{"id":12953,"date":"2021-12-20T12:57:09","date_gmt":"2021-12-20T12:57:09","guid":{"rendered":"https:\/\/linuxways.net\/?p=12953"},"modified":"2021-12-20T12:57:09","modified_gmt":"2021-12-20T12:57:09","slug":"how-to-install-suricata-ids-on-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/ubuntu\/how-to-install-suricata-ids-on-ubuntu-20-04\/","title":{"rendered":"How to Install Suricata IDS on Ubuntu 20.04"},"content":{"rendered":"

Suricata<\/a> is an open-source network threat detection tool with features such as intrusion detection, intrusion prevention, as well as network security monitoring. It excels at deep packet inspection and pattern matching, making it an invaluable tool for detecting threats and attacks.<\/p>\n

Suricata can generate logs, drop traffic, and trigger alerts in case suspicious packets are in your network. This guide will take you through the installation of Suricata IDS on ubuntu 20.04<\/p>\n

Step 1: Update your system<\/strong><\/h2>\n

First, ensure your system packages are updated. Run the command:<\/p>\n

$ sudo apt update<\/strong><\/pre>\n
Once the package index is updated, proceed to the next step.<\/p>\n
Step 2: Add Suricata Repository<\/strong><\/h2>\n
The latest stable version of Suricata is available on the PPA repository maintained by OISF. Therefore, we are going to add the Suricata repository on your Ubuntu system as shown;<\/p>\n
$ sudo add-apt-repository ppa:oisf\/suricata-stable<\/strong><\/pre>\n
Thereafter, update your system\u2019s package index.<\/p>\n
$ sudo apt update<\/strong><\/pre>\n
With the PPA in place, head over to the next step and install the Suricat IDS.<\/p>\n
Step 3: Install Suricata<\/strong><\/h2>\n
To install Suricata run the command:<\/p>\n
$ sudo apt install suricata<\/strong><\/pre>\n
With the installation of Suricata, let\u2019s go a step further and enable it to start on boot time.<\/p>\n
$ sudo systemctl enable suricata.service<\/strong><\/pre>\n
<\/strong><\/p>\n
Next, ensure that the installation was successful by running the following command:<\/p>\n
$ sudo suricata \u2013build-info<\/strong><\/pre>\n
<\/strong><\/p>\n
Confirm that Suricata\u2019s systemd service is running as follows:<\/p>\n
$ sudo systemctl status suricata<\/strong><\/pre>\n
<\/strong><\/p>\n
The output confirms that Suricata is up and running on Ubuntu 20.04<\/p>\n
Step 4: Basic setup<\/strong><\/h2>\n
Suricata\u2019s configuration file is located in the  \/etc\/suricata\/suricata.yaml <\/strong>path. For basic setup, we need to configure Suricata for your internal and external network. Open the configuration file as shown:<\/p>\n
$ sudo vim \/etc\/suricata\/suricata.yaml<\/strong><\/pre>\n
<\/strong><\/p>\n
Then, specify the ip address for the HOME_NET variable. In this case, my IP address is 192.168.100.7. The HOME_ NET variable is the IP address of your local network or interface you want to monitor. Next, define the value for EXTERNA_ NET<\/strong> as being any network that is not your local ip address.<\/p>\n
Next, go to the af-packet section in the configuration file and change the interface name to reflect the network interface chosen above.<\/p>\n
Step 5: Suricata Rules<\/strong><\/h2>\n
Suricata allows you to create network rules or signatures according to your requirements. The most common rules include Emerging Threats and Emerging Threats Pro.<\/p>\n
The rules file is located in the \/etc\/suricata\/rules\/<\/strong> directory. To view the contents run:<\/p>\n
$ ls \/etc\/suricata\/rules\/<\/strong><\/pre>\n
<\/strong><\/p>\n
To install the Emerging Threats Open ruleset, run:<\/p>\n
$ sudo suricata-update<\/strong><\/pre>\n
<\/strong><\/p>\n
This will install the rules to the \/var\/lib\/suricata\/rules\/ <\/strong>directory.<\/p>\n
Step 6: Running Suricata<\/strong><\/h2>\n
After installing all the rules, you can restart the Suricata IDS service as shown:<\/p>\n
$ sudo systemctl restart suricata<\/strong><\/pre>\n
You can also check the Suricata logs as shown:<\/p>\n
$ sudo tail \/var\/log\/suricata\/suricata.log<\/strong><\/pre>\n
<\/p>\n
That\u2019s it with installing Suricata IDS on Ubuntu 20.04. For more information head over to the documentation page<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"
Suricata is an open-source network threat detection tool with features such as intrusion detection, intrusion prevention, as well as network security monitoring. It excels at deep packet inspection…<\/p>","protected":false},"author":1,"featured_media":13236,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[765,100],"class_list":["post-12953","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-suricata-ids","tag-ubuntu-20-04"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/12953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=12953"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/12953\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/13236"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=12953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=12953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=12953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}