We will walk you through the installation of Suricata on Ubuntu 22.04 to ensure that you have a strong network defense mechanism in place. We’ll go over everything from updating system packages to configuring Suricata and automating its startup. By the end of this guide, you will have a thorough understanding of Suricata installation and configuration. Suricata is a powerful open-source Intrusion Detection and Prevention System (IDS/IPS) that can help you secure your Ubuntu 22.04 system. Let’s get started!
Step 1: Update packages index
It is critical to update your system packages to the most recent versions before installing any software. Launch a terminal and type the following command:
sudo apt update && sudo apt upgrade
This command ensures that your system has the most recent security and bug fixes, resulting in a stable environment for Suricata installation.
Step 2: Install Suricata on Ubuntu
We will use the official Ubuntu repositories to install Suricata. In the terminal, type the following command:
sudo apt install suricata
Suricata and its dependencies will be downloaded and installed using this command. It is possible that the installation will take a few moments to complete.
Step 3: Configure Suricata
After the installation is finished, we must configure Suricata to meet our needs. Suricata’s main configuration file is found at /etc/suricata/suricata.yaml. Use your favorite text editor to open this file:
sudo nano /etc/suricata/suricata.yaml
The configuration file contains various settings that govern Suricata’s behavior. It is well-commented to assist you in understanding the purpose of each option.
Step 4: Enable Network Interfaces
Suricata by default doesn’t monitor any network interfaces and needs to know which interfaces to analyze. Look in the configuration file for the af-packet section. Uncomment the interface line and enter the name of the network interface Suricata should monitor. For example:
af-packet: - interface: eth0
Suricata will monitor the network interface eth0 in this example. Save your changes and close the text editor.
Step 5: Start Suricata on Ubuntu
To start Suricata on Ubuntu, run the following command:
sudo suricata -c /etc/suricata/suricata.yaml -i interface
Replace interface with the name of the interface you created in the previous step. This command starts Suricata with the specified configuration file and network interface.
Troubleshooting Suricata on Ubuntu
If you will encounter the following Warning message:
sudo suricata -c /etc/suricata/suricata.yaml -i eth0
22/6/2023 — 10:04:31 – – This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
22/6/2023 — 10:04:31 – – [ERRCODE: SC_ERR_NO_RULES(42)] – No rule files match the pattern /etc/suricata/rules/suricata.rules
22/6/2023 — 10:04:31 – – [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] – 1 rule files specified, but no rules were loaded!
22/6/2023 — 10:04:31 – – all 4 packet processing threads, 4 management threads initialized, engine started.
Follow these steps:
Step 1: Run the following command to update suricata: suricata-update
Step 2: open /etc/suricata/suricata.yaml and configure default-rule-path option, like below:
Step 6: Suricata Startup Automation
We will create a systemd service unit to have Suricata start automatically when your Ubuntu system boots up. To make a new service file, use the following command:
sudo nano /etc/systemd/system/suricata.service
In the service file, add the following lines:
[Unit] Description=Suricata IDS/IPS After=network.target [Service] ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 [Install] WantedBy=default.target
Make sure to change eth0 with your network interface. Exit the text editor and save the file. Then, to enable and start the Suricata service, run the following commands:
sudo systemctl enable suricata.service sudo systemctl start suricata.service
Suricata will be configured to start automatically every time your system boots using these commands.
Congratulations! Suricata on Ubuntu 22.04 has been installed and configured successfully. You now have a strong network intrusion detection and prevention system in place to improve system security. The ability of Suricata on Ubuntu 22.04 to monitor network traffic and detect potential threats adds another layer of defense against cyberattacks.
We covered the entire process in this tutorial, from updating system packages to configuring Suricata Ubuntu 22.04. You have gained a thorough understanding of Suricata installation and configuration on Ubuntu 22.04. Keep Suricata’s rules and configuration up to date with the latest security threats by updating them on a regular basis. Stay safe and take advantage of Suricata’s added security!