diff options
author | Ashlee Young <ashlee@wildernessvoice.com> | 2016-01-20 01:10:01 +0000 |
---|---|---|
committer | Ashlee Young <ashlee@wildernessvoice.com> | 2016-01-20 01:10:11 +0000 |
commit | 19d701ddf07d855128ded0cf2b573ce468e3bdd6 (patch) | |
tree | 0edcd3461ca903c76e431bb7c6348c42a0f12488 /framework/src/suricata/doc/Basic_Setup.txt | |
parent | fac6fbefbfad1cf837ddd88bc0d330559c8eb6f9 (diff) |
Removing Suricata and Audit from source repo, and updated build.sh to avoid building suricata. Will re-address this in C release via tar balls.
Change-Id: I3710076f8b7f3313cb3cb5260c4eb0a6834d4f6e
Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>
Diffstat (limited to 'framework/src/suricata/doc/Basic_Setup.txt')
-rw-r--r-- | framework/src/suricata/doc/Basic_Setup.txt | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/framework/src/suricata/doc/Basic_Setup.txt b/framework/src/suricata/doc/Basic_Setup.txt deleted file mode 100644 index 1769e1d4..00000000 --- a/framework/src/suricata/doc/Basic_Setup.txt +++ /dev/null @@ -1,116 +0,0 @@ -Autogenerated on 2012-11-29 -from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup - - -Basic Setup - -When using Debian or FreeBSD, make sure you enter all commands as root/super- -user because for these operating systems it is not possible to use 'sudo'. -Start with creating a directory for Suricata's log information. - - sudo mkdir /var/log/suricata - - -To prepare the system for using it, enter: - - sudo mkdir /etc/suricata - -The next step is to copy classification.config, reference.config and -suricata.yaml from the base build/installation directory (ex. from git it will -be the oisf directory) to the /etc/suricata directory. Do so by entering the -following: - - sudo cp classification.config /etc/suricata - sudo cp reference.config /etc/suricata - sudo cp suricata.yaml /etc/suricata - - -Auto setup - -You can also use the available auto setup features of Suricata: -ex: - - ./configure && make && make install-conf - -make install-conf -would do the regular "make install" and then it would automatically create/ -setup all the necessary directories and suricata.yaml for you. - - ./configure && make && make install-rules - -make install-rules -would do the regular "make install" and then it would automatically download -and set up the latest ruleset from Emerging Threats available for Suricata - - ./configure && make && make install-full - -make install-full -would combine everything mentioned above (install-conf and install-rules) - and -will present you with a ready to run (configured and set up) Suricata - -Setting variables - -Make sure every variable of the vars, address-groups and port-groups in the -yaml file is set correctly for your needs. A full explanation is available in -the Rule_vars_section_of_the_yaml. You need to set the ip-address(es) of your -local network at HOME_NET. It is recommended to set EXTERNAL_NET to !$HOME_NET. -This way, every ip-address but the one set at HOME_NET will be treated as -external. It is also possible to set EXTERNAL_NET to 'any', only the -recommended setting is more precise and lowers the change that false positives -will be generated. HTTP_SERVERS, SMTP_SERVERS , SQL_SERVERS , DNS_SERVERS and -TELNET_SERVERS are by default set to HOME_NET. AIM_SERVERS is by default set at -'any'. These variables have to be set for servers on your network. All settings -have to be set to let it have a more accurate effect. -Next, make sure the following ports are set to your needs: HTTP_PORTS, -SHELLCODE_PORTS, ORACLE_PORTS and SSH_PORTS. -Finally, set the host-os-policy to your needs. See Host_OS_Policy_in_the_yaml -for a full explanation. - - windows:[] - bsd: [] - bsd-right: [] - old-linux: [] - linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000: - 0000"] - old-solaris: [] - solaris: ["::1"] - hpux10: [] - hpux11: [] - irix: [] - macos: [] - vista: [] - windows2k3: [] - -Note that bug #499 may prevent you from setting old-linux, bsd-right and old- -solaris right now. - -Interface cards - -To check the available interface cards, enter: - - ifconfig - -Now you can see which one you would like Suricata to use. -To start the engine and include the interface card of your preference, enter: - - sudo suricata -c /etc/suricata/suricata.yaml -i wlan0 - -Instead of wlan0, you can enter the interface card of your preference. -To see if the engine is working correctly and receives and inspects traffic, -enter: - - cd /var/log/suricata - -Followed by: - - tail http.log - -And: - - tail -n 50 stats.log - -To make sure the information displayed is up-dated in real time, use the - -f option before http.log and stats.log: - - tail -f http.log stats.log - |