Irregular Expressions

Mar 2 2010   10:45AM GMT

Installing Suricata on FreeBSD – Part 4

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Now that we have something to control Suricata make sure to set the configuration variables for Suricata.

Ensure your HOME_NET is correct or your results are not going to be so great.

  # Holds the address group vars that would be passed in a Signature.
  # These would be retrieved during the Signature address parsing stage.
  address-groups:

    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"

    EXTERNAL_NET: any

    HTTP_SERVERS: "$HOME_NET"

    SMTP_SERVERS: "$HOME_NET"

    SQL_SERVERS: "$HOME_NET"

    DNS_SERVERS: "$HOME_NET"

    TELNET_SERVERS: "$HOME_NET"

    AIM_SERVERS: any

  # Holds the port group vars that would be passed in a Signature.
  # These would be retrieved during the Signature port parsing stage.
  port-groups:

    HTTP_PORTS: "80"

    SHELLCODE_PORTS: "!80"

    ORACLE_PORTS: 1521

    SSH_PORTS: 22

Now that Suricata is is configured and runs we can install something to manage the events being generated by it.

BASE is listed in the http://www.openinfosecfoundation.org/index.php/faqs as something that is supported.

http://base.secureideas.net/

cd /usr/ports/security/base/
make install clean

BASE has a long list of dependencies to install, so go grab a coffee.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: