Thursday, July 10, 2025

How To Install Suricata IDS on Oracle Linux Server 9

 Suricata is an open-source detection engine that can act as an intrusion detection system (IDS) and an intrusion prevention system (IPS).
__________________________________________________________________________________________________________________________________
Server - Os:  Oracle Linux Server 9   64Bit      | IP -192.168.1.50        |Hostname - server.testbox.com
__________________________________________________________________________________________________________________________________
cat /etc/system-release ; dnf groupinstall "Development Tools" -y
dnf install epel-release -y
dnf info suricata
dnf install suricata -y
ip --brief add

nano /etc/suricata/suricata.yaml
HOME_NET: "[192.168.1.50]"
EXTERNAL_NET: "!$HOME_NET"


af-packet:
  - interface: ens33

default-rule-path: /var/lib/suricata/rules
rule-files:
  - suricata.rules

ethtool -K ens33 gro off lro off

nano /etc/sysconfig/suricata
OPTIONS="-i ens33 --user suricata "

systemctl enable --now suricata
systemctl status suricata
tail /var/log/suricata/suricata.log
__________________________________________________________________________________________________________________________________

No comments:

Post a Comment