[Share] IPS with Suricata
#1
Misi agan2 & suhu2, ane mo share dikit neh tentang IPS pke suricata. Apa itu suricata??? cr aja d google y :-D . singkat cerita suricata sama kyk snort gt deh. Sustem operasi yg ane pke ubuntu 14, berikut langkah2 instalasi suricata :

1. Instal ubuntu 14
2. update dan upgrade ubuntu
3. instal paket2 nya :

sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \

build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
make libmagic-dev
apt-get install libjansson-dev libjansson4
apt-get install libnss3-dev libnspr4-dev
apt-get install libgeoip1 libgeoip-dev
apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0
apt-get install libcap-ng0 libcap-ng-dev
wget http://people.redhat.com/sgrubb/libcap-n...7.4.tar.gz
tar -zxf libcap-ng-0.7.4.tar.gz
cd libcap-ng-0.7.4
./configure && make && make install

lumayan deh paketny Big Grin

4. kemudian instal suricatanya

wget http://www.openinfosecfoundation.org/dow...0.7.tar.gz

tar -xvzf suricata-2.0.7.tar.gz
cd suricata-2.0.7

./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-gccmarch-native \
--enable-geoip --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ \
--enable-nfqueue \
--with-libcap_ng-libraries=/usr/local/lib --with-libcap_ng-includes=/usr/local/include \
--with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr && \
make clean && make && make install-full && ldconfig

5. cek status suricata

suricata --build-info

6. jalankan service suricatany

suricata -c /etc/suricata/suricata.yaml -q 0

7. untuk melihat lognya

tail -f /var/log/suricata/fast.log

8. silahkan penetrasi ke ips suricata dengan tool backtrack dan kali linux atau yg lainya

selamat mencoba

#2
(04-14-2015, 10:54 AM)ardias2012 Wrote: Misi agan2 & suhu2, ane mo share dikit neh tentang IPS pke suricata. Apa itu suricata??? cr aja d google y :-D . singkat cerita suricata sama kyk snort gt deh. Sustem operasi yg ane pke ubuntu 14, berikut langkah2 instalasi suricata :

1. Instal ubuntu 14
2. update dan upgrade ubuntu
3. instal paket2 nya :

sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \

build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
make libmagic-dev
apt-get install libjansson-dev libjansson4
apt-get install libnss3-dev libnspr4-dev
apt-get install libgeoip1 libgeoip-dev
apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0
apt-get install libcap-ng0 libcap-ng-dev
wget http://people.redhat.com/sgrubb/libcap-n...7.4.tar.gz
tar -zxf libcap-ng-0.7.4.tar.gz
cd libcap-ng-0.7.4
./configure && make && make install

lumayan deh paketny Big Grin

4. kemudian instal suricatanya

wget http://www.openinfosecfoundation.org/dow...0.7.tar.gz

tar -xvzf suricata-2.0.7.tar.gz
cd suricata-2.0.7

./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-gccmarch-native \
--enable-geoip --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ \
--enable-nfqueue \
--with-libcap_ng-libraries=/usr/local/lib --with-libcap_ng-includes=/usr/local/include \
--with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr && \
make clean && make && make install-full && ldconfig

5. cek status suricata

suricata --build-info

6. jalankan service suricatany

suricata -c /etc/suricata/suricata.yaml -q 0

7. untuk melihat lognya

tail -f /var/log/suricata/fast.log

8. silahkan penetrasi ke ips suricata dengan tool backtrack dan kali linux atau yg lainya

selamat mencoba

nice info om nanti dah ane coba implementasikan 
Every Second, Every Minutes, Every Hours, Every Days Its Never End

#3
bro saya lagi mengerjakan tugas akhir terkait IPS suricata. saya sudah coba implementasi suricata versi 4.0.0 dan di pasang pada sistem operasi ubuntu 14.04 LTS. saya mengalami kendala ketika konfigurasi ./configure --enable-nfqueue status nfqueue itu yes namun ketika saya mengecek dengan suricata --build-info status nfqueue menjadi no dan ketika dijalankan pun error "nfqueue not enabled". ada yang tau solusinya?





Users browsing this thread: 1 Guest(s)