Skip to content

Instantly share code, notes, and snippets.

@austinsonger

austinsonger/suricata-ids-ips.sh

Last active March 28, 2022 10:11
Show Gist options
  • Save austinsonger/dbc5e799fb4e6b2326009c53adc81b41 to your computer and use it in GitHub Desktop.
Save austinsonger/dbc5e799fb4e6b2326009c53adc81b41 to your computer and use it in GitHub Desktop.
Download ZIP
Suricata (IDS + IPS) [Debian-Based Systems]
Raw
suricata-ids-ips.sh
######################
# Suricata (IDS + IPS)
######################
# Update and Upgrade
sudo update -y && sudo upgrade -y
# Requirements
sudo apt -y install rustc cargo
sudo apt -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential autoconf automake libtool libpcap-dev libnet1-dev libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 libnspr4-dev libnss3-dev liblz4-dev
make libmagic-dev libjansson-dev libjansson4 pkg-config
sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0
# Ensure directories are created
mkdir /var/lib/suricata
cd /var/lib/suricata
sudo mkdir update && sudo mkdir rules
sudo chmod 757 /rules && sudo chmod 757 /update
# Suricata Version
VER=5.0.2
sudo wget "http://www.openinfosecfoundation.org/download/suricata-$VER.tar.gz"
sudo tar -xvzf "suricata-$VER.tar.gz"
cd "suricata-$VER"
sudo ./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
# Make and Install
sudo make
sudo make install-full
sudo ldconfig
# Install Suricata-Update
sudo apt update -y
sudo apt install python-pip
sudo pip install pyyaml
sudo pip install --upgrade suricata-update
suricata-update enable-source ptresearch/attackdetection
suricata-update enable-source oisf/trafficid
suricata-update enable-source sslbl/ssl-fp-blacklist
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment