Tuesday, August 04, 2009

Xfiltr8 Extrusion Detection Live CD

Greetings from SANS Boston 2009.

I just posted the 1st public alpha version of the Xfiltr8 live CD to sourceforge: http://xfiltr8.sourceforge.net

Xfiltr8 is an open source Ubuntu-based live CD dedicated to networked extrusion detection.



1 comment:

Doug Burks said...

Hi Eric,

Xfiltr8 looks interesting! A few questions:

Is there a README somewhere that I'm missing?

I see that the LiveCD has Snort, BASE, and some Emerging Threats rules. Have you considered using Sguil instead of BASE? The NSMnow installer (http://www.securixlive.com/nsmnow/) can install Sguil and all its dependencies quickly and easily. It also downloads and compiles the latest version of Snort automatically. I'm using NSMnow in my Security Onion LiveCD.

I see some Perl scripts in /usr/local/bin/ that appear to be for Squid reporting, but I can't seem to find the Squid service itself. What am I missing?

Keep up the good work!

Thanks,
Doug Burks
http://securityonion.blogspot.com/
http://twitter.com/dougburks