suricata install

debian / ubuntu

check the version you would get from the main repo

apt search suricata

debian

versus the version you would get from the official repo

apt install software-properties-common dirmngr
add-apt-repository ppa:oisf/suricata-stable

ENTER

apt install suricata

ubuntu

use official repo

apt install software-properties-common
add-apt-repository ppa:oisf/suricata-stable

ENTER

apt install suricata

alpine linux

apk add suricata
# suricata-openrc

from source (possibly as IPS)

see suricata-source

enabling community rules

enable all free-of-charge community rules

    suricata-update update-sources
    suricata-update list-sources
    suricata-update list-enabled-sources

    # MIT & GPL
    for source in \
            et/open \
            oisf/trafficid \
            etnetera/aggressive \
            tgreen/hunting \
            malsilo/win-malware \
            stamus/lateral \
            ; do
            suricata-update enable-source $source
    done; unset source

    # Non-Commercial
    for source in \
            sslbl/ssl-fp-blacklist \
            sslbl/ja3-fingerprints \
            ; do
            suricata-update enable-source $source
    done; unset source

those are gone?

            ptresearch/attackdetection \

apply

    suricata-update

ready to go

suricata --build-info | grep -i geoip

additional notes

get rid of a whole ruleset source

    #suricata-update disable-source sslbl/ja3-fingerprints

resources

https://nsrc.org/workshops/2015/pacnog17-ws/attachments/ex-installing-suricata.htm

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation_-_Personal_Package_Archives_(PPA)

http://ppa.launchpad.net/oisf/suricata-stable/ubuntu/pool/main/s/suricata/

https://docs.suricata.io/en/latest/install.html#debian

https://docs.suricata.io/en/latest/install.html#ubuntu-from-personal-package-archives-ppa

https://computingforgeeks.com/how-to-install-suricata-ids-ips-on-debian/


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun