Skip to content
A. Cristallo edited this page Mar 8, 2018 · 5 revisions

Getting Sweet Security

Either download the Github repository manually, or clone the repo with the following command:

$ git clone --depth=1 https://github.com/travisfsmith/sweetsecurity

Prerequisites

Most of the dependencies will be installed during installation. However you will need to make sure these are followed before trying to install the code.

Supported Operating Systems

  • Raspbian Jessie
  • Debian Jessie
  • Ubuntu 16.04

Supported Hardware

  • RaspberryPi 3
  • x86
  • x86_64

System Requirements

  • ARM, x86, or x86_64 CPU
  • 2GB RAM
  • 8GB Disk Storage
  • 100 MB NIC (Recommended 1GB) Note: 2GB of storage is required while the Raspberry Pi 3 only has 1GB. The code can be split to run on two devices, such as two Raspberry Pi's or a Raspberry Pi and AWS.

Packages

  • Python 2.7

sudo apt install python

  • Java 1.8

sudo apt install default-jre

Note: Debian requires a few unique steps to get Java 1.8 installed. TecAdmin has a great guide on how to accomplish that. https://tecadmin.net/install-java-8-on-debian/

All other packages will be installed during Sweet Security installation. Below are the list of system packages installed by the installer:

  • curl
  • cmake
  • g++
  • flex
  • bison
  • libpcap-dev
  • libssl-dev
  • python-dev
  • python-pip
  • python-flask
  • python-scapy
  • apache2
  • libapache2-mod-wsgi
  • swig
  • nmap
  • tcpdump
  • oracle-java8-jdk (Raspbian Only)
  • ant (Raspbian Only)
  • zip (Raspbian Only)

Below are the list of packages installed by pip:

  • elasticsearch
  • requests
  • flask-mail
  • flask_wtf
  • cryptography

Installation

sudo python setup.py

Installation Types

  1. Full Install: This will install Bro IDS, Critical Stack (optional), Logstash, Elasticsearch, Kibana, Apache, and Sweet Security Client/Server. Choose this option ONLY if you have 2GB of memory or more.

  2. Sensor Only: This will install Bro IDS, Critical Stack (optional), Logstash, and Sweet Security Client

  3. Web Server Only: This will install Elasticsearch, Kibana, Apache, and Sweet Security Server

Interface

You will only need a single configured interface for Sweet Security. If you have two or more configured interfaces configured, you will be prompted to choose which one to use for Sweet Security. If there is only a single configured interface, the installer will choose this for you automatically. The chosen interface will be used for:

  • Client: ARP Spoofing
  • Client: Network Scans
  • Client: Bro IDS Inspection
  • Server: Website Hosting

Credentials

The installer will prompt you to create two credentials. The web portal credentials are used to protect the Flask App and Kibana. The Elasticsearch credentials will protect Elasticsearch only. Currently, only character can be used in the password except for double-quotes. The installer passes the password to the htpasswd command, which is encapsulated in double quotes.

Critical Stack

Critical Stack can be optionally installed on the Sensor alongside Bro IDS. If you choose to install Critical Stack, you will be prompted to enter in your Critical Stack API Key during installation.

FileCheckIO

Any files found by Bro IDS can be referenced against FileCheck.io. If you have an account and would like to check files against this, you will be prompted to enter in your API key during installation.