c nerd blog — Soekris kit & Snort 2.9.3.1 on OpenBSD 5.2

dirt

I have some Soekris SBCs for the project: a fairly new 6501 and two elderly 4801s, one of which has a 60G disk. I like Soekris kit; it does what it says on the tin, and supports the major BSDs.

These SBCs can run from Compact Flash cards or hard disk. I understand there is a risk the running OS will damage the CF card because of too much IO, so I’m wary of corruption—although I’ve not seen anything yet. I not concerned about the cost of replacing cards: they used to be horribly expensive, but now they’re cheaper than beer.

I’m using the faster 6501 for my primary connection to the big bad world, taking advantage of its greater power & Open BSD’s strengths. This connects to my ISP supplied modem router, which has its own firewall and internet security. That modem router will stay up as the primary defence against the naughty internet until I am confident my new configuration is secure. I have a lot of testing and bashing with black hat tools before I get there.

dirt

The 4801 with the hard disk will become my DMZ machine, offering OpenBSD’s version of Apache with a copy of my website, and SSH for my own use.

The other 4801 will be used for snort. There’s a clear diagram of the hardware configuration necessary for using snort at Debian. In particular, I needed a network hub. Finding that was an adventure. The one company that apparently still makes them didn’t bother to reply to my emails, even though none of their supposéd stockists stocked the thing. Fortunately for me, the owner of Prosys Computer on Boulevard Royal found an old hub in his cellar which still worked.

Incidentally, you absolutely need to be able to connect to the Soekris serial port to control the Soekris BIOS configuration, to monitor it during boot, and perhaps to fix the initial operating system configuration. I use a USB/Serial cable.