(04-14-2015, 10:54 AM)ardias2012 Wrote: Misi agan2 & suhu2, ane mo share dikit neh tentang IPS pke suricata. Apa itu suricata??? cr aja d google y :-D . singkat cerita suricata sama kyk snort gt deh. Sustem operasi yg ane pke ubuntu 14, berikut langkah2 instalasi suricata :

1. Instal ubuntu 14
2. update dan upgrade ubuntu
3. instal paket2 nya :

sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \

build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
make libmagic-dev
apt-get install libjansson-dev libjansson4
apt-get install libnss3-dev libnspr4-dev
apt-get install libgeoip1 libgeoip-dev
apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0
apt-get install libcap-ng0 libcap-ng-dev
wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.7.4.tar.gz
tar -zxf libcap-ng-0.7.4.tar.gz
cd libcap-ng-0.7.4
./configure && make && make install

lumayan deh paketny

4. kemudian instal suricatanya

wget http://www.openinfosecfoundation.org/download/suricata-2.0.7.tar.gz

tar -xvzf suricata-2.0.7.tar.gz
cd suricata-2.0.7

./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-gccmarch-native \
--enable-geoip --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ \
--enable-nfqueue \
--with-libcap_ng-libraries=/usr/local/lib --with-libcap_ng-includes=/usr/local/include \
--with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr && \
make clean && make && make install-full && ldconfig

5. cek status suricata

suricata --build-info

6. jalankan service suricatany

suricata -c /etc/suricata/suricata.yaml -q 0

7. untuk melihat lognya

tail -f /var/log/suricata/fast.log

8. silahkan penetrasi ke ips suricata dengan tool backtrack dan kali linux atau yg lainya

selamat mencoba