Audra 奧德拉




Intrusion Detection System



Networks and computers that are open to the public facing hacker attacks from all over the world every day. Once we are compromised, we would be one of the cyber crime victims. Our Audra is a high performance and ultra-low latency Intrusion Detection System (IDS). Unlike well known and famous brands for large business enterprises in the market, Audra is available free of charge that everyone can afford. It is ideal for home, Small Office Home Office (SOHO) and Small Medium Business (SMB).

Audra is designed by a hacker to defend against hackers. He knows what hackers are doing and thinking, regardless of whether they are ethical or malicious.


FEATURES

- Monitor known malicious activities
- Monitor known malware and virus
- Easy and straight forward web interfaces
- No subscription fee
- Automatically update and upgrade






LICENSE

Audra is an Open Source Project which is released under GPLv3 License and it is developed by Samiux.

A Quick Guide to GPLv3
GNU General Public License Version 3.0

Please keep in mind that Audra is available FREE OF CHARGE.

** Croissants, Croissants CE and Audra are designed and developed by Samiux since 2012.

DONATION

If you like our project, please show your support by sending the donation to Paypal (infosecninjas AT gmail DOT com) in USD or HKD currency. You need a Paypal account for the donation.


MINIMUM REQUIREMENTS

Hardware

- Multi-Core Intel / AMD x86 CPU
- 16GB DDR4 RAM or more
- 500GB Hard Drive/SSD or more
- 1 Intel Network Interface Card/Port
- CPU with AVX2 or better
- Port Mirroring Switch is required

Software

- Ubuntu Server 18.04.1 LTS (64-bit)


MAIN COMPONENTS

- Suricata 4.0.5
- Hyperscan 5.0.0
- Elasticsearch 5.6.x
- Logstash 5.6.x
- Kibana 5.6.x
- idstools-rulecat
- evebox


DOCUMENTATION

1.0 Installation Guide

1.1 Download and Install

sha256sum c39b286e9498d4e7c9510c906d9903c79a6c217ca19b31d08d527d60b229c3d6 audra-latest.tar.gz


wget https://www.infosec-ninjas.com/files/audra-latest.tar.gz
tar -xvzf audra-latest.tar.gz
cd ce
chmod +x nsm_*
chmod +x update_*
cp * ~/
cd ~/
nano nsm.conf
sudo ./nsm_install


*** Make sure you edit nsm.conf before running nsm_install ***
The definition of nsm.conf is here.


2.0 User Guide

WARNING : Make sure ports 5601, 19999 and 5636 are not opened to the public.

2.1 Kibana

To monitor and analysis the traffic of the network.

http://[monitoring_ip]:5601

e.g. http://192.168.20.180:5601

Meanwhile, you also need to download the preset dashboard and import to Kibana. You can download here. Kibana is big data analysis tool. The indices can be deleted and re-created for new analysis and monitoring.

The first time setup for Kibana is as this video :



2.2 Netdata

To monitor the performance of Audra.

http://[monitoring_ip]:19999

e.g. http://192.168.20.180:19999

2.3 EveBox

To analysis the packet capture.

http://[monitoring_ip]:5636

e.g. http://192.168.20.180:5636

2.4 Glances

Another monitoring tool for the performance of Audra.

glances

2.5 Ubuntu Update

sudo update_ubuntu

2.6 Auto Configuration

Whenever you changed the nsm.conf file, you need to run the following command in order to make it effective.

sudo nano /etc/audra/conf.d/nsm.conf

sudo /etc/audra/conf.d/auto_config


3.0 Hall of Fame

Nathan Paquin - Unix System Expert and InfoSec guy (IRC nick : sys)
Omnish - Gamer with InfoSec in mind (IRC nick : omnish)
Alpharyon - Ultra speed internet user with InfoSec in mind

*** Special thanks to Nathan Paquin (sys) to provide server for rules updates ***


4.0 Troubleshooting

If you cannot obtain any traffic on the web interfaces, Suricata may be down unexpectedly. You can check if it is running or not by the following command :

sudo ps aux | grep suricata

If it is not running, you can issue the following command to start it :

sudo systemctl restart suricata

You can check the suricata.log at /var/log/suricata/suricata.log.


5.0 FAQ

How to check what network interfaces are in my box?
ls /sys/class/net

How to delete all the indices on Kibana?
curl -XDELETE http://localhost:9200/logstash-*

How to list all indices on Kibana?
curl -XGET http://localhost:9200/_cat/indices

How to delete one of the indices on Kibana?
curl -XDELETE http://localhost:9200/logstash-2017.07.25


6.0 To-Do-List

Nil


7.0 See Also

N/A