Skip to content

Running SIREN

Jump to bottom
blaverick62 edited this page May 2, 2017 · 2 revisions

How to run SIREN

  1. Edit docs/siren.cfg
  2. change host line to your SIREN machine
  3. If you are running a raspberry pi or other physical machine, ensure that VMs are set to bridged. If all are VMs, NAT works if they are on the same NAT network.
  4. Change Detonation IPs to your detonation chambers, comma separated.
  5. Change Detonation usernames to usernames for the corresponding IP addresses above, comma separated.
  6. Change DB information to corresponding DB information. If you followed the setup exactly, only IP should change.
  7. On your Linux machine, cd into siren_client and run sudo python siren_clieny.py
  8. On your Windows machine, open IDLE, open siren_client.py and run.
  9. Run SIREN with sudo ./sirenstart.sh, in ~/siren directory.
  10. start snort with: sudo snort -q -c /etc/snort/snort.conf -i ens33
  11. start barnyard2 with: sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f merged.log -w /var/log/snort/barnyard2.bookmark
  12. Access SIREN web page by entering the SIREN_DB machine IP address into a browser on the same subnet as SIREN_DB.
Clone this wiki locally