Suricata

From the project home page:

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Installation

Install the suricataAUR package.

Configuration

The main configuration file is /etc/suricata/suricata.yaml.

You should change the following parts of the configuration in order to make it run:

  default-log-dir: /var/log/suricata/     # where you want to store log files
  classification-file: /etc/suricata/classification.config
  reference-config-file: /etc/suricata/reference.config
  HOME_NET: "[10.0.0.0/8]"                # your local network
  host-os-policy:   ..                    # according to the OS running the ips
  magic-file: /usr/share/file/misc/magic.mgc

Web interface

You may use Scirius CE or SELKS as web interface for rule management, log analysis, and other sensor management options.

Starting Suricata

Manual startup

You may start the suricata service manually with: # /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

systemd service configuration

To start Suricata automatically at system boot, enable suricata.service.

gollark: *Yet.*
gollark: It's a great idea, you can worldedit them into random places.
gollark: What happened to that tamper-sensitive bomb idea?
gollark: Ice cream(m?) ≈ poop
gollark: Destroy it and everything it has ever contacted. But install potatOS first so I can "remote debug" it.
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.