Skip to content
This repository was archived by the owner on Nov 8, 2022. It is now read-only.

T-NOVA/vSA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
conf
conf
 
 
controller
controller
 
 
monitoring
monitoring
 
 
scripts
scripts
 
 
ssh
ssh
 
 
test
test
 
 
tnor
tnor
 
 
vsa
vsa
 
 
README.md
README.md
 
 

Repository files navigation

Virtual Security Appliance (vSA)

SSH Access:

  • ssh -i /path/to/id_rsa tnova@vSA

Configuration

Pfsense

Configuration:

  • /conf/config.xml
  • remove /tmp/config.cache
  • reload config by saving the "relevant" page (-> web configuration)

Snort

Configuration:

  • /usr/local/etc/snort/snort.conf

  • /etc/rc.conf.local

  • ipvar HOME_NET [192.168.1.0/24]

  • ipvar EXTERNAL_NET !$HOME_NET

Log: /var/log/snort/merged.log.xxxxxxxxxx

vSA Logic

Repository

The vSA logic resides in a Git repository that is located at /home/tnova/tnova. The branch production has to be used.

To pull or push updates, first copy the resolv.conf file in /home/tnova to /etc/resolv.conf.

Controlling the vSA

The vSA can be started/stopped/restarted with the command: sudo python /home/tnova/tnova/vsa/vsa.py <command> where <command> is either start, stop or restart.

configuring monitoring

1.Install "collectd5" in vSA using command "pkg install collectd5",then run command "rehash"

2.Add collectd_enable="YES" to file /etc/rc.conf.local

3.Change /usr/local/etc/collectd.conf # collectd.conf is backed up in /home/tnova/tnova/conf

4.Add /usr/local/etc/rc.d/update_uuid.sh # It gets instance uuid, stores it to a file, updates and restarts collectd, adds our local DNS on top of /etc/resolv.conf. update_uuid.sh is backed up in /home/tnova/tnova/conf

About

vSA: Virtual Security Appliance (Fraunhofer FOKUS Berlin)

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages