search
githubEdit

๐ŸฆInstalling and Configuring Network Based IDS In Ubuntu: Suricata

Logo2. Quickstart guide โ€” Suricata 9.0.0-dev documentationdocs.suricata.iochevron-right

hashtag
Install Suricata In Ubuntu

$ sudo apt install suricata

hashtag
Modify The Configuration File

  • In the Line no 15 Change the HOME_NET IP address subnet to your machines IP subnet

  • In the Line no 580 change the Interface from eth0 to your local interface name (In my case it is enp0s3)

  • In the Line no 661 change the Interface from eth0 to your local interface name (In my case it is enp0s3)

  • In the Line no 129 change the community-id from false to true

  • You can add custom rules after Line no 1875

hashtag
Update Suricata

hashtag
List Suricata Rules

hashtag
Download Rulesets

hashtag
Enable A Source

circle-info

malsilo/win-malware is the name of the source. You can choose any name after running sudo suricata-update list-sources

circle-info

Update suricata after enabling a new source.

hashtag
Test The Suricata Configuration File

hashtag
Run Suricata

hashtag
View The Logs

hashtag
Test If The Data Is Logged Or Not?

hashtag
Make a Curl Request

hashtag
View The Logs

hashtag
Suricata Custom Rules

hashtag
Create a Custom Rule

hashtag
Add the Below Line In local.rules file

hashtag
Add the local.rules file name/path in suricata.yaml file

  • Add the below text after the Line no 1875 in suricata.yaml file

  • Save the file and exit

hashtag
Install jq

hashtag
View the Latest Logs

PreviousNetwork SecurityNextOpenSSL

Last updated