Configuring the VM Network and ufw to allow connections to the new CIF VM
Since the VM is running in NAT mode the Security Onion host can not get to the VM and you can not connect to the VM except using the VirtualBox Console GUI. While perfectly acceptable I find it slow.
So lets make some changes to the network settings of the VM and then allow the UFW firewall on Security Onion to connect.
First start with SSH.
Forward connections to port 2222 on your Security Onion box to port 22 on the CIF VM. The IP address will have to be changed to match the one you wrote down in step two, didnt write it down? Fire up the VirtualBox GUI console and log back into your CIF VM and get the IP, write it down this time.
sudo VBoxManage modifyvm ""CIF"" --natpf1 "guestssh,tcp,,2222,10.0.2.15,22"Anxious to test if it worked? Is your CIF VM Running?
sudo ufw allow 2222/tcp
sudo vboxmanage list runningvmsIs the "guestssh" rule installed in the VM ?
sudo vboxmanage showvminfo CIF | grep guestssh
NIC 1 Rule(0): name = guestssh, protocol = tcp, host ip = , host port = 2222, guest ip = 10.0.2.15, guest port = 22
Is the port 2222 allowed on your Security Onion server?
If you have a successful login. It is time to install CIF. I followed these instructions:
https://code.google.com/p/collective-intelligence-framework/wiki/ServerInstall_Ubuntu12_v1
then back to the Section Labeled BIND here:
https://code.google.com/p/collective-intelligence-framework/wiki/ServerInstall_v1
sudo ufw status | grep 2222Good news, fire up putty or your favorite ssh app and connect to the IP of your Security Onion server on port 2222. You should see the login for your CIF VM! If not reread this section and make sure there are no typos..
2222/tcp ALLOW Anywhere
2222/tcp ALLOW Anywhere (v6)
If you have a successful login. It is time to install CIF. I followed these instructions:
https://code.google.com/p/collective-intelligence-framework/wiki/ServerInstall_Ubuntu12_v1
then back to the Section Labeled BIND here:
https://code.google.com/p/collective-intelligence-framework/wiki/ServerInstall_v1
CIF installed? Great. API keys generated great? One last step. We need to expose port 443 to Security Onion using the same method with the ssh port.
I used 4443 on the Security Onion box, choose what you like.
Check out installing the CIF client on your Security Onion server
https://code.google.com/p/collective-intelligence-framework/wiki/ClientInstall_v1
Stay tuned for more integration.
I used 4443 on the Security Onion box, choose what you like.
sudo ufw allow 4443/tcpYou should now be able to make queries to the CIF web interface with your API KEY.
sudo VBoxManage modifyvm ""CIF"" --natpf1 "guestssl,tcp,,4443,10.0.2.15,443"
Check out installing the CIF client on your Security Onion server
https://code.google.com/p/collective-intelligence-framework/wiki/ClientInstall_v1
Stay tuned for more integration.
No comments:
Post a Comment