Shmoo Labs Writeup – Part 1
Shmoo Labs got going bright and early — but not before Branson took us on a 2 mile detour to the diner in Adams Morgan. We did take the shorter way back. The diner was worth the walk and I got a good breakfast in my belly for what would be a 18 hour day of tooling around.
I arrived in labs about 8:10am. I was leading up the OSSIM deployment and the NetMon team. First thing we did was grab a new Dell server, and the plan was to get ESX on it so we could have a bunch of different VMs running on the server to setup Cacti, Nagios, OpManager, (and later an OSSIM sensor).
I had brought a ton of .iso’s and VMs with stuff all ready to go — since I heard there were 4 brand new Dell servers… but they turned out to only be 32-bit! I had all x64 .isos of VMware, Ubuntu, and OSSIM. Not a huge deal… but with the limited bandwidth available first thing in the morning, this totally rained on our parade.
Not to worry, we discovered the hotel had free net in the lounge, and we ended up using their wired kiosk connections and got most of the .isos we needed in about 90 minutes or so. Around 10 am, we started installing ESX 4.0 on our server. We also started installing the OSSIM x64 build 2.1 on the OSSIM appliance. We had only 2 interfaces on the OSSIM box, which would prove to be a challenge later. So — 10am ESX and OSSIM installs running.
Now it’s about 10:45. We discussed who would do what. I was to work with the OSSIM CTO DK and Engineer Jamie to get the professional version of OSSIM v2.2 (to be released Feb 15th — woot!). We had a person in charge of setting up our Cisco 2960 (which handles VLANs weird — I’ll explain in a bit) one person to do Nagios, one person to setup Cacti, one person to set up OpManager (a commercial net mon app) and a few other people here and there.
We started by setting up an Ubuntu server then cloning it 5 times. We then distributed around instances of Ubuntu for everyone to start hacking away at. Around this time (noonish) we got internet (thanks firewall team!) and were then able to start updating OSSIM. We also talked about setting up some not-out of the box functionality into OSSIM such as SnoGE (which will take Snort unified output and generate a .kml file for google earth)
At this point I started working with the OSSIM engineers which is where the next chapter will start off.
Do you like this post? What else about labs to you want to hear about? Let me know in the comments!
[...] You can read Part One here. [...]
[...] can read Part One here, and Part [...]
[...] can read Part One here, and Part Two here, and Part Three [...]
Great blog
For me, trying to install a lab environment for OSSIM, there are great tips
Thank You