Suricata

From the project home page:

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Installation

Install the suricata^AUR package.

Configuration

The main configuration file is /etc/suricata/suricata.yaml.

You should change the following parts of the configuration in order to make it run:

  default-log-dir: /var/log/suricata/     # where you want to store log files
  classification-file: /etc/suricata/classification.config
  reference-config-file: /etc/suricata/reference.config
  HOME_NET: "[10.0.0.0/8]"                # your local network
  host-os-policy:   ..                    # according to the OS running the ips
  magic-file: /usr/share/file/misc/magic.mgc

Web interface

You may use Scirius CE or SELKS as web interface for rule management, log analysis, and other sensor management options.

Starting Suricata

Manual startup

You may start the suricata service manually with: # /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

systemd service configuration

To start Suricata automatically at system boot, enable suricata.service.

gollark: But the IRC bridge bot is separate, for purposes only.

gollark: You can see it in the sidebar.

gollark: No, it still exists.

gollark: <@356107472269869058> please inviteinate. And give it "manage webhooks" in here also.

gollark: https://discordapp.com/oauth2/authorize?&client_id=747764575587270718&scope=bot&permissions=0

This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.