04-14-2015, 10:54 AM
Misi agan2 & suhu2, ane mo share dikit neh tentang IPS pke suricata. Apa itu suricata??? cr aja d google y :-D . singkat cerita suricata sama kyk snort gt deh. Sustem operasi yg ane pke ubuntu 14, berikut langkah2 instalasi suricata :
1. Instal ubuntu 14
2. update dan upgrade ubuntu
3. instal paket2 nya :
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
make libmagic-dev
apt-get install libjansson-dev libjansson4
apt-get install libnss3-dev libnspr4-dev
apt-get install libgeoip1 libgeoip-dev
apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0
apt-get install libcap-ng0 libcap-ng-dev
wget http://people.redhat.com/sgrubb/libcap-n...7.4.tar.gz
tar -zxf libcap-ng-0.7.4.tar.gz
cd libcap-ng-0.7.4
./configure && make && make install
lumayan deh paketny
4. kemudian instal suricatanya
wget http://www.openinfosecfoundation.org/dow...0.7.tar.gz
tar -xvzf suricata-2.0.7.tar.gz
cd suricata-2.0.7
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-gccmarch-native \
--enable-geoip --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ \
--enable-nfqueue \
--with-libcap_ng-libraries=/usr/local/lib --with-libcap_ng-includes=/usr/local/include \
--with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr && \
make clean && make && make install-full && ldconfig
5. cek status suricata
suricata --build-info
6. jalankan service suricatany
suricata -c /etc/suricata/suricata.yaml -q 0
7. untuk melihat lognya
tail -f /var/log/suricata/fast.log
8. silahkan penetrasi ke ips suricata dengan tool backtrack dan kali linux atau yg lainya
selamat mencoba
1. Instal ubuntu 14
2. update dan upgrade ubuntu
3. instal paket2 nya :
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
make libmagic-dev
apt-get install libjansson-dev libjansson4
apt-get install libnss3-dev libnspr4-dev
apt-get install libgeoip1 libgeoip-dev
apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0
apt-get install libcap-ng0 libcap-ng-dev
wget http://people.redhat.com/sgrubb/libcap-n...7.4.tar.gz
tar -zxf libcap-ng-0.7.4.tar.gz
cd libcap-ng-0.7.4
./configure && make && make install
lumayan deh paketny
4. kemudian instal suricatanya
wget http://www.openinfosecfoundation.org/dow...0.7.tar.gz
tar -xvzf suricata-2.0.7.tar.gz
cd suricata-2.0.7
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-gccmarch-native \
--enable-geoip --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ \
--enable-nfqueue \
--with-libcap_ng-libraries=/usr/local/lib --with-libcap_ng-includes=/usr/local/include \
--with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr && \
make clean && make && make install-full && ldconfig
5. cek status suricata
suricata --build-info
6. jalankan service suricatany
suricata -c /etc/suricata/suricata.yaml -q 0
7. untuk melihat lognya
tail -f /var/log/suricata/fast.log
8. silahkan penetrasi ke ips suricata dengan tool backtrack dan kali linux atau yg lainya
selamat mencoba