da667

#!/bin/bash
#updater.sh - Weekly update script
#checks for updates, downloads them, then reboots the system.
#place this script in /etc/cron.weekly, ensure it is owned by root (chown root:root /etc/cron.weekly/updater)
#ensure the script has execute permissions (chmod 700 /etc/cron.weekly/updater)
#if you want updates to run once daily or monthly, you could also place this script into cron.daily, or cron.weekly.
#alternatively, edit /etc/crontab to create a crontab entry.

export DEBIAN_FRONTEND=noninteractive
apt-get -q update

da667

[Unit]
Description=Snort Daemon
After=syslog.target network.target

[Service]
Type=simple
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true

da667

--These configuration lines will perform the following tasks:
--enables the built-in preproc rules, and snort.rules file
--enables hyperscan as the search engine for pattern matching
--enables the IP reputation blocklist
--enables JSON alerting for snort alerts
--enables appid, the appid listener, and logging appid events.
ips =
{
    enable_builtin_rules = true,

da667

LightSPD_ruleset = true
oinkcode = [your oinkcode here]
snort_blocklist = true
et_blocklist = true
blocklist_path = /usr/local/etc/lists/default.blocklist
pid_path = /var/log/snort/snort.pid
ips_policy = security
rule_mode = simple
rule_path = /usr/local/etc/rules/snort.rules
local_rules = /usr/local/etc/rules/local.rules

da667

Host siem
  Hostname 172.16.1.3
  User ayy

Host siemroot
	Hostname 172.16.1.3
	User root

Host ips
	HostName 172.16.1.4

da667

Host bastion_host
	Hostname 10.0.0.162
	User ayy
	LocalForward 9000 172.16.1.3:22
	LocalForward 9001 172.16.1.4:22
	LocalForward 9002 172.16.2.2:22
	DynamicForward 9003

Host bastion_host_root
	Hostname 10.0.0.162

da667

Host bastion_host
	Hostname 10.0.0.163
	User ayy
	LocalFoward 9000 172.16.1.3:22
	LocalFoward 9001 172.16.1.4:22
	LocalFoward 9002 172.16.2.2:22
	DynamicFoward 9003

Host siem
	Hostname 127.0.0.1

da667

Host siem
	Hostname 172.16.1.3
	User ayy

Host ips
	HostName 172.16.1.4
	User ayy

Host kali
	HostName 172.16.2.2

da667

#!/bin/bash
#updater.sh - Weekly update script
#checks for updates, downloads them, then reboots the system.
#place this script in /etc/cron.weekly, ensure it is owned by root (chown root:root /etc/cron.weekly/updater)
#ensure the script execute permissions (chmod 700 /etc/cron.weekly/updater)
#if you want updates to run once daily or monthly, you could also place this script into cron.daily, or cron.weekly.
#alternatively, edit /etc/crontab to create a crontab entry.
export DEBIAN_FRONTEND=noninteractive
apt-get -q update
apt-get -y -q dist-upgrade

da667

#!/bin/bash
#This script is meant for VMware Workstation Professional, or Oracle Virtualbox users on most modern Linux Distributions.
#Ensure that the Linux distro you will be running this on has the ip [addr/route] command available.
#This script checks for the existence of the interface vmnet1 (vmware workstation) or vboxnet0 (virtualbox)
#and will assign the IP address 172.16.1.2 to the first interface it finds. The script will check to see if vmnet1 exists, then check for vboxnet0
#if neither interface exists, the script will fail.
#after setting the IP address, the script attempts to add a static route to the 172.16.2.0 network via 172.16.1.1 (LAN interface of the pfSense VM)

#Note: If you are using alternative networks for your lab other than 172.16.1.0/24, and 172.16.2.0/24, you will have to modify the ip route and ip addr add statements on lines 42, 55, and 75 on your own to reflect your lab network properly. You may also want to change the echo statements on lines 41, 44, 56, 58, 73, and 80 if you c