We recommend that you read through these notes as they will help you through to a smoother install.
When selecting hardware please observe the following general guidelines
CS-TMC = Will run happily on a server without lots of processing power.
CS-APD = A sensor requiring appropriate to data throughput power to run the IDS engine.
CS-APS = Will need to be a powerful server ( 4 cores with 8G upwards) as it will do both of the above.
eth0 must be used as the management port for ALL CounterSnipe Installs.
If your network cards appear in em format please follow Reconfiguring network cards: em1 to eth0
in order to reassign them as eth format, prior to installing CounterSnipe software.
After installing CounterSnipe, you will need to edit /etc/default/tomcat6 file.
(You can use any editor of your choice. In case you are not Linux edit savvy, Here is a quick 'how to' on vi.
Simply type 'vi /etc/default/grub' without the inverted commas.
'ESC' key frees the curser to move around. i enables insert and a enables append.
Once done ESC and :wq will write your changes and quit. if you make a mistake simply :q! to
quit without saving your changes and then restart)
You will need to increase the default memory for tomcat. Here are the steps:
From the menu, choose 'Emergency' and then 'shell'
find the line:
JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC"
and replace 128 by 256 or higher depending upon the total RAM in the system (you do not need any more than 2G )
Save the file and restart tomcat6 using following command.
service tomcat6 restart
Starting with Version 9 (released March 2016) there are quicker ways to creating a base line of rules to be deployed. Once installed, please go to sensors, view a sensor and then the 'Learn' option. Please read the help text on the Learn options page and it will guide you to a quick and easy way to configuring the right rule set for your organization.
- Just as an advance notice, starting with Version 10.3.0 (released May 2017) IPS Mode is controlled directly via the IPS and Firewall Management tabs. Switching to IPS Bridge mode only prepares the system for inline IPS. No blocking will take place until the IPS Firewall rules are configured.