mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-03 06:04:53 +00:00
389083ef74
This port replaces security/sguil-client, security/sguild-server and security/sguil-sensor which are at version 0.8.0. They will be removed shortly as a result. PR: 191347 Submitted by: Muhammad Rahman Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. The Sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
45 lines
2.0 KiB
Plaintext
45 lines
2.0 KiB
Plaintext
Sguil-server
|
|
============
|
|
If you had existing config files in %%PREFIX%%/etc/%%SERVER_SGUILDIR%%
|
|
they were not overwritten. If this is a first time install, you
|
|
must copy the sample files to the corresponding conf file and
|
|
edit the various config files for your site. See the INSTALL
|
|
doc in %%DOCSDIR%% for details. If this is an upgrade, replace
|
|
your existing conf file with the new one and edit accordingly
|
|
|
|
The sql scripts for creating database tables were placed in
|
|
the %%PREFIX%%/share/%%SERVER_SGUILDIR%%/ directory. PLEASE
|
|
note LOG_DIR is not set by this install. You MUST create the
|
|
correct LOG_DIRS and put a copy of the snort rules you use in
|
|
LOG_DIR/rules.
|
|
|
|
The sguild program was placed in %%PREFIX%%/bin/.
|
|
|
|
Some contributed scripts were placed in
|
|
%%PREFIX%%/share/%%SERVER_SGUILDIR%%/contrib
|
|
|
|
A startup script, named sguild was installed in
|
|
%%PREFIX%%/etc/rc.d/. To enable it, edit /etc/rc.conf
|
|
per the instructions in the script.
|
|
|
|
NOTE. You MUST create a directory /var/run/%%SERVER_SGUILDIR%%, and set the ownership
|
|
to user guil group sguil
|
|
You MUST also create certs. Here's how to do it;
|
|
Create the directory %%SERVER_SGUILDIR%%/certs
|
|
Set ownership to sguil user and group.
|
|
Create a password-protected CA cert.
|
|
openssl req -out CA.pem -new -x509
|
|
Create a server certificate/key pair.
|
|
openssl genrsa -out sguild.key 1024
|
|
Create a certificate request to be signed by the CA.
|
|
DO NOT password protect your server key. If you do, you will be required
|
|
to enter the password every time you start the server.
|
|
openssl req -key sguild.key -new -out sguild.req
|
|
If this is the first time you've created the cert,
|
|
Create a serial file so your certs will have incremented serial numbers.
|
|
openssl x509 -req -in sguild.req -CA CA.pem -CAAkey privkey.pem -CAcreateserial -out sguild.pem
|
|
If you're updating the existing cert
|
|
Update the actual certificate for your server.
|
|
openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial CA.sr1 -out sguild.pem
|
|
Put the certs to the %%SERVER_SGUILDIR%%/certs directory
|