meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
linux:ids [2024/04/26 13:18] – created niziaklinux:ids [2024/04/26 15:04] (current) niziak
Line 4: Line 4:
   * suricata   * suricata
   * Suricata + extras: [[https://github.com/StamusNetworks/SELKS|SELKS]]   * Suricata + extras: [[https://github.com/StamusNetworks/SELKS|SELKS]]
 +
 +===== suricata =====
 +
 +Only logs alerts. Need other tool to grep logs and send emails.
 +
 +<file txt /etc/suricata/local.rules>
 +alert udp !$DHCP_SERVERS 67 -> any 68 (msg:"detect rogue DHCP servers!"; sid:123456789;)
 +#alert udp !$DHCP_SERVERS 67 -> 255.255.255.255 any (msg: "detect rogue DHCP server!"; sid:1000001;)
 +</file>
 +
 +===== SELKS =====
 +
 +3 method of installation:
 +  * source
 +  * docker image
 +  * debian based ISO distro
 +
 +