Suricata Installation
Zur Navigation springen
Zur Suche springen
Installation
- sudo apt update
- sudo apt -y install suricata
- systemctl stop suricata
- suricata -V
This is Suricata version 6.0.1 RELEASE
Update Rules
- suricata-update
Suricata minimale Konfiguration
- vim /etc/suricata/suricata.yaml
%YAML 1.1
---
# Variablen für die Adressgruppen festlegen
vars:
address-groups:
LAN: "[172.16.1xx.0/24]"
DMZ: "[10.0.1xx.0/24]"
INTERNAL_NET: "[$LAN,$DMZ]"
EXTERNAL_NET: "!$INTERNAL_NET"
# Standard-Log-Verzeichnis
default-log-dir: /var/log/suricata/
# Statistiken aktivieren
stats:
enabled: yes
interval: 8
# Ausgaben konfigurieren
outputs:
- fast:
enabled: yes
filename: fast.log
append: yes
- alert-debug:
enabled: yes
filename: alert-debug.log
append: yes
- stats:
enabled: yes
filename: stats.log
append: yes
totals: yes
threads: no
# Logging-Einstellungen
logging:
default-log-level: notice
outputs:
- console:
enabled: yes
- file:
enabled: yes
level: info
filename: suricata.log
# Netzwerkschnittstellen konfigurieren
af-packet:
- interface: enp0s3
threads: auto
cluster-id: 97
cluster-type: cluster_flow
defrag: yes
- interface: enp0s8
threads: auto
cluster-id: 98
cluster-type: cluster_flow
defrag: yes
- interface: enp0s9
threads: auto
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
# PID-Datei
pid-file: /var/run/suricata.pid
# Coredump-Einstellungen
coredump:
max-dump: unlimited
# Host-Modus
host-mode: auto
# Unix-Befehlseingabe konfigurieren
unix-command:
enabled: yes
filename: /var/run/suricata-command.socket
# Engine-Analyse-Einstellungen
engine-analysis:
rules-fast-pattern: yes
rules: yes
# Defragmentierungseinstellungen
defrag:
memcap: 32mb
hash-size: 65536
trackers: 65535
max-frags: 65535
prealloc: yes
timeout: 60
# Standardregelverzeichnis
default-rule-path: /etc/suricata/rules
# Regel-Dateien
rule-files:
- local.rules
# Klassifikationsdatei
classification-file: /etc/suricata/classification.config
# Referenzkonfigurationsdatei
reference-config-file: /etc/suricata/reference.config