Difference between revisions of "Suricata: Instalasi di Ubuntu 18.04"
Onnowpurbo (talk | contribs) (Created page with "Sumber: https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/ ==Referensi== * https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/ ==Pranala...") |
Onnowpurbo (talk | contribs) |
||
| Line 2: | Line 2: | ||
| + | Installing Suricata from PPA repository | ||
| + | Even though Suricata is available on the default Ubuntu 18.04 repositories, it may not be up-to-date. As a result, to ensure that you got the latest version installed, you need to add the following PPA repository. | ||
| + | sudo add-apt-repository ppa:oisf/suricata-stable | ||
| + | sudo apt update | ||
| + | |||
| + | Once the PPA repo is set, install Suricata with the package manager. | ||
| + | |||
| + | apt-cache policy suricata | ||
| + | suricata: | ||
| + | Installed: 4.1.2-0ubuntu6 | ||
| + | Candidate: 4.1.2-0ubuntu6 | ||
| + | Version table: | ||
| + | *** 4.1.2-0ubuntu6 500 | ||
| + | 500 http://ppa.launchpad.net/oisf/suricata-stable/ubuntu bionic/main amd64 Packages | ||
| + | 100 /var/lib/dpkg/status | ||
| + | 3.2-2ubuntu3 500 | ||
| + | 500 http://ke.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages | ||
| + | |||
| + | sudo apt install suricata | ||
| + | |||
| + | You can instead install Suricata with debugging enabled. | ||
| + | |||
| + | sudo apt install suricata-dbg | ||
| + | |||
| + | That is all with installation. At the end of installation, you will have Suricata rules under /etc/suricata/rules/ and the main configuration file under /etc/suricata/suricata.yaml. | ||
| + | |||
| + | To list the Suricata rules; | ||
| + | |||
| + | ls -C /etc/suricata/rules/ | ||
| + | app-layer-events.rules emerging-attack_response.rules emerging-malware.rules emerging-telnet.rules LICENSE | ||
| + | botcc.portgrouped.rules emerging-chat.rules emerging-misc.rules emerging-tftp.rules modbus-events.rules | ||
| + | botcc.rules emerging-current_events.rules emerging-mobile_malware.rules emerging-trojan.rules nfs-events.rules | ||
| + | BSD-License.txt emerging-deleted.rules emerging-netbios.rules emerging-user_agents.rules ntp-events.rules | ||
| + | ciarmy.rules emerging-dns.rules emerging-p2p.rules emerging-voip.rules sid-msg.map | ||
| + | classification.config emerging-dos.rules emerging-policy.rules emerging-web_client.rules smb-events.rules | ||
| + | compromised-ips.txt emerging-exploit.rules emerging-pop3.rules emerging-web_server.rules smtp-events.rules | ||
| + | compromised.rules emerging-ftp.rules emerging-rpc.rules emerging-web_specific_apps.rules stream-events.rules | ||
| + | decoder-events.rules emerging-games.rules emerging-scada.rules emerging-worm.rules suricata-4.0-enhanced-open.txt | ||
| + | dnp3-events.rules emerging-icmp_info.rules emerging-scan.rules files.rules tls-events.rules | ||
| + | dns-events.rules emerging-icmp.rules emerging-shellcode.rules gpl-2.0.txt tor.rules | ||
| + | drop.rules emerging-imap.rules emerging-smtp.rules http-events.rules | ||
| + | dshield.rules emerging-inappropriate.rules emerging-snmp.rules ipsec-events.rules | ||
| + | emerging-activex.rules emerging-info.rules emerging-sql.rules kerberos-events.rules | ||
Revision as of 08:52, 30 March 2020
Sumber: https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/
Installing Suricata from PPA repository
Even though Suricata is available on the default Ubuntu 18.04 repositories, it may not be up-to-date. As a result, to ensure that you got the latest version installed, you need to add the following PPA repository.
sudo add-apt-repository ppa:oisf/suricata-stable sudo apt update
Once the PPA repo is set, install Suricata with the package manager.
apt-cache policy suricata
suricata:
Installed: 4.1.2-0ubuntu6
Candidate: 4.1.2-0ubuntu6
Version table:
*** 4.1.2-0ubuntu6 500
500 http://ppa.launchpad.net/oisf/suricata-stable/ubuntu bionic/main amd64 Packages
100 /var/lib/dpkg/status
3.2-2ubuntu3 500
500 http://ke.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
sudo apt install suricata
You can instead install Suricata with debugging enabled.
sudo apt install suricata-dbg
That is all with installation. At the end of installation, you will have Suricata rules under /etc/suricata/rules/ and the main configuration file under /etc/suricata/suricata.yaml.
To list the Suricata rules;
ls -C /etc/suricata/rules/ app-layer-events.rules emerging-attack_response.rules emerging-malware.rules emerging-telnet.rules LICENSE botcc.portgrouped.rules emerging-chat.rules emerging-misc.rules emerging-tftp.rules modbus-events.rules botcc.rules emerging-current_events.rules emerging-mobile_malware.rules emerging-trojan.rules nfs-events.rules BSD-License.txt emerging-deleted.rules emerging-netbios.rules emerging-user_agents.rules ntp-events.rules ciarmy.rules emerging-dns.rules emerging-p2p.rules emerging-voip.rules sid-msg.map classification.config emerging-dos.rules emerging-policy.rules emerging-web_client.rules smb-events.rules compromised-ips.txt emerging-exploit.rules emerging-pop3.rules emerging-web_server.rules smtp-events.rules compromised.rules emerging-ftp.rules emerging-rpc.rules emerging-web_specific_apps.rules stream-events.rules decoder-events.rules emerging-games.rules emerging-scada.rules emerging-worm.rules suricata-4.0-enhanced-open.txt dnp3-events.rules emerging-icmp_info.rules emerging-scan.rules files.rules tls-events.rules dns-events.rules emerging-icmp.rules emerging-shellcode.rules gpl-2.0.txt tor.rules drop.rules emerging-imap.rules emerging-smtp.rules http-events.rules dshield.rules emerging-inappropriate.rules emerging-snmp.rules ipsec-events.rules emerging-activex.rules emerging-info.rules emerging-sql.rules kerberos-events.rules