Suricata: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(14 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
*[[Was ist Suricata]]
+
*[[Suricata Grundlagen]]
  
=Installation=
+
*[[Suricata Installation]]
*sudo apt update
+
*[[Suricata Schaubild]]
*sudo apt -y install suricata
+
*[[Suricata IDS]]
 +
*[[Suricata IPS]]
 +
*[[Suricata Links]]
 +
*[[Suricata Rules]]
 +
*[[Suricata Lua]]
 +
*  
  
=Install Rules=
+
= Warum ist die Software nach Erdmännchen bennant? =
*wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
 
*tar zxvf emerging.rules.tar.gz
 
*cd rules
 
*cat *.rules > /etc/suricata/rules/suricata.rules
 
  
 +
ChatGPT sagt folgendes:
  
 
+
''In a realm where data flows like streams,''
=Suricata config=
+
''Where networks hum and echo dreams,''
 
+
''A guardian stands with eyes so keen,''
;add to /etc/suricata/suricata.yaml
+
''Suricata, the vigilant machine.''
rule-files:
+
  - suricata.rules
+
''Named after meerkats, watchful and wise,''
  - local.rules
+
''It scans the traffic beneath the skies,''
=Schaubild=
+
''With furrowed brows and lines of code,''
;suricata
+
  ''Through packets and bytes, its insights bestowed.''
*WANDEV=enp0s3
+
   
*LANDEV=enp0s8
+
  ''Intrusions it seeks with diligence rare,''
{{#drawio:ids}}
+
''A meerkat's spirit it aims to bear,''
=IDS=
+
''Alert and aware, it never tires,''
==Local Rules==
+
''Through digital valleys and electronic fires.''
*cat /etc/suricata/rules/local.rules
+
  alert icmp any any -> any any (msg:"ICMP Test"; sid:1000000002;)
+
''Just as meerkats stand guard in the sun,''
  alert tcp any any -> any any (flags: S; msg: "SYN packet"; sid:100000003;)
+
''Suricata watches, its work never done,''
 
+
''In cyber fields, a protector so true,''
*https://suricata.readthedocs.io/en/suricata-6.0.0/rules/
+
''It shields and defends, no matter the view.''
 
+
==Start suricata==
+
''With each connection, a sentinel's gaze,''
*suricata -i $LANDEV
+
''It parses the data in myriad ways,''
 
+
''An echo of nature, a name well chosen,''
==check==
+
  ''Suricata stands watch, its purpose unbroken.''
*tail -f /var/log/suricata/fast.log
+
   
 
+
  ''So remember the meerkat, small and strong,''
=IPS=
+
''As Suricata defends against all wrong,''
*Wir können mit iptables Pakete abfangen und einer QUEUE übergeben
+
''In the digital wilds where dangers may creep,''
*Diese QUEUE wird von suricata gelesen und ihrem REGELWERK übergeben.
+
''A guardian stands vigil, even in sleep.''
*Wenn das Paket mit einer Regel übereinstimmt, wird eine Aktion ausgelöst.
 
*Alert führt zu einer Meldung
 
*Bei Drop wird das Paket verworfen.
 
{{#drawio:ips}}
 
==Local Rules==
 
*cat /etc/suricata/rules/local.rules
 
  drop icmp any any -> 10.0.10.11 any (msg:"DROP Test"; sid:1000000001;)
 
  alert icmp any any -> any any (msg:"ICMP Alert Test"; sid:1000000002;)
 
 
 
==Start suricata==
 
*suricata -q0
 
==Send all Forward Packets to suricata==
 
*iptables -I FORWARD -i $WANDEV -o $LANDEV -j NFQUEUE
 
  
 
=Links=
 
=Links=
*https://www.pro-linux.de/artikel/2/1751/suricata-einbruchserkennung-mit-dem-erdm%C3%A4nnchen.html
+
* https://www.pro-linux.de/artikel/2/1751/suricata-einbruchserkennung-mit-dem-erdm%C3%A4nnchen.html
*https://www.howtoforge.com/tutorial/suricata-with-elk-and-web-front-ends-on-ubuntu-bionic-beaver-1804-lts/
+
* https://www.howtoforge.com/tutorial/suricata-with-elk-and-web-front-ends-on-ubuntu-bionic-beaver-1804-lts/
*https://suricata.readthedocs.io/en/suricata-4.1.0/index.html
+
* https://suricata.readthedocs.io/en/suricata-4.1.0/index.html
*https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-for-linux.html?highlight=inline
+
* https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-for-linux.html?highlight=inline
 +
* https://www.howtoforge.de/anleitung/so-installierst-und-konfigurierst-du-suricata-ids-zusammen-mit-elastic-stack-auf-rocky-linux-8
 +
* https://www.digitalocean.com/community/tutorials/how-to-install-suricata-on-debian-11
 +
* https://rules.emergingthreats.net/
 +
[[Kategorie:Suricata]]
 +
[[Kategorie:Cybersecurity]]
 +
[[Kategorie:Firewall]]

Aktuelle Version vom 22. Mai 2025, 08:40 Uhr

Warum ist die Software nach Erdmännchen bennant?

ChatGPT sagt folgendes: 

In a realm where data flows like streams,
Where networks hum and echo dreams,
A guardian stands with eyes so keen,
Suricata, the vigilant machine.

Named after meerkats, watchful and wise,
It scans the traffic beneath the skies,
With furrowed brows and lines of code,
Through packets and bytes, its insights bestowed.

Intrusions it seeks with diligence rare,
A meerkat's spirit it aims to bear,
Alert and aware, it never tires,
Through digital valleys and electronic fires.

Just as meerkats stand guard in the sun,
Suricata watches, its work never done,
In cyber fields, a protector so true,
It shields and defends, no matter the view.

With each connection, a sentinel's gaze,
It parses the data in myriad ways,
An echo of nature, a name well chosen,
Suricata stands watch, its purpose unbroken.

So remember the meerkat, small and strong,
As Suricata defends against all wrong,
In the digital wilds where dangers may creep,
A guardian stands vigil, even in sleep.

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Suricata&oldid=63230