A few months ago I programmed a small script that allowed me to turn my Raspberry Pi into an intrusion detector for my home network. This script is activated from time to time and when it detects an unknown device it sends us a notification via Telegram. If you still don’t know how to create a bot in Telegram click here where I explain how to create one in less than 5 minutes.
NMAP installation
. Our intrusion detector works thanks to the NMAP tool, so we will have to install it in our Raspbian. Before installing NMAP we will update the Linux packages:
sudo apt-get update
After that we will install NMAP using the following command:
sudo apt-get install nmap -y
Here is an image of what the installation process would look like.
Download IDS
. Once we have installed this tool, we will create a folder for our scripts (if we don’t have it yet).
mkdir scripts
We will go to our folder named scripts and download the program as follows:
cd scripts git clone https://github.com/CarlosPCL98/IDS.git
This whole process should look like this on your terminal:
This should have created a folder called IDS , enter it with the following command:
cd IDS
Script configuration
. Now we must modify some parameters of the files contained in the IDS directory, first we will modify the file named ids.sh.
We will open it as follows:
nano ids.sh
In lines 12 and 13 we will add the token of our Telegram bot and our user ID:
# Write the IP of your network // Escribe la IP de tu red RED=”192.168.0.0/24“
These 3 variables should be populated as follows:
In line 19, we will modify the path of the white_list.txt file (if we have downloaded our script in a different directory).
Finally, save the changes by pressing Ctrl+O.
Add known MAC addresses
.
The next step is to add the MAC addresses of the devices that we want our intrusion detector to know, the known MAC addresses are stored in the file white_list.txt. We open this file using the following command:
nano white_list.txt
The file white_list.txt contains the following example:
Now we must write down the MAC addresses of the computers in our network and write them in this file with the same format as shown in the example. To perform our first tests I recommend that you leave some equipment without putting in this document, in order to verify that our alerts are sent correctly.
Once we have our MAC addresses captured in this file we save by pressing Ctrl+O.
Verification that the script works
.
Now let’s run our script and check if it works:
bash ids.sh
The script will take a few seconds because the nmap command takes some time to map our entire network. When it is finished we will have a view similar to this:
If we check our Telegram we should have received a message similar to this:
.
Create scheduled task
With this test we already know that our program works, but the interesting thing about this is that this script runs automatically from time to time.
To do this we will create a scheduled task that runs this script in the background.
To create the scheduled task we will edit the crontab(it is the file used by Linux to manage the scheduled tasks), we will open the file using the following command:
crontab -e
We go down to the end of the file and paste the following lines:
#Every 30 minutes it will check if there is an intruder in our network. */30 * * * * * * bash /home/pi/scripts/IDS/IDS/ids.sh
Make sure that the path to the program is correct and save the changes with Ctrl+O. This will make our intruder detector to run automatically every 30 minutes.
This would be the end of my explanation so that your Raspberry can detect intruders and notify you via Telegram. I hope you found it helpful, and feel free to ask any questions or make any suggestions in the comments. Thank you!
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Leave a Reply