Suricata

From the project home page:

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Installation

Install the suricata^AUR package.

Configuration

The main configuration file is /etc/suricata/suricata.yaml.

You should change the following parts of the configuration in order to make it run:

  default-log-dir: /var/log/suricata/     # where you want to store log files
  classification-file: /etc/suricata/classification.config
  reference-config-file: /etc/suricata/reference.config
  HOME_NET: "[10.0.0.0/8]"                # your local network
  host-os-policy:   ..                    # according to the OS running the ips
  magic-file: /usr/share/file/misc/magic.mgc

Web interface

You may use Scirius CE or SELKS as web interface for rule management, log analysis, and other sensor management options.

Starting Suricata

Manual startup

You may start the suricata service manually with: # /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

systemd service configuration

To start Suricata automatically at system boot, enable suricata.service.

gollark: We could add triple backticks to make Discord unable to embed the name too.

gollark: ```/\$$^π*'"><[]{})@`[NUL BYTE]%+```or something.

gollark: We should make an esolang with a name with so many special characters that no wiki or website will be able to name it.

gollark: I remember one time I made an int subclass supporting all operations but horribly mucked up in exciting ways.

gollark: Why.

This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.