Raspberry Pi Zeek

Deployment of Zeek on a Raspberry Pi 4B

This is some of my work deploying Zeek NSM on a Raspberry Pi
Zeek can be found here: https://github.com/zeek

Initial Deployment:

Install Raspbian Lite https://www.raspberrypi.org/documentation/installation/installing-images/

Management Configuration:

Majority of this can be completed via Raspi-config

sudo raspi-config

Change hostname Change password Enable SSH Connect wifi

sudo iwlist wlan0 scan

Expand file system

#Run Updates and Upgrades

sudo apt update && upgrade -y

Reboot

Check/enable promiscuous mode

Force eth0 into promiscuous mode

ifconfig eth0 promisc

Run netstat -i to determine if promiscuous mode has been enabled

 netstat -i

Install Pre-Reqs for Zeek

https://docs.zeek.org/en/current/install.html#

Required Dependencies:

Install all required Zeek dependencies

sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python3 python3-dev swig zlib1g-dev -y

Optional Dependences:

Install optional dependencies

  sudo apt-get install python3-git python3-semantic-version libkrb5-dev libjemalloc-dev google-perftools -y
  sudo apt-get install libgoogle-perftools4 perl curl libtcmalloc-minimal4 libgoogle-perftools-dev -y
  sudo apt-get install libtcmalloc-minimal4 -y
  sudo apt-get install libmaxminddb-dev -y 
  sudo apt-get install sendmail sendmail-cf m4 -y

Instructions for Geo-IP: https://docs.zeek.org/en/current/frameworks/geoip.html#geolocation
Instructions for SendMail: https://tecadmin.net/install-sendmail-on-debian-9-stretch/

Install Zeek:

git clone --recursive https://github.com/zeek/zeek
cd zeek
./configure --prefix=/opt/zeek --build-type=release
make
make install-aux

Give the current user (pi) ownership of the Zeek binary

sudo chown -R pi:pi /opt/zeek
sudo chmod 750 /opt/zeek

Add the Zeek binary path to the bottom of the user profile file - PATH="/opt/zeek/bin:$PATH"

nano ~/.profile

source ~/.profile

Run Zeekctl to setup Zeek

zeekctl

[zeekctl] install [zeekctl] deploy [zeekctl] status [zeekctl] debug

Connect with me at

Victim Of Technology

Cyber Forge Security, Inc.

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Raspberry Pi Zeek

Deployment of Zeek on a Raspberry Pi 4B

Initial Deployment:

Management Configuration:

Check/enable promiscuous mode

Install Pre-Reqs for Zeek

Required Dependencies:

Optional Dependences:

Install Zeek:

Give the current user (pi) ownership of the Zeek binary

Add the Zeek binary path to the bottom of the user profile file - PATH="/opt/zeek/bin:$PATH"

Run Zeekctl to setup Zeek

Connect with me at

About

Releases

Packages

Contributors 2

License

bvoris/RaspberryPiZeek

Folders and files

Latest commit

History

Repository files navigation

Raspberry Pi Zeek

Deployment of Zeek on a Raspberry Pi 4B

Initial Deployment:

Management Configuration:

Check/enable promiscuous mode

Install Pre-Reqs for Zeek

Required Dependencies:

Optional Dependences:

Install Zeek:

Give the current user (pi) ownership of the Zeek binary

Add the Zeek binary path to the bottom of the user profile file - PATH="/opt/zeek/bin:$PATH"

Run Zeekctl to setup Zeek

Connect with me at

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Packages