Aanval and OPNSense

Started by samsonmcnulty, August 05, 2018, 06:58:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 05, 2018, 06:58:52 PM
Has anyone here had any experience with Aanval? I'm running OPNSense on a small desktop and since it already has suricata, I figured I would just need barnyard on the OPNSense box to feed into a SQL server which Aanval on my RasPi could then pull data from. That, of course, seems too simple and I know I'm missing some key points here.
I've looked into building aanval as a plugin for OPNSense but I'm still relatively new to all of this so there are some milestones I think I need to achieve before I try something at that level.
Thanks in advance for any help offered!
August 06, 2018, 05:45:51 AM #1 Last Edit: August 06, 2018, 05:51:38 AM by samsonmcnulty
So I've managed to determine that OPNSense already has the majority of what is needed to run aanval.
When I unzip aanval into the /www/html/ directory and run the prereq check I get this output.
Code Select
Fix the following mandatory requirements
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* iconv() must be available
   > Install and enable the iconv extension.

* token_get_all() must be available
   > Install and enable the Tokenizer extension.

Optional recommendations to improve your setup
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* posix_isatty() should be available
   > Install and enable the php_posix extension (used to colorize the
   > CLI output).

* intl extension should be available
   > Install and enable the intl extension (used for validators).

* PDO should have some drivers installed (currently available: none)
   > Install PDO drivers (mandatory for Doctrine).


Note  The command console could use a different php.ini file
~~~~  than the one used with your web server. To be on the
      safe side, please check the requirements from your web
      server using the web/config.php script.




I'm not so concerned with the optional stuff quite yet. I was able to determine a method for adding the iconv extension and tokenizer without having to completely rebuild php so I'll be giving that a shot momentarily.

I'll keep plugging away at it and update this post as I accomplish things. I'm also not so sure this post is in the correct area of the forum now, should it be moved to dev?

Thanks
August 06, 2018, 02:40:38 PM #2
Make sure your hardware supports it...no need to burden it if not.  Throw aanval in a vm/jail on another box.  That being said, I had aanval at one point, good stuff.  Next go around im going to be using elk stack though, if I can figure out how to pass suricata logs to a syslog server.
Print
Go Up Pages1
User actions