retard
This commit is contained in:
vascoalvesxyz
83
ucstudent/pl-suricata-on-centos-installation-notes.txt
Normal file
83
ucstudent/pl-suricata-on-centos-installation-notes.txt
Normal file
@@ -0,0 +1,83 @@
|
||||
|
||||
# Installation of Suricata (CentOS 9) with support for the "nfq" module
|
||||
############################################################################
|
||||
|
||||
##### Option 1: Install via YUM package manager
|
||||
yum install epel-release -y
|
||||
yum install suricata
|
||||
|
||||
# Check that suricata has support for NFQ
|
||||
suricata --build-info | grep NFQ
|
||||
# Update rules
|
||||
suricata-update
|
||||
# Check configuration
|
||||
suricata -T -c /etc/suricata/suricata.yaml
|
||||
|
||||
|
||||
##### Option 2: Install from source
|
||||
##### Download and install required packages
|
||||
yum install epel-release -y
|
||||
dnf config-manager --set-enabled crb
|
||||
yum groupinstall "Development Tools" -y
|
||||
##### Download and install required packages
|
||||
yum install epel-release -y
|
||||
dnf config-manager --set-enabled crb
|
||||
yum groupinstall "Development Tools" -y
|
||||
|
||||
yum install -y \
|
||||
libpcap-devel \
|
||||
pcre-devel \
|
||||
libyaml-devel \
|
||||
file-devel \
|
||||
jansson-devel \
|
||||
libcap-ng-devel \
|
||||
libnetfilter_queue-devel \
|
||||
libnfnetlink-devel \
|
||||
libnetfilter_queue \
|
||||
zlib-devel \
|
||||
pcre2-devel \
|
||||
rust cargo \
|
||||
wget \
|
||||
tar
|
||||
|
||||
|
||||
# Download the latest stable version of Suricata
|
||||
cd /usr/src/
|
||||
wget https://www.openinfosecfoundation.org/download/suricata-8.0.3.tar.gz
|
||||
tar zxvf suricata-8.0.3.tar.gz
|
||||
|
||||
# Compile and install
|
||||
cd suricata-8.0.3/
|
||||
./configure --enable-nfqueue
|
||||
|
||||
make -j$(nproc)
|
||||
make install
|
||||
make install-conf
|
||||
make install-rules
|
||||
ldconfig
|
||||
|
||||
# Update rules
|
||||
/usr/local/bin/suricata-update
|
||||
|
||||
|
||||
##### Check configuration
|
||||
/usr/local/bin/suricata --build-info | grep NFQ
|
||||
suricata -T -c /usr/local/etc/suricata/suricata.yaml
|
||||
|
||||
|
||||
##### Example usage
|
||||
|
||||
# Send packets to suricata via NFQUEUE
|
||||
iptables -A OUTPUT -j NFQUEUE --queue-num 0
|
||||
iptables -A INPUT -j NFQUEUE --queue-num 0
|
||||
|
||||
# Run suricata in inline mode (queue 0)
|
||||
suricata -q 0 -c /usr/local/etc/suricata/suricata.yaml
|
||||
|
||||
|
||||
##### Check logs
|
||||
# Analisar alertas resumidos no ficheiro "fast.log"
|
||||
cat fast.log
|
||||
# Analisar informação detalhada dos ataques no formato JSON no ficheiro "eve.json"
|
||||
cat eve.json | jq 'select(.event_type=="alert")' | more
|
||||
|
||||
Reference in New Issue
Block a user