[Oisf-users] Hello and question about setting up Suricata as a Web Application IDS
Victor Julien
victor at inliniac.net
Thu Mar 24 11:27:02 UTC 2011
On 03/24/2011 11:34 AM, Michiel van Es wrote:
> On Thu, 24 Mar 2011 10:30:38 +0000, Chris Wakelin wrote:
>> On 24/03/11 10:19, Michiel van Es wrote:
>>> Hi,
>>>
>>> I am pretty new to Snort/Suricata and WAF's.
>>> I have set up Snort with some rules (web-attacks.rules) with some
>>> simple custom rules to detect XSS and SQL Injection:
>>> My goal is to setup Suricata as a replacement of snort and it only
>>> should detect XSS and SQL injection attacks, I don't bother about
>>> all
>>> other rules/alerts (like portscans etc.).
>>
>> ...
>>
>>>
>>> I just want Suricata to detect and log/alert me about these
>>> attacks.
>>> I use Ubuntu 10.10 (Maverick) 64 bit with the Suricata package from
>>> its
>>> repo:
>>> root at vps500:/etc/snort/rules# dpkg -l | grep suricata
>>> ii suricata 1.0.1-1
>>> Next Generation Intrusion Detection and Prevention
May I suggest installing from source. Preferably the latest GIT code.
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT
Or else at least 1.0.2:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation
Btw, since you are using Ubuntu there are at least 2 ppa's available
that provide more up 2 date builds:
https://launchpad.net/~honeynet/+archive/nightly
https://launchpad.net/~ebf0/+archive/gamelinux/
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list