Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/snorby/snorby
Ruby On Rails Application For Network Security Monitoring
https://github.com/snorby/snorby
Last synced: 8 days ago
JSON representation
Ruby On Rails Application For Network Security Monitoring
- Host: GitHub
- URL: https://github.com/snorby/snorby
- Owner: Snorby
- License: other
- Created: 2010-10-09T19:09:49.000Z (about 14 years ago)
- Default Branch: master
- Last Pushed: 2023-06-06T20:32:27.000Z (over 1 year ago)
- Last Synced: 2024-10-15T09:41:06.255Z (about 2 months ago)
- Language: HTML
- Homepage:
- Size: 9.14 MB
- Stars: 1,002
- Watchers: 83
- Forks: 226
- Open Issues: 133
-
Metadata Files:
- Readme: README.md
- Changelog: ChangeLog.md
- License: LICENSE
Awesome Lists containing this project
- awesome-network-stuff - **918**星
README
# Snorby
* [github.com/Snorby/snorby](http://github.com/Snorby/snorby/)
* [github.com/Snorby/snorby/issues](http://github.com/Snorby/snorby/issues)
* [github.com/Snorby/snorby/wiki](http://github.com/Snorby/snorby/wiki)
* irc.freenode.net #snorby## Description
Snorby is a ruby on rails web application for network security monitoring that interfaces with current popular intrusion detection systems (Snort, Suricata and Sagan). The basic fundamental concepts behind Snorby are **simplicity**, organization and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use.
## Requirements
* Snort
* Ruby >= 2.5
* Rails >= 3.0.0## Install
* Get Snorby from the download section or use the latest edge release via git.
`git clone git://github.com/Snorby/snorby.git`
* Move into the Snorby directory
`cd snorby`
* Install Gem Dependencies (make sure you have bundler installed: `gem install bundler`)
Ubuntu 18.04 >apt-get install ruby-graphviz ruby-dev ruby ruby-bundler rake ruby-rails
gem install rubygems-bundler
gem install rbundler -v 1.16.1
gem install bundler -v 1.16.1`$ bundle install`
* NOTE: If you get missing gem issues in production use `bundle install --path vendor/cache`* If your system gems are updated beyond the gemfile.lock you should use as an example `bundle exec rake snorby:setup`
* If running `bundle exec {app}` is painful you can safely install binstubs by `bundle install --binstubs`
* Install wkhtmltopdf`pdfkit --install-wkhtmltopdf`
* If this fails - visit https://github.com/pdfkit/pdfkit#wkhtmltopdf for other options
* Edit the Snorby configuration files
* `config/snorby_config.yml`
* `config/database.yml`
* `config/initializers/mail_config.rb`
* Templates can be found in `config/snorby_config.yml.example`, `config/database.yml.example` and `config/initializers/mail_config.example.rb` respectively.* Run the Snorby setup
`rake snorby:setup`
* NOTE: If you get warning such as "already initialized constant PDF", you can fix it by running these commands :```
sed -i 's/\(^.*\)\(Mime::Type.register.*application\/pdf.*$\)/\1if Mime::Type.lookup_by_extension(:pdf) != "application\/pdf"\n\1 \2\n\1end/' vendor/cache/ruby/*.*.*/bundler/gems/ezprint-*/lib/ezprint/railtie.rb
sed -i 's/\(^.*\)\(Mime::Type.register.*application\/pdf.*$\)/\1if Mime::Type.lookup_by_extension(:pdf) != "application\/pdf"\n\1 \2\n\1end/' vendor/cache/ruby/*.*.*/gems/actionpack-*/lib/action_dispatch/http/mime_types.rb
sed -i 's/\(^.*\)\(Mime::Type.register.*application\/pdf.*$\)/\1if Mime::Type.lookup_by_extension(:pdf) != "application\/pdf"\n\1 \2\n\1end/' vendor/cache/ruby/*.*.*/gems/railties-*/guides/source/action_controller_overview.textile
```* Start Rails
For instance with `rails server` or `bundle exec rails server` and point a browser to localhost:3000
or whatever you put in `config/snorby_config.yml`.* Log in and create new user
If you selected authentication_mode: database in `config/snorby_config.yml` the default user credentials are:
* Email: **[email protected]**
* Password: **snorby**
After logging in go to **Administration** / **Users**, click **Add user** and fill out the form to create
a personal account with administrator privileges before you delete the default user.* Once all options have been configured and snorby is up and running
* Make sure you start the Snorby Worker from the Administration page.
* Make sure that both the `DailyCache` and `SensorCache` jobs are running.
* NOTE - If you do not run Snorby with passenger (http://www.modrails.com) people remember to start rails in production mode.`rails -e production`
## Updating SnorbyIn the root Snorby directory type the following command:
`git pull origin master`
Once the pull has competed successfully run the Snorby update rake task:`rake snorby:update`
# Helpful CommandsYou can open the rails console at anytime and interact with the Snorby environment. Below are a few helpful commands that may be useful:
* Open the rails console by typing `rails c` in the Snorby root directory
* You should never really need to run the below commands. They are all available within the
Snorby interface but documented here just in case.**Snorby Worker**
Snorby::Worker.stop # Stop The Snorby Worker
Snorby::Worker.start # Start The Snorby Worker
Snorby::Worker.restart # Restart The Snorby Worker**Snorby Cache Jobs**
# This will manually run the sensor cache job - pass true or false for verbose output
Snorby::Jobs::SensorCacheJob.new(true).perform`# This will manually run the daily cache job - once again passing true or false for verbose output
Snorby::Jobs::DailyCacheJob.new(true).perform# Clear All Snorby Cache - You must pass true to this method call for confirmation.
Snorby::Jobs.clear_cache# If the Snorby worker is running this will start the cache jobs and set the run_at time for the current time.
Snorby::Jobs.run_now!## License
Please refer to the LICENSE file found in the root of the snorby project.