Raspberry Pi: Howto build a Local Network Monitor for Intrusion Logging Watchdog

Today the count of network devices at home networks grows up weekly, cause more and more home devices like freezers, coffee engines, dishwasher and more got builtin wifi interfaces. To have a Control Unit you can use a raspberry pi2 as cheap Network Monitor Logger.

The Raspian by default offers builtin free tools, like arp, arp-scan, nmap, ping to easy monitor a network. If you have learned some commands and the bash scripting you can fast create a Network Logger, perhaps with analyse tools to mail alerts if new “MAC” NIC Adresses are seen. Every network device uses a owned MAC-ID like “00:d0:23:09:df:XX”. Thats like a car chassis number.

 

arp-scan
arp-scan

How to Setup:

  1. Install Raspian (Debian) on a SDCARD for PI2
  2. Boot the PI2 to Raspian
  3. Upgrade the OS
  4. Install lighttpd as Webserver for Outputs and start him
  5. Install the  Networktools “arp, arp-scan, nmap, ping”
  6. Edit root crontab to run the commands every minute like “* * * * *  /usr/sbin/arp-scan -l -I eth0 > /var/www/arp1/2-scan.log”
  7. Open a webbrowser to http://pi2/arp-scan.log #You should see the Text like inside the Image
  8. write a bash script with the “diff” or “md5sums” command to check the arp1-scan.log against the arp2-scan.log if any changes you can output a mail thru exim4 mailserver..

Advantage? A Pi2 is a powerful LAN WATCHDOG with 1Watt/hour and Mail Output Support to your devices! for free..

Owncloud: Howto harden owncloud access with a ssh tunnel and squid

If you want to use a private secure owncloud (WebDAV Space Server) as Backup for all your devices you can harden the access thru a openssh Login with key auth and a squid as relay.

  • Install apache2, php5, mysql-Server, openssh, squid3
  • config Apache2 to listen on https://localhost:443
  • setup squid3  and config the Proxy to listen only on localhost:3128
  • install owncloud to /var/WWW with forced “https” settings at the config.php
  • create ssh-keys to auth with password protected key to the SSH Server

If done, you can access the private Backup-Server via a Terminal/ Putty with the Tunneling Options

  1. $ssh -L 3128:localhost:3128 username@owncloudserver.home
  2. Open your Browser on your Client/PC with enabled Proxy usage = localhost 3128
  3. Connect the WebDAV by the URL https://localhost/ the owncloud Login should be displayed! Same with the WebDAV URL possible!

Advantage? You have a two factor protected Owncloud Access, with encryption inside a encrypted SSH Tunnel! Nobody should see files which are transmitted! Thats a tube inside a tube ..