What is Oculus Tools?

Oculus Tools is a set of scripts that automates downloading, filtering, and encoding domain lists from various categories (general threats, fake news, gambling, adult content, social networks). The scripts fetch source files, remove duplicates and unnecessary entries, and then encode the final result into Base64 format, ready for use in blocking and traffic analysis systems.

The toolkit includes: download_lists.py (list downloading), prefilter_app (data cleanup), base64coder_app (encoding), and the control script make_base_opt.sh.

Primary use cases include domain blocking for IDS/IPS environments, DNS filtering, proxy servers, and analysis of unwanted network traffic.

What operating systems was the project tested on?

Currently, we are presenting the beta version of the Suri-Oculus system. It has been tested on Fedora 38 and Fedora 39. Testing on Ubuntu 24 and Clear OS is beginning.

Which operating systems can Suri Oculus be installed on?

Currently, packages are available for Fedora 39, Fedora 40, Fedora 41, and 42, as well as CentOS 9.
There are also packages for Debian 12 and Ubuntu 22.04.

How to control daemonmove

Daemonmove (suricata eve.log parser) is usual systemd service and can be managed as usual:

systemctl start daemonmove

systenctl stop daemonmove.

How to configure daemonmove

The configuration file conf.cfg for the daemonmove service is located in the /etc/redismove directory.
This file defines the main operating parameters of the service, including keys for event distribution and paths to log and temporary files.
Keys corresponde to events names.
Main key is redis key to which suricata outputs eve.log.

# Configuration file for the application

application:
{
main:
{
title = “REDISMOVE”;
version = “0.8.2”;
date = “23 Mar 2024”;
};

settings:
{
main_key = “suricata”;
keys = (“alert”, “anomaly”, “dcerpc”, “flow”, “http”, “dns”, “drop”, “stats_report”, “fileinfo”, “tls”, “stats”, “ftp”, “sip”, “smb”, “snmp”, “ssh”, “flow_data”, “tftp”, “ssh”, “bittorrent_dht”, “rdp”, “http2”, “pqsql”, “quic”, “modbus”);
valid_duration = 24;
log_file = “/var/log/suricata/eve.json”;
temp_file = “/tmp/daemonparser/current”;
};

What port does the web client use?

It uses port 7878

What port does the backend service use?

It uses 8080 port.

Didn’t find the information you need?
Ask a question.

Post question
Name