Suricata: Instalasi di Ubuntu 18.04: Difference between revisions
Onnowpurbo (talk | contribs) Created page with "Sumber: https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/ ==Referensi== * https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/ ==Pranala..." |
Onnowpurbo (talk | contribs) No edit summary |
||
| Line 2: | Line 2: | ||
Installing Suricata from PPA repository | |||
Even though Suricata is available on the default Ubuntu 18.04 repositories, it may not be up-to-date. As a result, to ensure that you got the latest version installed, you need to add the following PPA repository. | |||
sudo add-apt-repository ppa:oisf/suricata-stable | |||
sudo apt update | |||
Once the PPA repo is set, install Suricata with the package manager. | |||
apt-cache policy suricata | |||
suricata: | |||
Installed: 4.1.2-0ubuntu6 | |||
Candidate: 4.1.2-0ubuntu6 | |||
Version table: | |||
*** 4.1.2-0ubuntu6 500 | |||
500 http://ppa.launchpad.net/oisf/suricata-stable/ubuntu bionic/main amd64 Packages | |||
100 /var/lib/dpkg/status | |||
3.2-2ubuntu3 500 | |||
500 http://ke.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages | |||
sudo apt install suricata | |||
You can instead install Suricata with debugging enabled. | |||
sudo apt install suricata-dbg | |||
That is all with installation. At the end of installation, you will have Suricata rules under /etc/suricata/rules/ and the main configuration file under /etc/suricata/suricata.yaml. | |||
To list the Suricata rules; | |||
ls -C /etc/suricata/rules/ | |||
app-layer-events.rules emerging-attack_response.rules emerging-malware.rules emerging-telnet.rules LICENSE | |||
botcc.portgrouped.rules emerging-chat.rules emerging-misc.rules emerging-tftp.rules modbus-events.rules | |||
botcc.rules emerging-current_events.rules emerging-mobile_malware.rules emerging-trojan.rules nfs-events.rules | |||
BSD-License.txt emerging-deleted.rules emerging-netbios.rules emerging-user_agents.rules ntp-events.rules | |||
ciarmy.rules emerging-dns.rules emerging-p2p.rules emerging-voip.rules sid-msg.map | |||
classification.config emerging-dos.rules emerging-policy.rules emerging-web_client.rules smb-events.rules | |||
compromised-ips.txt emerging-exploit.rules emerging-pop3.rules emerging-web_server.rules smtp-events.rules | |||
compromised.rules emerging-ftp.rules emerging-rpc.rules emerging-web_specific_apps.rules stream-events.rules | |||
decoder-events.rules emerging-games.rules emerging-scada.rules emerging-worm.rules suricata-4.0-enhanced-open.txt | |||
dnp3-events.rules emerging-icmp_info.rules emerging-scan.rules files.rules tls-events.rules | |||
dns-events.rules emerging-icmp.rules emerging-shellcode.rules gpl-2.0.txt tor.rules | |||
drop.rules emerging-imap.rules emerging-smtp.rules http-events.rules | |||
dshield.rules emerging-inappropriate.rules emerging-snmp.rules ipsec-events.rules | |||
emerging-activex.rules emerging-info.rules emerging-sql.rules kerberos-events.rules | |||
Revision as of 01:52, 30 March 2020
Sumber: https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/
Installing Suricata from PPA repository
Even though Suricata is available on the default Ubuntu 18.04 repositories, it may not be up-to-date. As a result, to ensure that you got the latest version installed, you need to add the following PPA repository.
sudo add-apt-repository ppa:oisf/suricata-stable sudo apt update
Once the PPA repo is set, install Suricata with the package manager.
apt-cache policy suricata
suricata:
Installed: 4.1.2-0ubuntu6
Candidate: 4.1.2-0ubuntu6
Version table:
*** 4.1.2-0ubuntu6 500
500 http://ppa.launchpad.net/oisf/suricata-stable/ubuntu bionic/main amd64 Packages
100 /var/lib/dpkg/status
3.2-2ubuntu3 500
500 http://ke.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
sudo apt install suricata
You can instead install Suricata with debugging enabled.
sudo apt install suricata-dbg
That is all with installation. At the end of installation, you will have Suricata rules under /etc/suricata/rules/ and the main configuration file under /etc/suricata/suricata.yaml.
To list the Suricata rules;
ls -C /etc/suricata/rules/ app-layer-events.rules emerging-attack_response.rules emerging-malware.rules emerging-telnet.rules LICENSE botcc.portgrouped.rules emerging-chat.rules emerging-misc.rules emerging-tftp.rules modbus-events.rules botcc.rules emerging-current_events.rules emerging-mobile_malware.rules emerging-trojan.rules nfs-events.rules BSD-License.txt emerging-deleted.rules emerging-netbios.rules emerging-user_agents.rules ntp-events.rules ciarmy.rules emerging-dns.rules emerging-p2p.rules emerging-voip.rules sid-msg.map classification.config emerging-dos.rules emerging-policy.rules emerging-web_client.rules smb-events.rules compromised-ips.txt emerging-exploit.rules emerging-pop3.rules emerging-web_server.rules smtp-events.rules compromised.rules emerging-ftp.rules emerging-rpc.rules emerging-web_specific_apps.rules stream-events.rules decoder-events.rules emerging-games.rules emerging-scada.rules emerging-worm.rules suricata-4.0-enhanced-open.txt dnp3-events.rules emerging-icmp_info.rules emerging-scan.rules files.rules tls-events.rules dns-events.rules emerging-icmp.rules emerging-shellcode.rules gpl-2.0.txt tor.rules drop.rules emerging-imap.rules emerging-smtp.rules http-events.rules dshield.rules emerging-inappropriate.rules emerging-snmp.rules ipsec-events.rules emerging-activex.rules emerging-info.rules emerging-sql.rules kerberos-events.rules
