Croissants CE 牛角面包




Intrusion Detection and Prevention System (Community Edition)



Networks and computers that are open to the public facing hacker attacks from all over the world every day. Once we are compromised, we would be one of the cyber crime victims. Our tasty Croissants (Community Edition, CE) is a high performance and ultra-low latency Intrusion Detection and Prevention System (IDPS). Unlike well known and famous brands for large business enterprises in the market, Croissants CE is available free of charge that everyone can afford. It is ideal for home, Small Office Home Office (SOHO) and Small Medium Business (SMB).

Not a Network Security Monitoring (NSM) or Information Security (InfoSec) expert? No problem! Our Croissants CE really is the "Plug, Play and Forget" system of your dreams. Don't be the next cyber crime victims, try Croissants CE now!

Croissants CE is designed by a hacker to defend against hackers. He knows what hackers are doing and thinking, regardless of whether they are ethical or malicious.

Meanwhile, Croissants is a commercial product that provides a better user experience and support. It is ideal for any server that providing connections to the public.


FEATURES

- Block known malicious activities
- Block known malware and virus
- Easy and straight forward web interfaces
- Compatible with Bittorrent and 4K video streaming
- Ultra-low latency for demanding online games
- Compatible with Microsoft Windows, GNU Linux, Apple macOS, Apple iOS and Google Android
- No subscription fee
- Automatically update and upgrade
- Plug, Play and Forget!


每当电脑或网络连接互联网时,我们的电脑或网络就有机会被恶意黑客的攻击。为免成为下一个网络罪行的受害者,我们美味的牛角面包 (社区版) 可以助你免于被袭击。不像其他知名的商业品牌,她是完全免费,每个人都能够负担的入侵防御系统。

我们的牛角面包 (社区版) 是随插即用,用户的参与性极少,适合一般大众使用。

牛角面包 (社区版) 是由黑客设计来对付黑客的有效工具,不论其为道德黑客抑或是恶意黑客。

功能概览

- 有效阻挡已知的恶意行为
- 有效阻挡已知的恶意程式
- 简单直接的用户介面
- 极低的延迟性能有效地播放 4K 多媒体和玩要求速度的网络游戏
- 兼容微软视窗、苹果电脑、Linux 等系统
- 开源项目,完全免费
- 自动更新
- 随插即用,并且可以忘记之






LICENSE

Croissants CE is an Open Source Project which is released under GPLv3 License and it is developed by Samiux.

A Quick Guide to GPLv3
GNU General Public License Version 3.0

Please keep in mind that Croissants CE is available FREE OF CHARGE.

** Croissants, Croissants CE and Audra are designed and developed by Samiux since 2012.

DONATION

If you like our project, please show your support by sending the donation to Paypal (infosecninjas AT gmail DOT com) in USD or HKD currency. You need a Paypal account for the donation.


MINIMUM REQUIREMENTS

Hardware

- Multi-Core Intel / AMD x86 CPU
- 16GB DDR4 RAM or more
- 500GB Hard Drive/SSD or more
- 3 Intel Network Interfaces Cards/Ports
- CPU with AVX2 or better

Software

- Ubuntu Server 18.04.1 LTS (64-bit)


MAIN COMPONENTS

- Suricata 4.0.5
- Hyperscan 5.0.0
- Elasticsearch 5.6.x
- Logstash 5.6.x
- Kibana 5.6.x
- idstools-rulecat
- evebox


DOCUMENTATION

1.0 Installation Guide

1.1 Download and Install

sha256sum c5f17d874cbdd160b7741362418e3b68fe5b78b3cd0436a7851a9d745cd7986f ce-latest.tar.gz


wget https://www.infosec-ninjas.com/files/ce-latest.tar.gz
tar -xvzf ce-latest.tar.gz
cd ce
chmod +x nsm_*
chmod +x update_*
cp * ~/
cd ~/
nano nsm.conf
sudo ./nsm_install


*** Make sure you edit nsm.conf before running nsm_install ***
The definition of nsm.conf is here.

1.2 ChangeLog

Croissants CE ChangeLog


2.0 User Guide

WARNING : Make sure ports 5601, 19999 and 5636 are not opened to the public.

2.1 Kibana

To monitor and analysis the traffic of the network.

http://[monitoring_ip]:5601

e.g. http://192.168.20.180:5601

Meanwhile, you also need to download the preset dashboard and import to Kibana. You can download here. Kibana is big data analysis tool. The indices can be deleted and re-created for new analysis and monitoring.

The first time setup for Kibana is as this video :



2.2 Netdata

To monitor the performance of Croissants CE.

http://[monitoring_ip]:19999

e.g. http://192.168.20.180:19999

2.3 EveBox

To analysis the packet capture.

http://[monitoring_ip]:5636

e.g. http://192.168.20.180:5636

2.4 Rules Management

If you want to disable some rules as they are false positive, you can edit the "disable.conf" of idstools-rulecat.

sudo nano /etc/idstools/disable.conf

If you want to drop some traffic, you can edit the "drop.conf" of idstools-rulecat.

sudo nano /etc/idstools/drop.conf

If you want to modify some rules, you can edit the "modify.conf" of idstools-rulecat.

sudo nano /etc/idstools/modify.conf

After updated the configuration files, you should run the following command to make the changes effective.

sudo nsm_rules_update

2.5 Glances

Another monitoring tool for the performance of Croissants CE.

glances

2.6 Ubuntu Update

sudo update_ubuntu

2.7 Auto Configuration

Whenever you changed the nsm.conf file, you need to run the following command in order to make it effective.

sudo nano /etc/croissants/conf.d/nsm.conf

sudo /etc/croissants/conf.d/auto_config


3.0 Hall of Fame

Nathan Paquin - Unix System Expert and InfoSec guy (IRC nick : sys)
Omnish - Gamer with InfoSec in mind (IRC nick : omnish)
Alpharyon - Ultra speed internet user with InfoSec in mind

*** Special thanks to Nathan Paquin (sys) to provide server for rules updates ***


4.0 Troubleshooting

If you cannot access internet when you are behind the Croissants CE, Suricata may be down unexpectedly. You can check if it is running or not by the following command :

sudo ps aux | grep suricata

If it is not running, you can issue the following command to start it :

sudo systemctl restart suricata

You can check the suricata.log at /var/log/suricata/suricata.log.


5.0 FAQ

What is the function of the third network interface?
One is for incoming traffic (from modem or ISP) and the other is for outgoing traffic (to router or switch). The third one is connected to the switch for management purpose. It is also used for updating the rules and system.

How to check what network interfaces are in my box?
ls /sys/class/net

How to delete all the indices on Kibana?
curl -XDELETE http://localhost:9200/logstash-*

How to list all indices on Kibana?
curl -XGET http://localhost:9200/_cat/indices

How to delete one of the indices on Kibana?
curl -XDELETE http://localhost:9200/logstash-2017.07.25


6.0 To-Do-List

Nil


7.0 See Also

N/A