To install Prelude, the Hybrid IDS (or Meta IDS) on Debian, on less than ten minutes, just use the packages:
- install a database (PostgreSQL or MySQL)
- install the Prelude manager, all needed packages will be installed automatically
apt-get install prelude-manager
- during the installation, dbconfig will ask to configure the database. Say yes, and give the parameters. dbconfig will create a new user, set a password, create the SQL schema and configure prelude-manager to use it.
This should be enough for the manager. You will have to configure the listen address for the manager (the default is restricted to localhost) to listen on the network.
To add agents (sensors), you have to install the package and register a new profile for each sensor.For ex:
apt-get install prelude-lml apt-get install snort
Create a new profile:
prelude-admin register prelude-lml "idmef:w" <manager address> --uid 0 --gid 0 ... prelude-admin register snort "idmef:w" <manager address> --uid 0 --gid 0 ...
Follow the instructions for the registration.
Check the address of the manager in the config (global file is /etc/prelude/default/client.conf):
server-addr = 192.168.1.1
For a complete installation guide (with explanations) including the web interface Prewikka, look at the Prelude …read more