From 19d701ddf07d855128ded0cf2b573ce468e3bdd6 Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Wed, 20 Jan 2016 01:10:01 +0000 Subject: Removing Suricata and Audit from source repo, and updated build.sh to avoid building suricata. Will re-address this in C release via tar balls. Change-Id: I3710076f8b7f3313cb3cb5260c4eb0a6834d4f6e Signed-off-by: Ashlee Young --- .../doc/Setting_up_IPSinline_for_Linux.txt | 83 ---------------------- 1 file changed, 83 deletions(-) delete mode 100644 framework/src/suricata/doc/Setting_up_IPSinline_for_Linux.txt (limited to 'framework/src/suricata/doc/Setting_up_IPSinline_for_Linux.txt') diff --git a/framework/src/suricata/doc/Setting_up_IPSinline_for_Linux.txt b/framework/src/suricata/doc/Setting_up_IPSinline_for_Linux.txt deleted file mode 100644 index 68eaceac..00000000 --- a/framework/src/suricata/doc/Setting_up_IPSinline_for_Linux.txt +++ /dev/null @@ -1,83 +0,0 @@ -Autogenerated on 2012-11-29 -from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux - - -Setting up IPS/inline for Linux - -In this guide will be explained how to work with Suricata in inline mode and -how to set iptables for that purpose. -First start with compiling Suricata with NFQ support. For instructions see -Ubuntu_Installation. -For more information about NFQ and iptables, see suricata.yaml. -To check if you have NFQ enabled in your Suricata, enter the following command: - - suricata --build-info - -and examine if you have NFQ between the features. -To run suricata with the NFQ mode, you have to make use of the -q option. This -option tells Suricata which of the queue numbers it should use. - - sudo suricata -c /etc/suricata/suricata.yaml -q 0 - - -Iptables configuration - -First of all it is important to know which traffic you would like to send to -Suricata. Traffic that passes your computer or traffic that is generated by -your computer. - -If Suricata is running on a gateway and is meant to protect the computers -behind that gateway you are dealing with the first scenario: forward_ing . -If Suricata has to protect the computer it is running on, you are dealing with -the second scenario: host (see drawing 2). -These two ways of using Suricata can also be combined. -The easiest rule in case of the gateway-scenario to send traffic to Suricata -is: - - sudo iptables -I FORWARD -j NFQUEUE - -In this case, all forwarded traffic goes to Suricata. -In case of the host situation, these are the two most simple iptable rules; - - sudo iptables -I INPUT -j NFQUEUE - sudo iptables -I OUTPUT -j NFQUEUE - -It is possible to set a queue number. If you do not, the queue number will be 0 -by default. -Imagine you want Suricata to check for example just TCP-traffic, or all -incoming traffic on port 80, or all traffic on destination-port 80, you can do -so like this: - - sudo iptables -I INPUT -p tcp -j NFQUEUE - sudo iptables -I OUTPUT -p tcp -j NFQUEUE - -In this case, Suricata checks just TCP traffic. - - sudo iptables -I INPUT -p tcp --sport 80 -j NFQUEUE - sudo iptables -I OUTPUT -p tcp --dport 80 -j NFQUEUE - -In this example, Suricata checks all input and output on port 80. - -To see if you have set your iptables rules correct make sure Suricata is -running and enter: - - sudo iptables -vnL - -In the example you can see if packets are being logged. -This description of the use of iptables is the way to use it with IPv4. To use -it with IPv6 all previous mentioned commands have to start with 'ip6tables'. It -is also possible to let Suricata check both kinds of traffic. -There is also a way to use iptables with multiple networks (and interface -cards). Example: - - sudo iptables -I FORWARD -i eth0 -o eth1 -j NFQUEUE - sudo iptables -I FORWARD -i eth1 -o eth0 -j NFQUEUE - -The options -i (input) -o (output) can be combined with all previous mentioned -options -If you would stop Suricata and use internet, the traffic will not come through. -To make internet work correctly, you have to erase all iptable rules. -To erase all iptable rules, enter: - - sudo iptables -F - -- cgit 1.2.3-korg