Irregular Expressions

Mar 2 2010   10:45AM GMT

Installing Suricata on FreeBSD – Part 4

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Now that we have something to control Suricata make sure to set the configuration variables for Suricata.

Ensure your HOME_NET is correct or your results are not going to be so great.

  # Holds the address group vars that would be passed in a Signature.
  # These would be retrieved during the Signature address parsing stage.
  address-groups:

    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"

    EXTERNAL_NET: any

    HTTP_SERVERS: "$HOME_NET"

    SMTP_SERVERS: "$HOME_NET"

    SQL_SERVERS: "$HOME_NET"

    DNS_SERVERS: "$HOME_NET"

    TELNET_SERVERS: "$HOME_NET"

    AIM_SERVERS: any

  # Holds the port group vars that would be passed in a Signature.
  # These would be retrieved during the Signature port parsing stage.
  port-groups:

    HTTP_PORTS: "80"

    SHELLCODE_PORTS: "!80"

    ORACLE_PORTS: 1521

    SSH_PORTS: 22

Now that Suricata is is configured and runs we can install something to manage the events being generated by it.

BASE is listed in the http://www.openinfosecfoundation.org/index.php/faqs as something that is supported.

http://base.secureideas.net/

cd /usr/ports/security/base/
make install clean

BASE has a long list of dependencies to install, so go grab a coffee.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: