We will walk you through the installation of Suricata on Ubuntu 22.04 to ensure that you have a strong network defense mechanism in place. We’ll go over everything from updating system packages to configuring Suricata and automating its startup. By the end of this guide, you will have a thorough understanding of Suricata installation and configuration. Suricata is a powerful open-source Intrusion Detection and Prevention System (IDS/IPS) that can help you secure your Ubuntu 22.04 system. Let’s get started!

Step 1: Update packages index

It is critical to update your system packages to the most recent versions before installing any software. Launch a terminal and type the following command:

sudo apt update && sudo apt upgrade

This command ensures that your system has the most recent security and bug fixes, resulting in a stable environment for Suricata installation.

Step 2: Install Suricata on Ubuntu

We will use the official Ubuntu repositories to install Suricata. In the terminal, type the following command:

sudo apt install suricata
Install Suricata on Ubuntu

Suricata and its dependencies will be downloaded and installed using this command. It is possible that the installation will take a few moments to complete.

Step 3: Configure Suricata

After the installation is finished, we must configure Suricata to meet our needs. Suricata’s main configuration file is found at /etc/suricata/suricata.yaml. Use your favorite text editor to open this file:

sudo nano /etc/suricata/suricata.yaml

The configuration file contains various settings that govern Suricata’s behavior. It is well-commented to assist you in understanding the purpose of each option.

Step 4: Enable Network Interfaces

Suricata by default doesn’t monitor any network interfaces and needs to know which interfaces to analyze. Look in the configuration file for the af-packet section. Uncomment the interface line and enter the name of the network interface Suricata should monitor. For example:

  - interface: eth0

Suricata will monitor the network interface eth0 in this example. Save your changes and close the text editor.

Step 5: Start Suricata on Ubuntu

To start Suricata on Ubuntu, run the following command:

sudo suricata -c /etc/suricata/suricata.yaml -i interface

Replace interface with the name of the interface you created in the previous step. This command starts Suricata with the specified configuration file and network interface.

Start Suricata on Ubuntu

Troubleshooting Suricata on Ubuntu

If you will encounter the following Warning message:

sudo suricata -c /etc/suricata/suricata.yaml -i eth0
22/6/2023 — 10:04:31 – – This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
22/6/2023 — 10:04:31 – – [ERRCODE: SC_ERR_NO_RULES(42)] – No rule files match the pattern /etc/suricata/rules/suricata.rules
22/6/2023 — 10:04:31 – – [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] – 1 rule files specified, but no rules were loaded!
22/6/2023 — 10:04:31 – – all 4 packet processing threads, 4 management threads initialized, engine started.

Follow these steps:

Step 1: Run the following command to update suricata: suricata-update
Step 2: open /etc/suricata/suricata.yaml and configure default-rule-path option, like below:

default-rule-path: /var/lib/suricata/rules

  • suricata.rules

Step 6: Suricata Startup Automation

We will create a systemd service unit to have Suricata start automatically when your Ubuntu system boots up. To make a new service file, use the following command:

sudo nano /etc/systemd/system/suricata.service

In the service file, add the following lines:

Description=Suricata IDS/IPS

ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0


Make sure to change eth0 with your network interface. Exit the text editor and save the file. Then, to enable and start the Suricata service, run the following commands:

sudo systemctl enable suricata.service
sudo systemctl start suricata.service

Suricata will be configured to start automatically every time your system boots using these commands.

Final Thoughts

Congratulations! Suricata on Ubuntu 22.04 has been installed and configured successfully. You now have a strong network intrusion detection and prevention system in place to improve system security. The ability of Suricata on Ubuntu 22.04 to monitor network traffic and detect potential threats adds another layer of defense against cyberattacks.

We covered the entire process in this tutorial, from updating system packages to configuring Suricata Ubuntu 22.04. You have gained a thorough understanding of Suricata installation and configuration on Ubuntu 22.04. Keep Suricata’s rules and configuration up to date with the latest security threats by updating them on a regular basis. Stay safe and take advantage of Suricata’s added security!

1 Comment

How To Install ConfigServer Security & Firewall -CSF On Almalinux - Virtono Community · September 28, 2023 at 1:49 PM

[…] In this guide, we will walk you through the step-by-step process of installing CSF on AlmaLinux, ensuring that your system is fortified against potential threats. Every system administrator has a responsibility to protect their server from potential attacks and vulnerabilities. ConfigServer Security & Firewall (CSF) is a strong tool that can assist in enhancing the security of your server. […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.