Install IDS Suricata 2.0.3 Stable On Linux Ubuntu And Mint/Debian
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
Top 3 Reasons You Should Try Suricata:
1. Highly Scalable
Suricata is multi threaded. This means you
can run one instance and it will balance the load of processing across
every processor on a sensor Suricata is configured to use. This allows
commodity hardware to achieve 10 gigabit speeds on real life traffic
without sacrificing ruleset coverage.
2. Protocol Identification
The most common protocols are
automatically recognized by Suricata as the stream starts, thus allowing
rule writers to write a rule to the protocol, not to the port expected.
This makes Suricata a Malware Command and Control Channel hunter like
no other. Off port HTTP CnC channels, which normally slide right by most
IDS systems, are child’s play for Suricata! Furthermore, thanks to
dedicated keywords you can match on protocol fields which range from
http URI to a SSL certificate identifier.
3. File Identification, MD5 Checksums, and File Extraction
Suricata can identify thousands of file
types while crossing your network! Not only can you identify it, but
should you decide you want to look at it further you can tag it for
extraction and the file will be written to disk with a meta data file
describing the capture situation and flow. The file’s MD5 checksum is
calculated on the fly, so if you have a list of md5 hashes you want to
keep in your network, or want to keep out, Suricata can find it.
To Install IDS Suricata 2.0.3 Stable On Linux Ubuntu And Mint/Debian Using PPA, open a new Terminal window and bash (get it?) in the following commands:
sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update
sudo apt-get install suricata
Beta releases
If you would like to help test the beta packages the same procedures as above applies, we’re just using another PPA “suricata-beta”.
sudo add-apt-repository ppa:oisf/suricata-beta
sudo apt-get update
sudo apt-get upgrade
You can use both the suricata-stable and suricata-beta repositories together. Suricata will then always be the latest release, stable or beta.
https://launchpad.net/~oisf/+archive/suricata-beta
Daily releases
If you would like to help test the daily build packages from our latest git repository , the same procedures as above applies, we’re just using another PPA “suricata-daily”.
sudo add-apt-repository ppa:oisf/suricata-daily
sudo apt-get update
sudo apt-get upgrade
0 comments: