Suricata (IDS Only) [Debian-Based Systems]

suricata-ids.sh

######################
# Suricata (IDS Only)
######################

# Update and Upgrade
sudo apt update -y && sudo apt upgrade -y
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:oisf/suricata-stable

# Requirements
# sudo apt -y install rustc cargo
# sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
# build-essential autoconf automake libtool libpcap-dev libnet1-dev \
# libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0

# Ensure directories are created
# mkdir /var/lib/suricata
# cd /var/lib/suricata
# sudo mkdir update && sudo mkdir rules
# sudo chmod 757 /rules && sudo chmod 757 /update

# Suricata Version
# VER=5.0.2
# sudo wget "http://www.openinfosecfoundation.org/download/suricata-$VER.tar.gz" 
# sudo tar -xvzf "suricata-$VER.tar.gz" 
# cd "suricata-$VER" 
# ./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
# ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
# make
# sudo make install
# sudo ldconfig
# make install-full

# Install Suricata-Update
apt-get install suricata -y
sudo apt update -y
sudo apt install python-pip
sudo pip install pyyaml
pip install --pre --upgrade suricata-update
suricata-update
suricata-update update-sources
suricata-update enable-source ptresearch/attackdetection
suricata-update enable-source oisf/trafficid
suricata-update enable-source sslbl/ssl-fp-blacklist
suricata-update