Difference between revisions of "Suricata: Instalasi di Ubuntu 22.04"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 21: | Line 21: | ||
Sebaiknya di baca2 isi file2 di /etc/suricata/rules/ | Sebaiknya di baca2 isi file2 di /etc/suricata/rules/ | ||
| + | |||
| + | ==Perbaikan konfigurasi== | ||
| + | |||
| + | Edit | ||
| + | |||
| + | vi /etc/suricata/suricata.yaml | ||
| + | |||
| + | Pastikan | ||
| + | |||
| + | # Linux high speed capture support | ||
| + | af-packet: | ||
| + | - interface: enp0s3 | ||
| + | |||
| + | ## | ||
| + | ## Configure Suricata to load Suricata-Update managed rules. | ||
| + | ## | ||
| + | |||
| + | default-rule-path: /etc/suricata/rules | ||
| + | |||
| + | rule-files: | ||
| + | - app-layer-events.rules | ||
| + | - dnp3-events.rules | ||
| + | - http2-events.rules | ||
| + | - kerberos-events.rules | ||
| + | - nfs-events.rules | ||
| + | - smtp-events.rules | ||
| + | - decoder-events.rules | ||
| + | - dns-events.rules | ||
| + | - http-events.rules | ||
| + | - modbus-events.rules | ||
| + | - ntp-events.rules | ||
| + | - stream-events.rules | ||
| + | - dhcp-events.rules | ||
| + | - files.rules | ||
| + | - ipsec-events.rules | ||
| + | - mqtt-events.rules | ||
| + | - smb-events.rules | ||
| + | - tls-events.rules | ||
==Start Restart Stop== | ==Start Restart Stop== | ||
| + | |||
| + | Perintah untuk start restart dan stop suricata adalah sebagai berikut, | ||
/etc/init.d/suricata restart | /etc/init.d/suricata restart | ||
/etc/init.d/suricata start | /etc/init.d/suricata start | ||
/etc/init.d/suricata stop | /etc/init.d/suricata stop | ||
| + | |||
| + | |||
| + | ==Cek== | ||
| + | |||
| + | Ada baiknya kita cek suricata apakah ada error di konfigurasi atau tidak melalui perintah berikut, | ||
| + | |||
| + | /usr/bin/suricata --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid | ||
| + | /usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid | ||
| + | |||
| + | Switch -D menunjukan suricata akan di operasikan sebagai daemon atau berjalan di belakang layar. | ||
| + | |||
| + | |||
| + | ==Install Rules== | ||
| + | |||
| + | Yang tidak kalah pentig adalah instalasi community rules. Ini bisa di ambil dari community rules dari snort di bawah ini, | ||
| + | |||
| + | cd /home/onno | ||
| + | wget https://www.snort.org/downloads/community/snort3-community-rules.tar.gz | ||
| + | tar xzf snort3-community-rules.tar.gz -C /etc/suricata/rules/ | ||
| + | mv /etc/suricata/rules/snort3-community-rules/snort3-community.rules /etc/suricata/rules/ | ||
| + | |||
| + | Masukan snort community rules ke konfigurasi suricata | ||
| + | |||
| + | vi /etc/suricata/suricata.yaml | ||
| + | |||
| + | Pastikan, | ||
| + | |||
| + | ## | ||
| + | ## Configure Suricata to load Suricata-Update managed rules. | ||
| + | ## | ||
| + | default-rule-path: /etc/suricata/rules | ||
| + | rule-files: | ||
| + | - app-layer-events.rules | ||
| + | - snort3-community.rules | ||
| + | |||
| + | Cek apakah rules bisa beroperasi dengan baik, | ||
| + | |||
| + | /usr/bin/suricata --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid | ||
| + | |||
| + | Kemungkinan besar akan banyak error dari snort rules jika dijalankan di suricata. | ||
==Referensi== | ==Referensi== | ||
Latest revision as of 06:02, 10 July 2023
Sumber: https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/
Update Repo dan Install
Update
sudo apt update
Instalasi normal,
sudo apt -y install suricata
Instalasi dengan fasilitas debugging di enabled,
sudo apt -y install suricata-dbg
Selesai sudah,
- Suricata rules berada di /etc/suricata/rules/
- File konfigurasi di /etc/suricata/suricata.yaml.
Sebaiknya di baca2 isi file2 di /etc/suricata/rules/
Perbaikan konfigurasi
Edit
vi /etc/suricata/suricata.yaml
Pastikan
# Linux high speed capture support af-packet: - interface: enp0s3
## ## Configure Suricata to load Suricata-Update managed rules. ## default-rule-path: /etc/suricata/rules rule-files: - app-layer-events.rules - dnp3-events.rules - http2-events.rules - kerberos-events.rules - nfs-events.rules - smtp-events.rules - decoder-events.rules - dns-events.rules - http-events.rules - modbus-events.rules - ntp-events.rules - stream-events.rules - dhcp-events.rules - files.rules - ipsec-events.rules - mqtt-events.rules - smb-events.rules - tls-events.rules
Start Restart Stop
Perintah untuk start restart dan stop suricata adalah sebagai berikut,
/etc/init.d/suricata restart /etc/init.d/suricata start /etc/init.d/suricata stop
Cek
Ada baiknya kita cek suricata apakah ada error di konfigurasi atau tidak melalui perintah berikut,
/usr/bin/suricata --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid /usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid
Switch -D menunjukan suricata akan di operasikan sebagai daemon atau berjalan di belakang layar.
Install Rules
Yang tidak kalah pentig adalah instalasi community rules. Ini bisa di ambil dari community rules dari snort di bawah ini,
cd /home/onno wget https://www.snort.org/downloads/community/snort3-community-rules.tar.gz tar xzf snort3-community-rules.tar.gz -C /etc/suricata/rules/ mv /etc/suricata/rules/snort3-community-rules/snort3-community.rules /etc/suricata/rules/
Masukan snort community rules ke konfigurasi suricata
vi /etc/suricata/suricata.yaml
Pastikan,
## ## Configure Suricata to load Suricata-Update managed rules. ## default-rule-path: /etc/suricata/rules rule-files: - app-layer-events.rules - snort3-community.rules
Cek apakah rules bisa beroperasi dengan baik,
/usr/bin/suricata --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid
Kemungkinan besar akan banyak error dari snort rules jika dijalankan di suricata.