Croissants 牛角面包

Intrusion Detection and Prevention System

Networks and computers that are open to the public facing hacker attacks from all over the world every day. Once we are compromised, we would be one of the cyber crime victims. Our tasty Croissants is a high performance and ultra-low latency Intrusion Detection and Prevention System (IDPS). Unlike well known and famous brands for large business enterprises in the market, Croissants is available free of charge that everyone can afford. It is ideal for home, Small Office Home Office (SOHO) and Small Medium Business (SMB).

Not a Network Security Monitoring (NSM) or Information Security (InfoSec) expert? No problem! Our Croissants really is the "Plug, Play and Forget" system of your dreams. Don't be the next cyber crime victims, try Croissants now!

Croissants is designed by a hacker to defend against hackers. He knows what hackers are doing and thinking, regardless of whether they are ethical or malicious.


- Blocks known malicious activities
- Blocks known malware and virus
- Easy and straight forward web interfaces
- Compatible with Bittorrent and 4K video streaming
- Ultra-low latency for demanding online games
- Compatible with Microsoft Windows, GNU Linux, Apple macOS, Apple iOS and Google Android
- No subscription fee
- Automatically update and upgrade
- Plug, Play and Forget!





- 有效阻挡已知的恶意行为
- 有效阻挡已知的恶意程式
- 简单直接的用户介面
- 极低的延迟性能有效地播放 4K 多媒体和玩要求速度的网络游戏
- 兼容微软视窗、苹果电脑、Linux 等系统
- 开源项目,完全免费
- 自动更新
- 随插即用,并且可以忘记之


Croissants is an Open Source Project which is released under GPLv3 License and it is developed by Samiux.

A Quick Guide to GPLv3
GNU General Public License Version 3.0

Please keep in mind that Croissants is available FREE OF CHARGE.

** Croissants is designed and developed by Samiux since 2012.


If you like our project, please show your support by sending the donation to Paypal (infosecninjas AT gmail DOT com) in USD or HKD currency. You need a Paypal account for the donation.



- Multi-Core Intel / AMD x86 CPU (at least Intel ATOM D2550)
- 8GB DDR4 RAM or more (Croissants use at least 4GB RAM)
- 64GB SSD or more
- 3 Network Interface Cards/Ports (Network Based only)
- 1 Network Interface Card/Port (Host Based only)
- CPU with AVX2 or better (at least SSSE3)

Remark : Intel ATOM D2550 CPU comes with SSSE3 and it can handles up to 300Mbps connection (home usage).


- Ubuntu Server 18.04.3 LTS (64-bit)


- Suricata 4.1.5
- Hyperscan 5.2.1
- netdata (Network Based only)


1.0 Installation Guide

1.1 Download and Install

1.1.1 Network Based

sha256sum 195583a062b61137c6cb607369b9ae25b2b838996908543e1865c943f2301a18 croissants-latest.tar.gz

tar -xvzf croissants-latest.tar.gz
cd croissants
cp * ~/
cd ~/
nano nsm.conf
sudo ./nsm_install

*** Make sure you edit nsm.conf before running nsm_install ***
The definition of nsm.conf is here.

1.1.2 Host Based

sha256sum 82c7c702bf19d532b4b48003629ea55caf28ea19f96de8b6aab36333087510cb croissants-hidps-latest.tar.gz

tar -xvzf croissants-hidps-latest.tar.gz
cd croissants-hidps
cp * ~/
cd ~/
nano nsm.conf
sudo ./nsm_install

*** Make sure you edit nsm.conf before running nsm_install ***
The definition of nsm.conf is here.

1.2 ChangeLog

Croissants ChangeLog

2.0 User Guide

WARNING : Make sure port 19999 is not opened to the public.

2.1 Glances

Text mode monitoring tool for the performance of Croissants.


2.2 Netdata (Network Based only)

Graphic mode monitoring tool for the performance of Croissants.



2.3 Suricata Health Check

sudo tail -f /var/log/suricata/stats.log | grep drop

Press CTRL+c to exit.

2.4 Suricata Event Log

sudo tail -f /var/log/suricata/fast.log

Press CTRL+c to exit.

2.5 Rules Management

If you want to disable some rules as they are false positive, you can edit the "disable.conf" of suricata-update.

sudo nano /etc/suricata/disable.conf

If you want to drop some traffic, you can edit the "drop.conf" of suricata-update.

sudo nano /etc/suricata/drop.conf

If you want to modify some rules, you can edit the "modify.conf" of suricata-update.

sudo nano /etc/suricata/modify.conf

After updated the configuration files, you should run the following command to make the changes effective.

sudo nsm_rules_update

2.6 Ubuntu Update

sudo update_ubuntu

2.7 Auto Configuration

Whenever you changed the nsm.conf file, you need to run the following command in order to make it effective.

sudo nano /etc/croissants/conf.d/nsm.conf

sudo /etc/croissants/conf.d/auto_config

3.0 Hall of Fame

Nathan Paquin - Unix System Expert and InfoSec guy (IRC nick : sys)
Omnish - Gamer with InfoSec in mind (IRC nick : omnish)
Alpharyon - Ultra speed internet user with InfoSec in mind

4.0 Troubleshooting

If you cannot access internet when you are behind the Croissants, Suricata may be down unexpectedly. You can check if it is running or not by the following command :

sudo ps aux | grep suricata

If it is not running, you can issue the following command to start it :

sudo systemctl restart suricata

You can check the suricata.log at /var/log/suricata/suricata.log. Please allow about 15 minutes for Suricata fully starting.

5.0 FAQ

What is the function of the third network interface? (Network Based)
One is for incoming traffic (from modem or ISP) and the other is for outgoing traffic (to router or switch). The third one is connected to the switch for management purpose. It is also used for updating the rules and system.

Which network interface is used for the installation? (Network Based)
The monitoring network interface is good for installation. Incoming and outgoing network interfaces may cause problem during the installation.

How to check what network interfaces are in my box? (Network Based)
ls /sys/class/net

How to deploy Croissants?
The following is the recommended connection method of Croissants. However, you can connect it behind router too.

Network Based

Internet --- Modem (if any) --- Croissants --- Router --- Switch (if any) --- PCs

Host Based

Internet --- Croissants

Is there any commercial version?
No, commercial version is not available. However, we have a NOT FOR SALE and NOT Open Source version, namely "Professional". The following is the extra features for the "Professional" version :
- Blocks nmap scanner
- Blocks masscan scanner
- Blocks Shodan scans
- Blocks Censys scans
- Blocks Zoomeye scans

Contact us for the demo.

6.0 To-Do-List


7.0 See Also


8.0 Presentation

sha256sum 814e353abfa899aede7c6173a3dfd78b9aab0242258748f1e35073a87ff13f47 presentation-croissants.pdf

Download : presentation-croissants.pdf

(Firefox, Chrome and Safari Desktop Version friendly. You may need PDF Viewer Extension for Opera, Adobe Reader for Edge to view the report)