Suricata
From the project home page:
- Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
Contents
Installation
Install suricataAUR from the AUR.
Configuration
The main configuration file is /etc/suricata/suricata.yaml
.
You should change the following parts of the config in order to make it run:
default-log-dir: /var/log/suricata/ # where you want to store log files classification-file: /etc/suricata/classification.config reference-config-file: /etc/suricata/reference.config HOME_NET: "[10.0.0.0/8]" # your local network host-os-policy: .. # according to the OS running the ips magic-file: /usr/share/file/misc/magic.mgc
Web interface
You may use snorby [1] as web interface.
Starting Suricata
Manual startup
You may start the suricata service manually with:
# /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0
Systemd service configuration
To start suricata automatically at system boot, enable suricata@<interface>.service
.
For example, if the network interface is eth0
, the service name is suricata@eth0.service
.