Advance

Tutorial Setup And Configure Suricata On Debian 9

Tutorial Setup And Configure Suricata On Debian 9
2
(2)

Suricata is a free and open-source network threat detection engine. Using Suricata allows you to detect intrusion (IDS), prevention intrusion (IPS), and network security monitoring. Since Suricata does well in deep packet inspection and pattern matching, it is useful for threat and attack detection. Suricata is developed by the OISF and is owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Also, the source code of Suricata is licensed under version 2 of the GNU General Public License. Join us with this article to review Tutorial Setup And Configure Suricata On Debian 9, 10. Count on the technical team of Eldernode and order your considered package to purchase your own Linux VPS.

How To Setup And Configure Suricata On Debian 9 step by step

Suricata supports most Operating Systems such as Linux, FreeBSD, OpenBSD, macOS / Mac OS X, and Windows. Since Suricata is multi-thread you will be able to scale horizontally on a single appliance by adding packet processing threads as the traffic volume makes necessary. Stay with us to review the installation, setup, and configuration of Suricata on Debian 9.

Recommended Article: How To Install SeaweedFS Cluster On Debian 10

Suricata Features

Suricata is a best-of-breed signature-based intrusion detection platform – and it’s one of three important detection engines on the Bricata platform. Let’s read about the benefits of that:

1- High Performance

2- Automatic protocol detection

3- Lua scripting

4- Industry-standard outputs

5- Offline analysis of PCAP files

6- Traffic recording using Pcap logger

7- Unix socket mode for automated PCAP file processing

8- Advanced integration with Linux Netfilter firewalling

While many of the features and functionalities are similar to Snort – Suricata is different in several important ways:

1- It’s multi-thread so a single instance can perform at much higher traffic volumes

2- There is more support available for application layer protocols

3- It supports hashing and file extraction

4- It has hooks for the Lua scripting language, which can be used to modify outputs and even create complex and detailed signature detection logic.

Recommended Article: Enable Root Login Via SSH In Debian 10

Prerequisites to Install and configure Suricata on Debian 9

To let this tutorial work better, please consider the below Prerequisites:

_ A non-root user with Sudo privileges.

To set up, follow our Initial server setup on Debian.

Install Suricata on Debian Linux

The Suricata software is well integrating into Debian. Installing the deb package from the official Debian repository will give you a Suricata ready for use. Before you can build Suricata for your system, run the following command to ensure that you have everything you need for the installation:

apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
libjansson-dev pkg-config rustc cargo

Then, use the commands below to download and build Suricata:

wget http://www.openinfosecfoundation.org/download/suricata-5.0.0.tar.gz
tar -xvzf suricata-5.0.0.tar.gz
cd suricata-5.0.0

Suricata can install on various distributions using binary packages. In Debian 9:

sudo apt-get install suricata

Note: In the “stable” version of Debian, Suricata is usually not available in the latest version. A more recent version is often available from Debian backports, if it can be built there.

Now, you should run the following commands to check what version of Suricata you have running and with what options as well as the service state:

sudo suricata --build-info
sudo systemctl status suricata

How to Setup Suricata On Debian 9 | Debian 10

As we mentioned in the prerequisites section, do not forget to enter all commands as root/super-user because for Debian operating system it is not possible to use ‘Sudo’ without installing and configuring it first.

Then, start with creating a directory for Suricata’s log information:

sudo mkdir /var/log/suricata

Then, you need to prepare the system for using it. So, run:

sudo mkdir /etc/suricata

Now, you need to copy classification.config, reference.config, and suricata.yaml from the base build/installation directory to the /etc/suricata directory. Do so by entering the following:

sudo cp classification.config /etc/suricata
sudo cp reference.config /etc/suricata
sudo cp suricata.yaml /etc/suricata

How to Configure Suricata on Debian 9 0r Debian 10

Suricata uses the Yaml format for configuration. The Suricata.yaml file included in the source code, is the example configuration of Suricata. It means that the Suricata main configuration file is located in /etc/suricata/suricata.yaml. This document will explain each option.

First, check the available interface cards to identify which one you would like Suricata to use:

ifconfig

Then, create a Suricata systemd unit file. Instead of eth0, you can enter the interface card of your preference:

sudo vim /etc/systemd/system/suricata.service

 

How to Configure Suricata on Debian 9

To reload systemd unit files, run:

sudo systemctl daemon-reload

Next, use the command below to start and enable the Suricata service:

sudo systemctl start suricata

And finally, confirm service status by running the following command:

systemctl status suricata

Configure Suricata on Debian 9

Recommended Article: How To Install vnStat On Debian 10 [Complete]

Conclusion

In this article, you learned Setup And Configure Suricata On Debian 9. From now on, you can see what’s happening in the wires of your network. it usually runs by loading a set of pre-defined rules for matching different network protocols and flow behaviors. If you are interested to read more, refer to Introducing Icinga 2 Linux Server Monitoring Tool.

How useful was this post?

Click on a star to rate it!

Average rating 2 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

View More Posts
Tom Veitch
Eldernode Writer
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day