1
Intrusion Detection and Prevention / suricata initial setup/test
« on: December 03, 2021, 02:04:37 am »
i need some help with initial setup of suricata 6.0.4 on opnsense 21.7.6 ..
is the youtube tutorial from last year now outdated? i tried:
Interfaces > Settings > Network Interfaces
hardware acceleration x3 turned off
Services > Intrusion Detection > Administration > Settings
enabled
IPS mode off so IDS will alert only
Interfaces > LAN only because Firewall > NAT > Outbound is Automatic
Administration > Download
enabled and downloaded/updated the test ruleset OPNsense-App-detect/test
Administration > Rules
7999999 alert opnsense.test.rules bad-unknown OPNsense test eicar virus
Administration > Schedule
enabled default daily update
but no luck getting the client download of eicar.com.txt to trigger an alert
Administration > Alerts
No results found!
so i tried adding a policy but still no luck
Services > Intrusion Detection > Policy
enabled
priority: 0
rulesets: opnsense.test.rules
action: alert
rules classtype: nothing selected
new acton: alert
For those wanting to get started with IDS/IPS, this is an excellent tutorial - https://www.youtube.com/watch?v=_yIq3GM4gjA&t=6s
is the youtube tutorial from last year now outdated? i tried:
Interfaces > Settings > Network Interfaces
hardware acceleration x3 turned off
Services > Intrusion Detection > Administration > Settings
enabled
IPS mode off so IDS will alert only
Interfaces > LAN only because Firewall > NAT > Outbound is Automatic
Administration > Download
enabled and downloaded/updated the test ruleset OPNsense-App-detect/test
Administration > Rules
7999999 alert opnsense.test.rules bad-unknown OPNsense test eicar virus
Administration > Schedule
enabled default daily update
Code: [Select]
2021-12-02T19:50:48 suricata[27873] [100250] <Notice> -- all 1 packet processing threads, 4 management threads initialized, engine started.
2021-12-02T19:50:48 suricata[26200] [100160] <Notice> -- This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
Code: [Select]
$ curl http://pkg.opnsense.org/test/eicar.com.txt
but no luck getting the client download of eicar.com.txt to trigger an alert
Administration > Alerts
No results found!
so i tried adding a policy but still no luck
Services > Intrusion Detection > Policy
enabled
priority: 0
rulesets: opnsense.test.rules
action: alert
rules classtype: nothing selected
new acton: alert