Suricata Installation
Zur Navigation springen
Zur Suche springen
Installation
- sudo apt update
- sudo apt -y install suricata
- systemctl stop suricata
- suricata -V
This is Suricata version 6.0.1 RELEASE
Update Rules
- suricata-update
Suricata minimale Konfiguration
- vim /etc/suricata/suricata.yaml
%YAML 1.1 --- # Variablen für die Adressgruppen festlegen vars: address-groups: LAN: "[172.16.1xx.0/24]" DMZ: "[10.0.1xx.0/24]" INTERNAL_NET: "[$LAN,$DMZ]" EXTERNAL_NET: "!$INTERNAL_NET" # Standard-Log-Verzeichnis default-log-dir: /var/log/suricata/ # Statistiken aktivieren stats: enabled: yes interval: 8 # Ausgaben konfigurieren outputs: - fast: enabled: yes filename: fast.log append: yes - alert-debug: enabled: yes filename: alert-debug.log append: yes - stats: enabled: yes filename: stats.log append: yes totals: yes threads: no # Logging-Einstellungen logging: default-log-level: notice outputs: - console: enabled: yes - file: enabled: yes level: info filename: suricata.log # Netzwerkschnittstellen konfigurieren af-packet: - interface: enp0s3 threads: auto cluster-id: 97 cluster-type: cluster_flow defrag: yes - interface: enp0s8 threads: auto cluster-id: 98 cluster-type: cluster_flow defrag: yes - interface: enp0s9 threads: auto cluster-id: 99 cluster-type: cluster_flow defrag: yes # PID-Datei pid-file: /var/run/suricata.pid # Coredump-Einstellungen coredump: max-dump: unlimited # Host-Modus host-mode: auto # Unix-Befehlseingabe konfigurieren unix-command: enabled: yes filename: /var/run/suricata-command.socket # Engine-Analyse-Einstellungen engine-analysis: rules-fast-pattern: yes rules: yes # Defragmentierungseinstellungen defrag: memcap: 32mb hash-size: 65536 trackers: 65535 max-frags: 65535 prealloc: yes timeout: 60 # Standardregelverzeichnis default-rule-path: /etc/suricata/rules # Regel-Dateien rule-files: - local.rules # Klassifikationsdatei classification-file: /etc/suricata/classification.config # Referenzkonfigurationsdatei reference-config-file: /etc/suricata/reference.config