Suricata Install Debian Jessie

En forsøg på at sætte Suriata op på Debian Jessie  a'la  https://robert.penz.name/849/howto-setup-a-mikrotik-routeros-with-suricata-as-ids/

debian Jessie benyttes da denne har suricata 2.0 versionerne liggende som apt-get pakker.

Fixing Issue: "suricata: error while loading shared libraries: libhtp-0.5.12.so.1: cannot open shared object file: No such file or directory når suricata startes.

suricata -c /etc/suricata/suricata-debian.yaml -i eth1"
suricata: error while loading shared libraries: libhtp-0.5.12.so.1: cannot open shared object file: No such file or directory

Manuelt download og installer libhtp1 i den rigtige version
wget http://ftp.acc.umu.se/mirror/cdimage/snapshot/Debian/pool/main/libh/libhtp/libhtp1_0.5.12-1_amd64.deb
dpkg -i libhtp1_0.5.12-1_amd64.deb

Fixing Issue:  suricata opening snort rules path

9/12/2014 -- 13:57:33 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /e9/12/2014 -- 13:57:33 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /e9/12/2014 -- 13:57:33 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /e9/12/2014 -- 13:57:33 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /e9/12/2014 -- 13:57:33 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /e9/12/2014 -- 13:57:33 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /e9/12/2014 -- 13:57:33 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /e9/12/2014 -- 13:57:33 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /e9/12/2014 -- 13:57:33 - <Notice> - This is Suricata version 2.0.4 (rev 86371ad)

til føj Default-rule-path til suricata-debian.yaml under Classification-file og reference-config-file.

vi /etc/suricata/suricata-debian.yaml

classification-file: /etc/suricata/rules/classification.config

reference-config-file: /etc/suricata/rules/reference.config

default-rule-path: /etc/suricata/rules


Mindre opdatering:
jeg er på vej overpå port mirroring trafikken til Suricata, måden mad at "streame" trafikken fik min Mikrotik router til Suricata til at brug 60 - 70 % af den cpu kraft når jeg havde en 10 MB overførsel igang ud i verden, dvs. at routen ikke ville kunne klare at jeg brugte min totale båndbredte.....

OBS:  pas på dependencies hvis der kigges på snortby som frontend gui.

  • You are here:  
  • Home
  • Debian
  • Suricata Install Debian Jessie