Installing CIF on a Ubuntu 12.04 VM on top of Security Onion (Part 1)

Security Onion and CIF

The CIF (Collective Intelligence Framework) provides a framework for gathering opensource intelligence feeds and then allows you to compare this intelligence with the data you have already been collecting with Security Onion tools.

Install Security Onion Distro

• Great instructions ---> (https://code.google.com/p/security-onion/wiki/Installation) start with the ISO if you can, it is the easiest way to get Security Onion up and running!

Join the Security Onion Google Group

• Ask some newbie questions
• Be amazed how fast Doug, Brad, Martin and others respond to your cries for help
• Additional geek points can be gathered by joining (CIF-Framework and ELSA Groups)

Sit back suck packets off the wire, drown in way too many snort alerts and finally when you dream about snort and sguil at night you can finally take the next step.

Install VirtualBox on your Security Onion Server

sudo wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -

sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian precise contrib" >> /etc/apt/sources.list'

sudo apt-get update && sudo apt-get install virtualbox-4.2 (4.2 is the latest as of this post)

---

VirtualBox is now installed ! Take a deep breath. We now are going to create a VM from the command line

Download Ubuntu 12.04 (start the download in a separate window and continue on young jedi)

sudo mkdir /nsm/VM && make dir /nsm/VM/ISO
sudo wget -O /nsm/VM/ISO/ubuntu-12.04.2-server-amd642.iso  http://releases.ubuntu.com/precise/ubuntu-12.04.2-server-amd64.iso

sudo mkdir /nsm/VM/CIF/
sudo chmod 664 /nsm/VM/CIF

(Slow down... time to read and make some decisions! Dont just cut and paste these following commands... You need to change # of cpus, memory, disk space and location of your VM's HD to match your system)

Create the VM

sudo VBoxManage createvm -name "CIF" -register
sudo VBoxManage modifyvm "CIF"--ostype Ubuntu_64 --cpus 3 --memory 8192 --usb off
sudo VBoxManage modifyvm "CIF" --ioapic on

(below the settings assume you want the HD of the VM in the /nsm/VM dir.  This is where I have the most space, so choose wisely!)

sudo VBoxManage storagectl "CIF" --name "SATA Controller" --add sata --controller IntelAHCI
sudo VBoxManage createhd --filename /nsm/VM/CIF/CIF.vdi --size 204800
sudo chown root /nsm/VM/CIF/CIF.vdi
sudo chgrp root /nsm/VM/CIF/CIF.vdi
sudo VBoxManage storageattach "CIF" --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium /nsm/VM/CIF/CIF.vdi
sudo VBoxManage storagectl "CIF" --name "IDE Controller" --add ide
sudo VBoxManage storageattach "CIF" --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium /nsm/VM/ISO/ubuntu-12.04.2-server-amd64.iso
sudo VBoxManage modifyvm "CIF" --boot1 dvd
sudo VBoxManage modifyvm "CIF" --nic1 nat

The CIF VM is now created and ready to boot your Ubuntu ISO, you can check your settings

 sudo vboxmanage showvminfo CIF

Next starting up the VM and installing Ubuntu... (Part 2)