New Paste

 

Recent Pastes

Administrate




Pastebin on paste.luisaranguren.com

PasteID: s16
Pasted by Anonymous, 2025-05-03 14:23:51 GMT
Expires Never
Paste size 1.38 Kb
Tools Raw   Download
 
  1. If you want to run Suricata in IDS mode, add to /etc/rc.conf:  
  2.   
  3. 	suricata_enable="YES"  
  4. 	suricata_interface="<if>"  
  5.   
  6. NOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode.  
  7.   
  8. However, if you want to run Suricata in Inline IPS Mode in divert(4) mode,  
  9. add to /etc/rc.conf:  
  10.   
  11. 	suricata_enable="YES"  
  12. 	suricata_divertport="8000"  
  13.   
  14. NOTE:  
  15. 	Suricata won't start in IDS mode without an interface configured.  
  16. 	Therefore if you omit suricata_interface from rc.conf, FreeBSD's  
  17. 	rc.d/suricata will automatically try to start Suricata in IPS Mode  
  18. 	(on divert port 8000, by default).  
  19.   
  20. Alternatively, if you want to run Suricata in Inline IPS Mode in high-speed  
  21. netmap(4) mode, add to /etc/rc.conf:  
  22.   
  23. 	suricata_enable="YES"  
  24. 	suricata_netmap="YES"  
  25.   
  26. NOTE:  
  27. 	Suricata requires additional interface settings in the configuration  
  28. 	file to run in netmap(4) mode.  
  29.   
  30. RULES: Suricata IDS/IPS Engine comes without rules by default. You should  
  31. add rules by yourself and set an updating strategy. To do so, please visit:  
  32.   
  33.  http://www.openinfosecfoundation.org/documentation/rules.html  
  34.  http://www.openinfosecfoundation.org/documentation/emerging-threats.html  
  35.   
  36. You may want to try BPF in zerocopy mode to test performance improvements:  
  37.   
  38. 	sysctl -w net.bpf.zerocopy_enable=1  
  39.   
  40. Don't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf  
  41. >>> Cleaning up cache... done.  
  42. Success  
  43.  

 
 

 
 
 
 
 
Written by Xan Manning, 2010.