Ubuntu

Suricata IDS Installation Guide: Ubuntu 22.04

HomeUbuntuSuricata IDS Installation Guide: Ubuntu 22.04

Suricata is a powerful network analysis and threat detection software that serves as both an intrusion detection system (IDS) and an intrusion prevention system (IPS). Developed by OSIF, Suricata is a free and open-source alternative to Snort, offering advanced security insights for your network. In this step-by-step guide, we will walk you through the process of installing Suricata on your Ubuntu 22.04 server.

Prerequisites

Before we begin, make sure you have the following:

  • A server running Ubuntu 22.04.
  • A configured root password for your server.

Getting Started

To start, let’s update your system packages to the latest version. Open your terminal and run the following commands:

apt update -y
apt upgrade -y

Once the packages are updated, install the necessary dependencies by running the following command:

apt install libpcre3 libpcre3-dbg libpcre3-dev build-essential autoconf automake libtool libpcap-dev libnet1-dev libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 make libmagic-dev libjansson-dev libjansson4 pkg-config libnspr4-dev libnss3-dev liblz4-dev rustc cargo python3-pip python3-distutils apt install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0

Now that we have fulfilled the prerequisites, we can proceed with the installation of Suricata.

Installing Suricata from Source

To install Suricata from source, follow these steps:

  1. Download the latest version of Suricata by running the following command:
wget https://www.openinfosecfoundation.org/download/suricata-6.0.8.tar.gz
  1. Extract the downloaded file using the following command:
tar xzf suricata-6.0.8.tar.gz
  1. Navigate to the extracted directory:
cd suricata-6.0.8
  1. Configure Suricata with the desired settings:
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
  1. Build and install Suricata:
make
make install-full

Congratulations! You have successfully installed Suricata from source. Now, let’s explore an alternative method of installation.

Installing Suricata from Ubuntu Repository

If you prefer a more straightforward installation process, you can install Suricata from the Ubuntu repository. Here’s how:

  1. Install the required dependencies:
apt install gnupg2 software-properties-common curl wget git unzip -y
  1. Add the Suricata repository:
add-apt-repository ppa:oisf/suricata-stable --yes
  1. Update the repository cache:
apt update
  1. Verify the Suricata package:
apt-cache policy suricata
  1. Install Suricata:
apt install suricata jq

The Suricata package is now installed on your system. Let’s move on to the next step.

Configuring Suricata

Before we can start using Suricata, we need to configure it according to our network settings. Follow these steps to configure Suricata:

  1. Open the Suricata configuration file in a text editor:
nano /etc/suricata/suricata.yaml
  1. Locate the lines that define the network settings and modify them to match your network configuration. For example:
HOME_NET: "[10.0.2.0/24]"
EXTERNAL_NET: "!$HOME_NET"
af-packet:
- interface: eth0
  1. Save and close the file.
  2. Update the Suricata configuration:
suricata-update
  1. Verify the Suricata configuration:
suricata -T -c /etc/suricata/suricata.yaml -v

If there are no errors, you’re all set! Now, let’s start and enable the Suricata service.

Starting and Enabling Suricata

To start and enable the Suricata service, use the following commands:

systemctl enable --now suricata

You can also check the status of the Suricata service by running:

systemctl status suricata

If everything is running smoothly, you should see the service status as active.

Verifying Suricata

To ensure that Suricata is working correctly, we can perform a simple test. Please follow these steps:

  1. Disable packet offload features on your network interface using the following command:
ethtool -K eth0 gro off lro off
  1. Stop the Suricata service:
systemctl stop suricata
rm -rf /var/run/suricata.pid
  1. Run Suricata manually:
suricata -D -c /etc/suricata/suricata.yaml -i eth0
  1. Log in to a remote system and launch a simple DDoS attack against the Suricata server using the hping3 command:
hping3 -S -p 80 --flood --rand-source suricata-ip -I eth0 -c 50
  1. Go back to the Suricata server and check the Suricata log file to see if the attack was detected:
tail -f /var/log/suricata/fast.log

If Suricata successfully detects and logs the attack, you have successfully installed and verified Suricata on your Ubuntu 22.04 server.

Conclusion

In this comprehensive guide, we have walked you through the step-by-step process of installing Suricata IDS on Ubuntu 22.04. By following these instructions, you can enhance the security of your network and protect your servers from potential threats.

Suricata offers a robust set of features and customizable configurations, making it an excellent choice for network security. By leveraging Suricata’s capabilities, you can proactively identify and prevent intrusion attempts, ensuring the safety and integrity of your network infrastructure.

If you need any further assistance or have questions about Suricata or any other hosting-related topic, feel free to reach out to the experts at Shape.host. With their reliable and scalable Linux SSD VPS hosting services, Shape.host can provide you with the cutting-edge solutions you need to safeguard your network and maximize your online presence.

Tags:
Christian Wells

Older Post

Efficient Business Management: Installing Odoo 16 ERP on Ubuntu 22.04

Next Post

How to Set Up Jupyter Notebook on Ubuntu 22.04

Related Product

How to Install Focalboard on Ubuntu 24.04

How to Deploy CherryPy on Ubuntu 24.04