running with Spike
3. Usage-Suggestions
3.1. One Setup - one or different Sensors
3.2. Different Setup - Different Sensors
3.3. Different Setups - One Sensor
4. Links 'n' Stuff
4.1. Snort-related links and Information
4.2. License
4.3. Todo / Roadmap
-------------------------------------------------------------------------------
1. Overview and Features
------------------------
1.1. What Spike is
------------------
Spike is a set of shellscripts that lets you maintain
snort-sensor-setups from one machine, keeping one or different
rulesets, installation-procedures, oink-update-setups etc under your
pillow, right from your local machine. This has been tested heavily
on Linux and works with Debian/SuSE/RedHat-based Sensors, while
operating from a Debian-Stable workstation.
Spike uses ssh, rsync and some selfmade scripts (check spike_data/).
you can invoke all executable scripts with $script_name -h to get a
simple help and reminder of usefull options.
The main usage is to automatically deploy new or via oinkmaster
updated rulesets to snort-sensors, while always heavily testing via
snort -T -c $snort.conf bevore any rulesets or config gets updated.
This *might* be done via cronjob, but rather should be done manually
on a daily or weekly basis.
1.2. What Spike NOT is
----------------------
Spike is not for usage with snort-generated statistics or to write
rules.
1.3. Features
-------------
* different sensor_setups (installations, rules_setup) configurable
via .conf - files
* half_automated sensor_installation via scripts
* heavily testing of snort_rules bevore any deployment takes place
* oink-update of emerging threats/snort-vrt rulesets andf some
other usefull .rules (see ...)
* snort installation from sourcecode via script
* This script has SpaceDog-Power!
-------------------------------------------------------------------------------
2. Installation, Setup and Requirements
---------------------------------------
2.1. Spike - Download and Setup
-------------------------------
2.2. Setting up the needed Rulesets
-----------------------------------
2.3. Requirements for running with Spike
----------------------------------------
-------------------------------------------------------------------------------
3. Usage-Suggestions
--------------------
3.1. One Setup - one or different Sensors
-----------------------------------------
3.2. Different Setup - Different Sensors
----------------------------------------
3.3. Different Setups - One Sensor
----------------------------------
-------------------------------------------------------------------------------
4. Links 'n' Stuff
------------------
4.1. Snort-related links and Information
----------------------------------------
4.2. License
------------
Spike is released under GNU General Public License v2.
4.3. Todo / Roadmap
-------------------
Todo for stable 1.0:
* check_snort.sh usable with different snort_versions (from conf)
* testing @ bsd / solaris as workstations and sensors
* ...
-------------------------------------------------------------------------------
Spike (Snort Update Console) Manual
dogtown <dogtown@maasdev.de>
VERSION :: 0.6.x 4 November 2009