Messages

1

21.7 Legacy Series / Re: GEOIP Google Maps

« on: November 08, 2021, 07:25:27 pm »

Does this help...?

Thanks for your reply @benyamin.  Looking at that thread, there is a link to https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md and the first step says:

Install package ntopng-data which pulls in MaxMind downloader geoipupdate as dependency

I do not have 'ntopng-data' in my package list in OpnSense.  Do you see that as an available package in your list?

Even though the package is missing from my OpnSense list, I tried to bring the files over manually.  I am not able to curl the files in for some reason.  I am logged into a local admin account and using sudo says I'm not in the sudo list. 

2

21.7 Legacy Series / Re: Weird CPU useage

« on: November 08, 2021, 02:33:12 am »

ifconfig command taking up 1-3 cpu cores

From the image you attached, how can you tell 1-3 cpu cores were being used?  Thanks

3

21.7 Legacy Series / GEOIP Google Maps

« on: November 08, 2021, 02:23:28 am »

This is on a Protectli FW4B running OpnSense 21.7.4 and Suricata 6.0.3_3.

I would like to see a Google map of connections between OpnSense systems and remote locations.  From what I have read, this cannot be done within OpnSense itself, but it can be done in the ntopng package added into OpnSense.  I have already created the Maxmind key and set that up as an alias in OpnSense in case that comes into play.

I have installed the ntopng package and it appears to be working fine except for showing any kind of a google map for connections.  In ntopng if igb1(LAN) is selected, then a 'Maps' menu appears and the only item in it is 'Hosts'.  If System is selected, there is no Maps menu on the left.

Shouldn't Maps->Hosts show a Google Map with connection lines so I can see which countries there are connections with?

Thanks for any guidance on how to get Google Maps setup to show connection maps.

4

Intrusion Detection and Prevention / IDS/Intrusion Detection: Policy doesn't seem to change Rules at all

« on: November 08, 2021, 01:37:42 am »

In IDS, I have created a policy to change ALL rules to disabled.  Yet, when I look at the rules, there are a few that are checked/enabled.  I can't manually check/uncheck them but I may create another post for that.

Please have a look at the following screenshots and let me know if something in the setup looks wrong to you:














Thanks and I appreciate any suggestions.

This is on a Protectli FW4B running OpnSense 21.7.4 and Suricata 6.0.3_3.

5

Intrusion Detection and Prevention / Re: IPS/IDS - Excellent Tutorial

« on: November 07, 2021, 10:06:14 pm »

Thanks for sharing and I had already seen this video before coming to the forums here.  I find the video dated in VERY crucial ways... Specifically,
1. IDS is POLICY based now.
2. Enable a real rule and show a rule working and the logs..not just a test rule.

I have been trying to get IDS working and having issues.  I have created a rule to disable ALL..and that is not even working.  There are still rules enabled.  FYI that the policy has Rule sets/Actions/Rules all set to 'None selected' and New action set to Disabled.

It would be VERY helpful to see an updated IDS tutorial that shows how to get Policy based IDS operational.