/usr/share/doc/suricata/README.Debian is in suricata 3.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | Suricata for Debian
-------------------
The engine is an Open Source Next Generation Intrusion Detection and
Prevention Tool, not intended to just replace or emulate the existing tools in
the industry, but to bring new ideas and technologies to the field.
This is considered as a beta release.
To run the engine with default configuration on interface eth0 (in live mode),
run the following command (as root):
suricata -c /etc/suricata/suricata.yaml -i eth0
To run in live NFQUEUE mode, use (as root):
suricata -c /etc/suricata/suricata.yaml -q $QUEUE_ID
You can also run suricata on a PCAP file:
suricata -c /etc/suricata/suricata.yaml -r file.pcap
Updating Rules
--------------
The default configuration use the snort-rules-default package (with all rules loaded),
and all logging modules activated.
You should edit /etc/suricata/suricata.yaml and adjust it to fit your needs.
Using rules from the snort-rules-default package will not provide up-to-date
rules. The recommended method is to install oinkmaster, configure it to get
Emerging Threats (ET), ET Pro or VRT rules.
Edit ``/etc/oinkmaster.conf`` and use the following URL:
http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
For more help, see
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
-- Pierre Chifflier <pollux@debian.org> Thu, 17 Nov 2011 22:58:00 +0100
|