Konfiguracja Microtik
/tool sniffer set streaming-enabled=yes streaming-server=<ip_of_the_server>
/tool sniffer set filter-ip-address=<an_example_filter_ip>
tool sniffer print ; tool sniffer start ; tool snifer stop
Konfiguracja Ubuntu 16.04 LTS (trafr used port udp 37008)
apt install libc6-amd64 suricata snort
cd /etc/suricata/
wget -c https://rules.emergingthreatspro.com/open/suricata/emerging.rules.tar.gz
tar -xzf emerging.rules.tar.gz
cd root
wget -c https://mikrotik.com/download/trafr.tgz
tar zxf trafr.tgz
cp -a /root/trafr /sbin/
trafr -s | /usr/sbin/tcpdump -nr -
trafr test.pcap 10.5.3.254
tcpdump -ttnnr test.pcap
trafr -s | suricata -c /etc/suricata/suricata-debian.yaml -r -
tail -f /var/log/suricata/fast.log
vi /etc/oinkmaster.conf
add url = https://rules.emergingthreatspro.com/open/suricata/emerging.rules.tar.gz
oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
vi /etc/cron.daily/suricataUpdateRules
add #!/bin/bash
/usr/sbin/oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules |& grep -i "error" > /dev/null
/bin/kill -USR2 `pidof suricata`
chmod 755 /etc/cron.daily/suricataUpdateRules
vi /etc/init/suricata.conf
add # suricata
description "Intruder Detection System Daemon"
start on runlevel [2345]
stop on runlevel [!2345]
expect fork
exec /sbin/trafr -s | /usr/bin/suricata -c /etc/suricata/suricata-debian.yaml -r - &
vi /etc/rc.local
add /sbin/trafr -s | /usr/bin/suricata -c /etc/suricata/suricata-debian.yaml -r - &
IDS (Intrusion Detection Systems) systemy wykrywania intruzów.
IPS (Intrusion Prevention Systems) systemy zapobiegające przeprowadzaniu ataków