Posted by: Dan O'Connor
base freebsd, suricata freebsd, suricata install freebsd, unified2 freebsd
Now that we have something to control Suricata make sure to set the configuration variables for Suricata.
Ensure your HOME_NET is correct or your results are not going to be so great.
# Holds the address group vars that would be passed in a Signature. # These would be retrieved during the Signature address parsing stage. address-groups: HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" EXTERNAL_NET: any HTTP_SERVERS: "$HOME_NET" SMTP_SERVERS: "$HOME_NET" SQL_SERVERS: "$HOME_NET" DNS_SERVERS: "$HOME_NET" TELNET_SERVERS: "$HOME_NET" AIM_SERVERS: any # Holds the port group vars that would be passed in a Signature. # These would be retrieved during the Signature port parsing stage. port-groups: HTTP_PORTS: "80" SHELLCODE_PORTS: "!80" ORACLE_PORTS: 1521 SSH_PORTS: 22
Now that Suricata is is configured and runs we can install something to manage the events being generated by it.
BASE is listed in the http://www.openinfosecfoundation.org/index.php/faqs as something that is supported.
cd /usr/ports/security/base/ make install clean
BASE has a long list of dependencies to install, so go grab a coffee.