Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/control-owl/suriGUI

GUI for Suricata + Qubes OS
https://github.com/control-owl/suriGUI

debian ips linux qubes suricata

Last synced: 2 months ago
JSON representation

GUI for Suricata + Qubes OS

Host: GitHub
URL: https://github.com/control-owl/suriGUI
Owner: control-owl
Created: 2021-11-11T12:12:41.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2022-09-04T00:18:13.000Z (over 2 years ago)
Last Synced: 2024-04-16T23:49:40.593Z (9 months ago)
Topics: debian, ips, linux, qubes, suricata
Language: Shell
Homepage:
Size: 3.81 MB
Stars: 13
Watchers: 2
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-suricata - suriGUI - GUI for Suricata + Qubes OS. (Misc)

README

![](https://github.com/control-owl/suriGUI/blob/main/res/suriGUI.png)

### Still in development

This is still a Beta.

-------------

### Intro

- Basic concept is to create GUI Interface for Suricata IPS
- Made for Qubes 4.1
- Show desktop notifications on every suspicious packet
- TODO Option to edit Suricata rules with GUI

-------------

### QUBES draw.io

-------------

#### System Tray statuses: Active and Inactive icon
![](https://github.com/control-owl/suriGUI/blob/main/res/preview/status.png)

-------------

#### Settings

-------------

### Installation for Qubes 4.1

##### sys-firewall qube
```sh
git clone https://github.com/control-owl/suriGUI/
```
##### dom0
```sh
sudo mkdir /srv/salt/config

sudo qvm-run --pass-io sys-firewall ’cat /home/user/suriGUI/qubes-salt/sys-ips.top’ | sudo tee /srv/salt/sys-ips.top
sudo qvm-run --pass-io sys-firewall ’cat /home/user/suriGUI/qubes-salt/config/sys-ips.sls’ | sudo tee /srv/salt/config/sys-ips.sls
sudo qvm-run --pass-io sys-firewall ’cat /home/user/suriGUI/qubes-salt/config/sys-ips-template.sls’ | sudo tee /srv/salt/config/sys-ips-template.sls
sudo qvm-run --pass-io sys-firewall ’cat /home/user/suriGUI/qubes-salt/config/sys-ips-template-config.sls’ | sudo tee /srv/salt/config/sys-ips-template-config.sls
sudo qvm-run --pass-io sys-firewall ’cat /home/user/suriGUI/qubes-salt/config/sys-ips-config.sls’ | sudo tee /srv/salt/config/sys-ips-config.sls

sudo qubesctl top.enable sys-ips
sudo qubesctl --show-output --all state.highstate
```

-------------

### Process for Qubes 4 explained

1. dom0: Install debian-11-minimal
2. dom0: Clone debian-11-minimal as sys-ips-template
3. sys-ips-template: Install required apps
4. sys-ips-template: Install suriGUI in /usr/share/suriGUI
5. sys-ips-template: create autostart script for suriGUI
6. dom0: Create qube sys-ips based on sys-ips-template
7. sys-ips: bind-dir /usr/share/suriGUI
8. sys-ips: start suriGUI
9. (dom0: Make sys-ips as Network provider)

-------------

Project is free.

Donation are welcome.

Motivation even more.

BTC 1JDYtxVvisQxFX1KrZ8yhYYQiqnfS4sFaa