/Suricata-IDS-IPS-NSM-engine

Suricata config to apply IDPS mode on Ubuntu 18.04 LTS

Suricata_Ubuntu18_LTS

Intrution Detection Prevention System Suricata

A. Install and Config:

  1. Add repository stable version:

sudo add-apt-repository ppa:oisf/suricata-stable

  1. Update:

sudo apt-get update

  1. Install support engine:

sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \build-essential autoconf automake libtool libpcap-dev libnet1-dev \libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \make libmagic-dev libjansson-dev libjansson4 pkg-config

  1. Install Suricata:

sudo apt-get install suricata

  1. Install IPS mode:

sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0

  1. Config Address Group:

address-groups:HOME_NET: "[192.168.100.0/24]" #HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" #HOME_NET: "[192.168.0.0/16]" #HOME_NET: "[10.0.0.0/8]"

  1. Config Suricata Active rules:

default-rule-path: /etc/suricata/rules rule-files: -emerging-clabs_dos.rules -emerging-clabs_metasploit.rules -emerging-clabs_nmap.rules

B. Testing:

  1. Start Engine:

Realtime monitoring on 2nd terminal, follow the command: Putty(optional).

sudo tail -f /var/log/suricata/fast.log

  1. Scanning TCP report:

  1. Scanning UDP report:

  1. DOS report:

  1. Exploit report: