Suricata: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(28 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
=Prinzip=
+
*[[Suricata Grundlagen]]
  
Suricata ist ein IDS(Intrusion Detection System) bzw. IPS(Intrusion Prevention System) System das nach folgendem Prinzip funktioniert
+
*[[Suricata Installation]]
 +
*[[Suricata Schaubild]]
 +
*[[Suricata IDS]]
 +
*[[Suricata IPS]]
 +
*[[Suricata Links]]
 +
*[[Suricata Rules]]
 +
*[[Suricata Lua]]
 +
*
  
==Empfang==
+
= Warum ist die Software nach Erdmännchen bennant? =
*Pakete werden vom Netzwerk gelesen.
 
**Durch abhören einer Schnittstelle (IDS)
 
**Übergabe durch den Firewall Stack (IPS)
 
==Decodierung==
 
Die Pakete werden decodiert und der Original-Datenstrom wird restauriert.
 
==Analyse==
 
Der Datenstrom wird mit den hinterlegten Signaturen verglichen.
 
==Output==
 
*Auftretene Alarmierungen werden verarbeitet. (IDS)
 
*Bei Treffern können die Pakete verworfen (IPS).
 
  
=Multitreadverarbeitung durch Suricata=
+
ChatGPT sagt folgendes:
  
[[Datei:suricate-1.jpg]]
+
''In a realm where data flows like streams,''
 
+
''Where networks hum and echo dreams,''
 
+
''A guardian stands with eyes so keen,''
Bild: Alexander Hosfeld Lizenz(en): Creative Commons Namensnennung
+
''Suricata, the vigilant machine.''
 
+
=Installation=
+
''Named after meerkats, watchful and wise,''
*sudo apt -y install software-properties-common
+
''It scans the traffic beneath the skies,''
*sudo add-apt-repository ppa:oisf/suricata-stable
+
''With furrowed brows and lines of code,''
*sudo apt update
+
''Through packets and bytes, its insights bestowed.''
*sudo apt -y install suricata
+
 
+
''Intrusions it seeks with diligence rare,''
=Install Rules=
+
''A meerkat's spirit it aims to bear,''
*wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
+
''Alert and aware, it never tires,''
*tar zxvf emerging.rules.tar.gz
+
''Through digital valleys and electronic fires.''
*cd rules
+
*cat *.rules > /etc/suricata/rules/suricata.rules
+
''Just as meerkats stand guard in the sun,''
 
+
  ''Suricata watches, its work never done,''
 
+
  ''In cyber fields, a protector so true,''
 
+
  ''It shields and defends, no matter the view.''
=Suricata config=
+
 
+
''With each connection, a sentinel's gaze,''
;add to /etc/suricata/suricata.yaml
+
''It parses the data in myriad ways,''
rule-files:
+
  ''An echo of nature, a name well chosen,''
  - suricata.rules
+
  ''Suricata stands watch, its purpose unbroken.''
  - local.rules
+
   
=IDS=
+
''So remember the meerkat, small and strong,''
==Local Rules==
+
''As Suricata defends against all wrong,''
*cat /etc/suricata/rules/local.rules
+
''In the digital wilds where dangers may creep,''
  alert icmp any any -> any any (msg:"ICMP Snort Test"; sid:1000000002;)
+
''A guardian stands vigil, even in sleep.''
  alert tcp any any -> any any (flags: S; msg: "SYN packet"; sid:100000003;)
 
==Start suricata==
 
*suricata -i eth1
 
==check==
 
*tail -f /var/log/suricata/fast.log
 
 
 
=IPS=
 
==Local Rules==
 
*cat /etc/suricata/rules/local.rules
 
  drop icmp any any -> 1.1.1.1 any (msg:"Snort Test"; sid:1000000001;)
 
  alert icmp any any -> any any (msg:"ICMP Snort Test"; sid:1000000002;)
 
==Start suricata==
 
*suricata -q0
 
==Send all Forward Packets to suricata==
 
*iptables -I FORWARD -i $WAN -o eth1 -j NFQUEUE
 
  
 
=Links=
 
=Links=
*https://www.pro-linux.de/artikel/2/1751/suricata-einbruchserkennung-mit-dem-erdm%C3%A4nnchen.html
+
* https://www.pro-linux.de/artikel/2/1751/suricata-einbruchserkennung-mit-dem-erdm%C3%A4nnchen.html
*https://www.howtoforge.com/tutorial/suricata-with-elk-and-web-front-ends-on-ubuntu-bionic-beaver-1804-lts/
+
* https://www.howtoforge.com/tutorial/suricata-with-elk-and-web-front-ends-on-ubuntu-bionic-beaver-1804-lts/
*https://suricata.readthedocs.io/en/suricata-4.1.0/index.html
+
* https://suricata.readthedocs.io/en/suricata-4.1.0/index.html
*https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-for-linux.html?highlight=inline
+
* https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-for-linux.html?highlight=inline
 +
* https://www.howtoforge.de/anleitung/so-installierst-und-konfigurierst-du-suricata-ids-zusammen-mit-elastic-stack-auf-rocky-linux-8
 +
* https://www.digitalocean.com/community/tutorials/how-to-install-suricata-on-debian-11
 +
* https://rules.emergingthreats.net/
 +
[[Kategorie:Suricata]]
 +
[[Kategorie:Cybersecurity]]
 +
[[Kategorie:Firewall]]

Aktuelle Version vom 22. Mai 2025, 08:40 Uhr

Warum ist die Software nach Erdmännchen bennant?

ChatGPT sagt folgendes: 

In a realm where data flows like streams,
Where networks hum and echo dreams,
A guardian stands with eyes so keen,
Suricata, the vigilant machine.

Named after meerkats, watchful and wise,
It scans the traffic beneath the skies,
With furrowed brows and lines of code,
Through packets and bytes, its insights bestowed.

Intrusions it seeks with diligence rare,
A meerkat's spirit it aims to bear,
Alert and aware, it never tires,
Through digital valleys and electronic fires.

Just as meerkats stand guard in the sun,
Suricata watches, its work never done,
In cyber fields, a protector so true,
It shields and defends, no matter the view.

With each connection, a sentinel's gaze,
It parses the data in myriad ways,
An echo of nature, a name well chosen,
Suricata stands watch, its purpose unbroken.

So remember the meerkat, small and strong,
As Suricata defends against all wrong,
In the digital wilds where dangers may creep,
A guardian stands vigil, even in sleep.

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Suricata&oldid=63230