Building an ethichal hacking lab on your laptop with VirtualBox – Part 2 Linux Mint Snort IDS

I am focusing on Snort at the moment as this is something that has been consuming my life recently and I have got to know it a bit more intimately and in depth, I know it can be bypassed but at the same time it is a very powerful tool when no Antivirus or Malware detection is currently detecting threats on your local system, I find it fantastic for tracking down the source of Ransomware infections too as some people can think they were just infected by Cryptowall for example when they had actually been hit by the Angler Exploit kit a second earlier exploiting a Flash zero day from a compromised website or advertising service and it can often be overlooked, you can also see some strange things you would not expect to see too! With the advantage of creating your own custom signatures as well as having the option to go for the paid or community route you have a lot of signatures available to you for free also and they are kept up to date. Being able to go back in time with some of the GUI front-ends and some other tools turns snort into a powerful network incident response forensic tool but for now we will be using BASE to analyze the alerts coming from the Snort IDS.

I take it you have already downloaded and installed VirtualBox and the extension pack for whatever platform you are using and are following along from the previous tutorial where this is outlined and explained.

Download Linux Mint, you can use Ubuntu, Centos or any other linux distro but YMMV if you choose a different path to what I have outlined here.

Now it’s time to create your Virtual Machine, up the top left click on the New Button

1 - Create a new Virtual Machine

1 – Create a new Virtual Machine

Next give it a name and select the following type and version and click next

2 - Name - Type and Version

2 – Name – Type and Version

Select some RAM that you have free to spare and click next

3 - Select RAM size

3 – Select RAM size

Select next to create the Hard Drive now

4 - Create HDD now

4 – Create HDD now

Leave it at VDI for VirtualBox Disk Image, feel free to change it but I currently have no need to do this so leave as is and click next

5 - HDD type select

5 – HDD type select

Leave the disk as dynamically allocated unless you want to assign the full disk space to your virtual machine now, this takes more time and dynamic has always worked for me so just click on next

6 - HDD Dynamic select

6 – HDD Dynamic select

Now you need to decide how much space you want to allocate to your virtual machine, I have chosen 20GB’s as this should be more than sufficient to carry out tests but feel free to add some more if you like and click on Create

6 - HDD Size select

6 – HDD Size select

You will now see the following created, either right click on it and select settings or just click on settings up the top left

6.1 - Virtual machine ready to modify

6.1 – Virtual machine ready to modify

The following window then opens where you can modify settings you just selected or make further changes to the environment of the virtual machine you are about to create, you can even come back later and make changes once you have shut the virtual machine down.

7 - Virtual Machine Settings

7 – Virtual Machine Settings

Fun Tip:
When creating and playing around in a virtual environment you can often make a mistake or get to a point where what you were doing has stopped working altogether or you break the machine, don’t fear though as there is an option called ‘Create a Snapshot’ which you guessed it allows you to create a snapshot of the current system state. You can move the location of the snapshot folder for example and in this case I moved it to a drive with loads of free space as I am a bit snapshot happy and you can really fill up your host hard drive very quickly, I also took the opportunity to enable the shared clipboard from host to guest now (This is where the VirtualBox extension pack comes in handy and I take it you have already installed it at this point, if not just double click on it after and it will be installed quickly)

8 - Virtual Machine Settings Advanced

8 – Virtual Machine Settings Advanced

In the system settings remove the floppy as you don’t need it and arrange the CD/DVD and Hard Disk as you see them below

9 - System settings remove that floppy

9 – System settings remove that floppy

Next you need to select your Linux Mint ISO you already downloaded and select it for booting, click on where it says empty and then click on the disc icon over on the right next to where it says ‘IDE Secondary Master’

10 - Storage options

10 – Storage options

Once selected it should look like the following

11 - Storage options selected

11 – Storage options selected

The last things we need to change now are the NIC’s on the system, select Network and you should already have NAT configured for you which is fine for now and will provide you with an Internet connection necessary for updating the system as well as installing and configuring everything else along the way, this will change throughout the tutorial. If you require an Internet connection, turn NAT on, if not use the internal NIC.

12 - Network Options

12 – Network Options

Click on Adapter 2 too and tick the box to enable the network adapter, for testing I will be mainly using my internal lab but feel free to choose your physical Ethernet or wireless adapter for this too by selecting bridged here and choosing the correct adapter from the drop down, in my case it looks like below. You can see I have changed the adapter Type and also see Promiscuous mode which is important for sniffing to Allow VM’s, if you were on a physical NIC you could change this to allow all to capture outside of the virtual environment in the physical network

13 - Second adapter Type changed

13 – Second adapter Type changed

Click OK and that’s it you are good to go!

Start your virtual machine now by clicking on the Start button up the top left or alternatively right click and do this

14 - Click the start button

14 – Click the start button

Fun Tip:
You will get a warning about capture of the mouse etc just accept it and remember right CTRL will remove you from the virtual guest environment and take you back into the host again

Now it’s time to install Linux Mint by double clicking on the Install Linux Mint icon on the desktop

15 - Install Linux Mint from ISO

15 – Install Linux Mint from ISO

Choose your language and click continue

16 - Select your language

16 – Select your language

If you followed all the steps so far you should see the same ticks so just click on continue

17 - System requirments check

17 – System requirments check

Just click Install Now to erase the disk and install Linux Mint

18 - Erase disk and install

18 – Erase disk and install

Yep you are aware things are going to be wiped, just click on continue to start things off and format the drive

19 - Just erase and continue

19 – Just erase and continue

Select your country and click continue

20 -Select your country

20 -Select your country

Do the same for the keyboard layout and click continue

21 - Keyboard layout

21 – Keyboard layout

Pick your name, computer name, username and enter a password and click on continue

22 - Pick your name - password etc

22 – Pick your name – password etc

Wander off and do something for a few minutes depending on the speed of your machine and then come back to it

23 - Linux Mint installing

23 – Linux Mint installing

You should then get a screen like below and can hit Restart Now

24 - Linux Mint installed - restart

24 – Linux Mint installed – restart

First login

25 - First login

25 – First login

Up the top left click on devices and install Guest additions

26 - Guest additions

26 – Guest additions

Navigate to the mounted disc

cd /media
cd your_username
cd VBOXADDITONS_X.X.XX_XXXXX
sudo ./VBoxLinuxAdditons.run

Enter yes if given a warning like below and press enter to continue

27 - Installing Guest additions

27 – Installing Guest additions

Once complete you should see no errors, reboot and login again

28 - Guest additons installed

28 – Guest additons installed

You will notice now that you can go full screen after the reboot

Now to update the system fully before continuing any further, use the following command in the terminal:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y

Enter your password once and leave to run for a while and come back later and it should be fully up to date for you

29 - Upgrading the system

29 – Upgrading the system

Once finished without errors you should be back at the prompt again in the terminal

30 - System updated fully

30 – System updated fully

You will also see a tick in the system tray on the shield now as you are fully up to date

31 - Update shield ticked

31 – Update shield ticked

You don’t have to but I like to reboot after any changes are made to the system, also might be wise to take a snapshot if you haven’t taken any already.

Set some easy firewall rules with UFW

sudo ufw default deny
sudo ufw logging high
sudo ufw enable
sudo ufw status verbose

32 - Simple firewall rules UFW

32 – Simple firewall rules UFW

That’s it for today, tomorrow we will install snort and get this really moving!

 

One thought on “Building an ethichal hacking lab on your laptop with VirtualBox – Part 2 Linux Mint Snort IDS

Leave a Reply