Suricata: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 8: | Zeile 8: | ||
*sudo mkdir /var/lib/suricata/ | *sudo mkdir /var/lib/suricata/ | ||
*sudo mv rules /var/lib/suricata/ | *sudo mv rules /var/lib/suricata/ | ||
− | *sudo cd /var/lib/suricata/ | + | *sudo cd /var/lib/suricata/rules |
*sudo cat *.rules > suricata.rules | *sudo cat *.rules > suricata.rules | ||
+ | =Local Rules= | ||
+ | *cat /var/lib/suricata//rules/local.rules | ||
+ | alert icmp any any -> 8.8.8.8 any (msg:"Snort Test"; sid:1000000002;) | ||
+ | drop icmp any any -> 1.1.1.1 any (msg:"Snort Test"; sid:1000000001;) | ||
+ | alert tcp any any -> any any (flags: S; msg: "SYN packet"; sid:100000003;) | ||
+ | =Suricata config= | ||
+ | ;add to /etc/suricata/suricata.yaml | ||
+ | rule-files: | ||
+ | - suricata.rules | ||
+ | - local.rules | ||
+ | |||
+ | |||
+ | =Links= | ||
*https://www.pro-linux.de/artikel/2/1751/suricata-einbruchserkennung-mit-dem-erdm%C3%A4nnchen.html | *https://www.pro-linux.de/artikel/2/1751/suricata-einbruchserkennung-mit-dem-erdm%C3%A4nnchen.html |
Version vom 10. Juni 2020, 14:32 Uhr
Installation
- sudo add-apt-repository ppa:oisf/suricata-stable
- sudo apt-get update
- sudo apt-get install suricata
Install Rules
- wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
- tar zxvf emerging.rules.tar.gz
- sudo mkdir /var/lib/suricata/
- sudo mv rules /var/lib/suricata/
- sudo cd /var/lib/suricata/rules
- sudo cat *.rules > suricata.rules
Local Rules
- cat /var/lib/suricata//rules/local.rules
alert icmp any any -> 8.8.8.8 any (msg:"Snort Test"; sid:1000000002;) drop icmp any any -> 1.1.1.1 any (msg:"Snort Test"; sid:1000000001;) alert tcp any any -> any any (flags: S; msg: "SYN packet"; sid:100000003;)
Suricata config
- add to /etc/suricata/suricata.yaml
rule-files:
- suricata.rules - local.rules