Sname
December 21, 2021, 10:46pm
1
Hi there.
I just tested and it is working on my PC without problem.
I encourage everybody to try and report bugs.
https://github.com/control-owl/suriGUI
Idea is to integrate Suricata IPS in Qubes 4.1 and be able to still use Qubes Firewall.
This is short process of my Salt:
Download debian-11-minimal (if not exist)
Clone debian-11-minimal as sys-ips-template
Install suriGUI in sys-ips-template
Create new Qube: sys-ips
Start sys-ips
After starting sys-ips you will see a new icon in Sys-Tray
You can Start and Stop Suricata IPS.
For now there are not so much settings, progress will be done.
To start exploring, check my repo:
https://github.com/control-owl/suriGUI
and my Salt:
https://github.com/control-owl/suriGUI/tree/main/salt
10 Likes
51lieal
December 21, 2021, 10:58pm
2
After reviewing code, i’ll help testing.
Good project!
tripleh
December 22, 2021, 7:15am
3
Looks interesting, thanks for sharing!
Is sys-ips -when it’s working- replacing sys-firewall ? Or can/should I still use it via
sys-net > sys-ips > sys-firewall > …qubes…
?
arkenoi
December 22, 2021, 7:09pm
5
Nice addition for anyone who is brave enough to run Windows stuff – at least now we can see what happens there!
Zrubi
December 23, 2021, 11:35am
6
3 Likes
51lieal
December 23, 2021, 11:52am
7
Meanwhile we are using selinux who created by NSA, could be a long discussion but let’s forget it.
Sname
December 25, 2021, 7:43pm
8
hi.
you do not need sys-firewall.
at least I do not see any use of if after installing sys-ips.
traffic will go to suricata, and there it will be processed.
If you want to block access to hosts, you can do it in firewall in qube, or globally in sys-ips
Sname
December 25, 2021, 7:44pm
9
I based my GUI on your idea @Zrubi
I read it many times.
Tnx man
1 Like
Sname - Awesome contribution.
I just ran through the instructions on Git and those did not produce any errors.
sys-ips and sys-ips-template installed with suriGUI.
However, I cannot get the tray icon to appear on restart.
Any ideas on how to troubleshoot?
Thanks!
Vic
July 22, 2022, 8:33am
11
There is a folder that you need to create by hand, and error in the installer,
The fix… Go to the qubes manager … Start the template and open an xterm … Try to launch the suriGUI in the xterm
It gives a console error that a directory don’t exist …
Create it by hand …
Restart the VM and it will work
I can’t remember the exact dir because I am not at home and I don’t remember it exactly
Cheers
1 Like
Brilliant Vic.
Thank you.
For others reference: /usr/share/suriGUI/tmp/ is the directory that you need to create
1 Like
Bishop
July 22, 2022, 5:59pm
13
Hello,
Good job on putting this together. I have an issue that prevent me from getting it to work. Weirdly, the icons appear when I start the template but is not starting when I start the non-template sys-ips.
Any clue on what is going on?
Thanks
Bishop
Bishop - I ran into the same issue. You need to mkdir /usr/share/suriGUI/tmp into the sys-ips as well as the template.
Bishop
July 22, 2022, 6:50pm
15
I was able to do finally do it. I had to do the mkdir on the sys-ips qubes only but in the folder /rw/bind-dirs/usr/share/suriGUI/
Thanks for the tips!
Bishop
done this also and now the icon just appear (red) a few seconds and then it’s gone again…
Doogee
July 23, 2022, 10:21am
17
Hi there.
Tnx for showing interest in my project.
Currently I am in a crazy situation with 2 babies at home and I really can not find 1 hour per day to finish this and make stable version.
Sadly…
And I am on my vacation until August.
Thats why new username.
Cant remember my pass without keepass.
Since some of you showed interest I will immedietly make a correctios in a code as soonas I come home.
Thx for having interest. It means something to me.
Until August.
2 Likes
Sname:
firewall
Having a sys-firewall is still highly recommended as it is a good place to put in additional custom scripts to block certain traffic.
Great initiative, brilliant idea and you could still do sys-ips-snort then what was not blocked by Suricat would be blocked by Snort. For example, such a chain vm <-> sys-firewall <-> sys-ips-snort <-> sys-ips-suricata <-> sys-net