Difference between revisions of "Suricata: Instalasi di Ubuntu 22.04"

Sumber: https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/

Update Repo dan Install

Update

sudo apt update

Instalasi normal,

sudo apt -y install suricata

Instalasi dengan fasilitas debugging di enabled,

sudo apt -y install suricata-dbg

Selesai sudah,

• Suricata rules berada di /etc/suricata/rules/
• File konfigurasi di /etc/suricata/suricata.yaml.

Sebaiknya di baca2 isi file2 di /etc/suricata/rules/

Perbaikan konfigurasi

Edit

vi /etc/suricata/suricata.yaml

Pastikan

# Linux high speed capture support
af-packet:
  - interface: enp0s3

##
## Configure Suricata to load Suricata-Update managed rules.
##

default-rule-path: /etc/suricata/rules
 
rule-files:
  - app-layer-events.rules
  - dnp3-events.rules
  - http2-events.rules
  - kerberos-events.rules
  - nfs-events.rules
  - smtp-events.rules
  - decoder-events.rules
  - dns-events.rules
  - http-events.rules
  - modbus-events.rules
  - ntp-events.rules
  - stream-events.rules
  - dhcp-events.rules
  - files.rules
  - ipsec-events.rules
  - mqtt-events.rules
  - smb-events.rules
  - tls-events.rules

Start Restart Stop

/etc/init.d/suricata restart
/etc/init.d/suricata start
/etc/init.d/suricata stop

Cek

/usr/bin/suricata --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid

/usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid

Referensi

• https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/

Pranala Menarik

• Suricata
• Suricata (software)
• Suricata: Instalasi di Ubuntu
• Suricata: Instalasi di Ubuntu 18.04
• Suricata: Konfigurasi Minimal Ubuntu 18.04
• Suricata: Test DDoS Attack
• Suricata: Konfigurasi Dasar
• Suricata: Manajemen Rule dengan Oinkmaster
• Suricata: Instalasi Snorby & barnyard2