Mar 07, 2008 2. Add the following line to CentOS - Extras: exclude=libnet. Now you should be able to run: yum -y install sguil-server yum -y install sguil-sensor yum -y install sguil-client and have the neccessary software download and installed. Please report ANY issues to rfifarek.AT. synfulpacket.DOT. net, as this is completely maintained by me.
Today, we are going to learn how to install and setup Suricata on Ubuntu 18.04. Suricata is an opensource network threat detection tool. Suricata uses rules and signatures to detect threat in network traffic. It also supports Lua scripting language that helps it unearth the most complex would be threats in the network. Suricata is a product of Open Information Security Foundation. It is capable of providing NIDS, IPS, NSM and offline pcap processing. It can be integrated with other tools such as BASE, Snorby, Sguil, SQueRT, ELK, SIEM solutions etc.
To see a complete list of features supported by Suricata, you can check all features.
Install and Setup Suricata on Ubuntu 18.04
There are two ways in which you can install and setup Suricata on Ubuntu 18.04;
- Installing from the source
- Installing from PPA Repository
In this guide, we are going to cover both methods of installing Suricata on Ubuntu 18.04.
Installing Suricata from Source On Ubuntu 18.04
Installation Suricata from the Source on Ubuntu 18.04 is the surest way to get the latest and stable version of Suricata up and running on Ubuntu 1804. However it requires some little extra effort. Hence, before you can install Suricata from the source, ensure that you got all the required dependencies installed.
Install Suricata rules update tool
Suricata function as an IDS out of the box. If you need to include the IPS funtionality, install the following libraries.
Next, download the latest and stable Suricata tarball. You can simply download as shown below;
Once the download is complete, extract the tarball.
Navigate to Suricata tarball extract directory to configure Suricata engine for compilation. This ensures that Suricata is build with IPS capabilities.
Compile and install the Suricata engine
The
make install-full
command will simply install both Suricata initial configuration file and the Suricata rules using the new Suricata rule management tool, suricata-update
. If the installation is successful, you should see the output below;The configuration file is set under
/etc/suricata/suricata.yaml
while the rules are written to /etc/suricata/rules/
.Installing Suricata from PPA repository
Even though Suricata is available on the default Ubuntu 18.04 repositories, it may not be up-to-date. As a result, to ensure that you got the latest version installed, you need to add the following PPA repository.
Once the PPA repo is set, install Suricata with the package manager.
You can instead install Suricata with debugging enabled.
That is all with installation. At the end of installation, you will have Suricata rules under
/etc/suricata/rules
/ and the main configuration file under /etc/suricata/suricata.yaml
.To list the Suricata rules;
Configure Suricata on Ubuntu 18.04
The main configuration file for Suricata is
/etc/suricata/suricata.yaml
. The file itself is commented well enough to provide a clear understanding of what every setting is for.To begin with, you need to configure Suricata to differentiate between your internal network to be proctected and external network. This can be done by defining the correct values for the
HOME_NET
and EXTERNAL_NET
variables respectively under the address groups.In my case, am using the IP address,
192.168.43.220
, as my home network. The external networks are set to any that doesnt match the home networks.For the purposes of learning, we are going to demonstrate how to alert on a possible SYN flood. As a result we are going to create our own test rule as shown below;
The rule basically fires when there are 100 attempted connections to the local network in 10 seconds.
Next, you need to configure Suricata to include this rule. Hence, edit the Suricata configuration file and add the rules file under the
rule-files:
section.You are now ready to perform the tests However, before you can proceed, you need to disable packet offload features on the network interface on which Suricata is listen.
If you get the
Cannot change large-receive-offload
, it means that your interface doesn’t support this feature and it is safe to ignore it. However, you can verify this by running the command below;Next, fire Suricata in PCAP live mode by executing the command below.
By the way, there are various modes in which Suricata can run. You can list them by running the command below;
While Suricata is running, run the command below from different server and tail the Suricata logs on Suricata host to see what is happening;
If your rule is set correctly, you should be able to get the above output.
That is all about how to Install and Setup Suricata on Ubuntu 18.04. Feel free to read more about Suricata on their documentation page.
CentOS 8 is the latest release of CentOS Linux operating system, which is based on Red Hat Enterprise Linux 8. In this tutorial we will help you to install Apache web server on CentOS 8 or RHEL 8 system with additional configuration and security.
Prerequsities
- SSH access to CentOS/RHEL 8 system
- Sudo privileges to user to install packages
Install Apache on CentOS 8
First of all, Login to your CentOS 8 or RHEL 8 system via SSH. Then install Apache2 HTTP server packages using the following command. This will also install additional required packages on your system.
Wait for the installation complete
Manage Apache Service
Apache service is managed with systemctl command line on CentOS/RHEL 8. After installation, use the following command to enable the Apache service and then start it.
Here is the other commands to stop and restart Apache service via command line.
Test Apache Setup
You can view the installed Apache version details using the following command.
Create a test html page under default document root directory (/var/www/html).
Now access your Apache server using the server’s IP address or a domain pointed to the server IP.
Create Virtual Hosts
Let’s create the first virtual host on your Apache server. For the tutorial, we are using sample domain “example.com”. Here we will create a Virtual host for example.com on port 80.
Create a sample index file in a directory:
Then create Virtualhost configuration file and edit in editor:
Add the following content at the end of the configuration file. You may change the domain name as per your domain.
2 | ServerSignatureOff |
After that edit the Apache default SSL configuration file:
Here is the multiple security related settings. Add or Update the following settings. We are not going in detailed discriptions about it but these settings are very useful for the production servers.
2 4 6 8 10 12 14 16 18 | # Requires Apache 2.4.36 & OpenSSL 1.1.1 SSLOpenSSLConfCmdCurvesX25519:secp521r1:secp384r1:prime256v1 # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 HeaderalwayssetStrict-Transport-Security'max-age=63072000; includeSubDomains; preload' HeaderalwayssetX-Content-Type-Optionsnosniff SSLCompressionoff SSLStaplingCache'shmcb:logs/stapling-cache(150000)' SSLSessionTicketsOff |
After making changes restart the Apache service to apply new configuration.
Conclusion
All done, You are running a secured Apache server on your CentOS 8 or RHEL 8 Linux system.