- Authors : Tomáš Mokoš, Marek Brodec
- Operating system : Ubuntu 16.04
- Elasticsearch version : 5.5.1
- Suricata version : 4.0.1
This article is outdated, see the newer installation guides below.
This article is outdated, see the newer installation guides below.
Integrating Suricata alerts into Moloch
Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and updates of the associated files.
This guide will walk you through the installation of Scirius Community Edition on Ubuntu 16.04 operating system.
Before proceeding with installation of Scirius CE, you need to have IDS Suricata installed. Installation guide for Suricata can be found here.
First, add the latest stable Suricata repository to APT:
sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update
Now you can either install Suricata with:
sudo apt-get install suricata
or the Suricata package with built-in (enabled) debugging
sudo apt-get install suricata-dbg
Start with creating a directory for Suricata’s log information.
sudo mkdir /var/log/suricata
To prepare the system for using it, enter:
sudo mkdir /etc/suricata
The next step is to copy classification.config, reference.config and suricata.yaml from the base build/installation directory (ex. from git it will be the oisf directory) to the /etc/suricata directory. Do so by entering the following:
sudo cp classification.config /etc/suricata
sudo cp reference.config /etc/suricata
sudo cp suricata.yaml /etc/suricata
You can also use the available auto setup features of Suricata:
The make install-conf option will do the regular “make install” and then automatically create/setup all the necessary directories and suricata.yaml.
./configure && make && make install-conf
The make install-rules option will do the regular “make install” and it automatically downloads and sets up the latest ruleset from Emerging Threats available for Suricata.
./configure && make && make install-rules
The make install-full option combines everything mentioned above (install-conf and install-rules) – and will present you with a ready to run (configured and set up) Suricata
./configure && make && make install-full