Skip to content

Installation

Jump to bottom
g3tsyst3m edited this page Jun 15, 2023 · 35 revisions

UPDATE 7/31/2017:
I have received generous support from Tyler Ebel in forking BriarIDS and adding in support for pip install functionality. From now on, this project will be available for installation via python pip, and will be the recommended installation route.
Either myself or Tyler will be including all the necessary instructions below on how to install BriarIDS via python pip

The software dependencies will install automatically for you when running the install scripts via the GUI. I'd recommend doing an apt-get update and apt-get upgrade prior to running Briar so apt can grab all the latest packages

The Setup

  1. First, ssh into your PI under your preferred user (ex: 'pi' or 'root'): ssh -X pi@your_pi_ip
    ( the -X means X-forwarding which will forward the GUI to your computer used to access your PI. )
  2. Now, install pip: sudo apt-get install python-pip (should be on raspi by default)
  3. Next, clone the repo! git clone https://github.com/g3tsyst3m/BriarIDS.git
  4. Now, cd into the directory: cd BriarIDS
  5. sudo python setup.py install

That's all there is to it! You should now be able to run the program anywhere in your terminal by simply typing in: briar
The main GUI menu should now be visible
NOTE:
For users of the original briar interface, you may still run briar via the traditional method by browsing to the briarids subfolder and running sudo python briar_ids.py or if running as root simply python briar_ids.py.

Understanding the Menu

This button will start the installation for Suricata. The installation status can be followed by typing the following in a separate terminal: tail -f /usr/local/src/install_log.log
This button will bring up a menu in your terminal that will help guide you in your Bro installation needs. To install Bro, simply choose the first option in the menu. You can also configure the Critical-Stack-Intel-Agent after your Bro installation completes (Bro installation will install critical-stack-agent for you). The installation status can be followed by typing the following in a separate terminal: tail -f /usr/local/src/broinstall.log
This installation takes quite some time on the PI unit, but it is well worth the wait! It could take up to an hour or more depending on your PI unit model. It is assumed the user has a reasonable understanding of how Bro functions. If I have time I will add more information on how Bro works. For now, just know that Bro, as it applies to BriarIDS, detects malicious websites (from the intel feed you as the user will configure) using the Critical Stack agent and is simply a nice compliment solution to go alongside Suricata.

This button will start an instance of Suricata for you, using the monitoring interface you selected in the dropdown menu.
This button will add your public IP to Suricata so that packets captured PRIOR to being Nat'ted will be logged. This is extremely handy for catching reconnaissance scans such as NMAP performed outside of your network.
This button will allow the user to try an experimental feature I am working on which allows virustotal to scan captured packets that contain files and determine whether or not the file(s) is determined to be malicious, according to VirusTotal.

More information about this feature can be found HERE

Setting up your network TAP

This portion of the installation is critical, as you will only capture packets from your raspberry PI if you don't do this. Basically, you need some way of collecting the packets from your network and copying them to your PI's monitoring interface. To do this, I use already available resources here at my house, a linksys router that supports Tomato firmware. Go HERE to search for your specific router model firmware. Once downloaded, go HERE to learn how to install it.

Finally, you need to configure your Tomato router's IPTABLES to copy packets to your PI unit. I've included detailed steps to achieve this HERE.

Clone this wiki locally