Suricata: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(43 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
=Prinzip=
+
*[[Suricata Grundlagen]]
  
Suricata ist ein IDS(Intrusion Detection System) bzw. IPS(Intrusion Prevention System) System das nach folgendem Prinzip funktioniert
+
*[[Suricata Installation]]
 +
*[[Suricata Schaubild]]
 +
*[[Suricata IDS]]
 +
*[[Suricata IPS]]
 +
*[[Suricata Links]]
 +
*[[Suricata Rules]]
 +
*[[Suricata Lua]]
 +
*
  
==Empfang==
+
= Warum ist die Software nach Erdmännchen bennant? =
*Pakete werden vom Netzwerk gelesen.
 
**Durch abhören einer Schnittstelle (IDS)
 
**Übergabe durch den Firewall Stack (IPS)
 
==Decodierung==
 
Die Pakete werden decodiert und der Original-Datenstrom wird restauriert.
 
==Analyse==
 
Der Datenstrom wird mit den hinterlegten Signaturen verglichen.
 
==Output==
 
*Auftretene Alarmierungen werden verarbeitet. (IDS)
 
*Bei Treffern können die Pakete verworfen (IPS).
 
  
=Multitreadverarbeitung durch Suricata=
+
ChatGPT sagt folgendes:
  
[[Datei:suricate-1.jpg]]
+
''In a realm where data flows like streams,''
 
+
''Where networks hum and echo dreams,''
 
+
''A guardian stands with eyes so keen,''
Bild: Alexander Hosfeld Lizenz(en): Creative Commons Namensnennung
+
''Suricata, the vigilant machine.''
 
+
=Installation=
+
''Named after meerkats, watchful and wise,''
*sudo add-apt-repository ppa:oisf/suricata-stable
+
''It scans the traffic beneath the skies,''
*sudo apt-get update
+
''With furrowed brows and lines of code,''
*sudo apt-get install suricata
+
''Through packets and bytes, its insights bestowed.''
=Install Rules=
+
*wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
+
''Intrusions it seeks with diligence rare,''
*tar zxvf emerging.rules.tar.gz
+
''A meerkat's spirit it aims to bear,''
*sudo mkdir /var/lib/suricata/
+
''Alert and aware, it never tires,''
*sudo mv rules /var/lib/suricata/
+
''Through digital valleys and electronic fires.''
*sudo cd /var/lib/suricata/rules
+
*sudo cat *.rules > suricata.rules
+
''Just as meerkats stand guard in the sun,''
=Local Rules=
+
''Suricata watches, its work never done,''
*cat /var/lib/suricata//rules/local.rules
+
''In cyber fields, a protector so true,''
  alert icmp any any -> 8.8.8.8 any (msg:"Snort Test"; sid:1000000002;)
+
''It shields and defends, no matter the view.''
  drop icmp any any -> 1.1.1.1 any (msg:"Snort Test"; sid:1000000001;)
+
  alert tcp any any -> any any (flags: S; msg: "SYN packet"; sid:100000003;)
+
  ''With each connection, a sentinel's gaze,''
=Suricata config=
+
  ''It parses the data in myriad ways,''
 
+
  ''An echo of nature, a name well chosen,''
;add to /etc/suricata/suricata.yaml
+
  ''Suricata stands watch, its purpose unbroken.''
rule-files:
+
  - suricata.rules
+
''So remember the meerkat, small and strong,''
  - local.rules
+
''As Suricata defends against all wrong,''
=Add iptables rules=
+
''In the digital wilds where dangers may creep,''
*iptables -I FORWARD -m mark ! --mark $MARK/$MASK -j NFQUEUE
+
''A guardian stands vigil, even in sleep.''
  
 
=Links=
 
=Links=
*https://www.pro-linux.de/artikel/2/1751/suricata-einbruchserkennung-mit-dem-erdm%C3%A4nnchen.html
+
* https://www.pro-linux.de/artikel/2/1751/suricata-einbruchserkennung-mit-dem-erdm%C3%A4nnchen.html
*https://www.howtoforge.com/tutorial/suricata-with-elk-and-web-front-ends-on-ubuntu-bionic-beaver-1804-lts/
+
* https://www.howtoforge.com/tutorial/suricata-with-elk-and-web-front-ends-on-ubuntu-bionic-beaver-1804-lts/
*https://suricata.readthedocs.io/en/suricata-4.1.0/index.html
+
* https://suricata.readthedocs.io/en/suricata-4.1.0/index.html
 +
* https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-for-linux.html?highlight=inline
 +
* https://www.howtoforge.de/anleitung/so-installierst-und-konfigurierst-du-suricata-ids-zusammen-mit-elastic-stack-auf-rocky-linux-8
 +
* https://www.digitalocean.com/community/tutorials/how-to-install-suricata-on-debian-11
 +
* https://rules.emergingthreats.net/
 +
[[Kategorie:Suricata]]
 +
[[Kategorie:Cybersecurity]]
 +
[[Kategorie:Firewall]]

Aktuelle Version vom 22. Mai 2025, 08:40 Uhr

Warum ist die Software nach Erdmännchen bennant?

ChatGPT sagt folgendes: 

In a realm where data flows like streams,
Where networks hum and echo dreams,
A guardian stands with eyes so keen,
Suricata, the vigilant machine.

Named after meerkats, watchful and wise,
It scans the traffic beneath the skies,
With furrowed brows and lines of code,
Through packets and bytes, its insights bestowed.

Intrusions it seeks with diligence rare,
A meerkat's spirit it aims to bear,
Alert and aware, it never tires,
Through digital valleys and electronic fires.

Just as meerkats stand guard in the sun,
Suricata watches, its work never done,
In cyber fields, a protector so true,
It shields and defends, no matter the view.

With each connection, a sentinel's gaze,
It parses the data in myriad ways,
An echo of nature, a name well chosen,
Suricata stands watch, its purpose unbroken.

So remember the meerkat, small and strong,
As Suricata defends against all wrong,
In the digital wilds where dangers may creep,
A guardian stands vigil, even in sleep.

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Suricata&oldid=63230