Simonadeka/Suricata-IDS-Lab-Setup

GitHub: Simonadeka/Suricata-IDS-Lab-Setup

记录在 VirtualBox 中从零搭建 Suricata 入侵检测系统的分步指南，帮助安全初学者快速构建本地学习与测试环境。

Stars: 0 | Forks: 0

# Suricata IDS 实验环境搭建 ## 描述本仓库记录了在 VirtualBox 实验环境中搭建 Suricata IDS（Intrusion Detection System，入侵检测系统）的过程。目标是学习 Suricata 配置、规则管理、实时警报和故障排除。 ## README ### Suricata IDS 实验环境搭建在 VirtualBox 实验环境中搭建 Suricata IDS 的分步指南。 **内容：** - Suricata 的安装与配置 - 规则管理与更新 - 测试实时警报 - 故障排除与调优 - 截图与示例 **实验环境：** - VirtualBox - Ubuntu 22.04 虚拟机（Suricata Sensor） - Ubuntu 22.04 虚拟机（Suricata Controller） ## 前置条件 * 已安装 VirtualBox * Ubuntu 22.04 虚拟机（Suricata Sensor） * 另一台 Ubuntu 22.04 虚拟机（Suricata Controller） * 基本的 Linux 知识 ## 步骤 1：安装 Suricata 在你的 Suricata Sensor 虚拟机上运行以下命令： ``` sudo apt update sudo apt install suricata ## 步骤 2：配置 Suricata Open the Suricata config file: ```bash sudo nano /etc/suricata/suricata.yaml ''''' Update the `rule-files` section to look like this: ```yaml rule-files: - /var/lib/suricata/rules/suricata.rules ![Suricata Config Screenshot](https://raw.githubusercontent.com/Simonadeka/Suricata-IDS-Lab-Setup/main/screenshots/suricata-config.png) ### 3. 更新 Rules Run the update command to get the latest rules: ```bash sudo suricata-update ![Suricata Update Screenshot](https://static.pigsec.cn/wp-content/uploads/repos/2026/05/f37524d982151339.png) Check the rule file configuration: ```bash sudo nano /etc/suricata/rules/suricata.rules ![Rule File Config Screenshot](https://raw.githubusercontent.com/Simonadeka/Suricata-IDS-Lab-Setup/main/screenshots/Rule%20file%20conf.png) ### 4. 修复 Rule 文件路径 If you get a path error, update the rule file path in `suricata.yaml`: ```bash sudo nano /etc/suricata/suricata.yaml ![Fix Rule File Path Screenshot](https://raw.githubusercontent.com/Simonadeka/Suricata-IDS-Lab-Setup/main/screenshots/Fix%20rule%20file%20path.png) ### 5. 启动 Suricata Start Suricata in IDS mode: ```bash sudo suricata -c /etc/suricata/suricata.yaml -i eth0 ![Suricata Active Screenshot](https://static.pigsec.cn/wp-content/uploads/repos/2026/05/e545dbd324151342.jpg) ![Suricata Loaded Successfully Screenshot](https://raw.githubusercontent.com/Simonadeka/Suricata-IDS-Lab-Setup/main/screenshots/Suricata%20loaded%20successfully.jpeg) ### 6. 测试安装 Run a test to confirm Suricata is working: ```bash sudo suricata --test -c /etc/suricata/suricata.yaml ![Install Suricata Screenshot](https://static.pigsec.cn/wp-content/uploads/repos/2026/05/e580a8afa5151344.png) ### 快速参考 - 所有命令 ```bash # 1. 更新 Suricata rules sudo suricata-update # 2. 检查 rule 文件配置 sudo nano /etc/suricata/rules/suricata.rules # 3. 修复 config 中的 rule 文件路径 sudo nano /etc/suricata/suricata.yaml # 4. 以 IDS 模式启动 Suricata sudo suricata -c /etc/suricata/suricata.yaml -i eth0 # 5. 测试安装 sudo suricata --test -c /etc/suricata/suricata.yaml ``` ### 仓库结构 ``` suricata-ids-lab-setup/ ├── README.md ├── screenshots/ │ ├── Rule file conf.png │ ├── Fix rule file path.png │ ├── Suricata Active.jpeg │ ├── Suricata loaded successfully.jpeg │ └── Install suricata.png ``` ### 联系我 - **LinkedIn**: [simon.adeka/](https://www.linkedin.com/in/simon-adeka/) - **GitHub**: [Simonadeka](https://github.com/Simonadeka/) 由 Simon Friday Adeka 使用 🚀 构建

标签：AMSI绕过, Metaprompt, PB级数据处理, Suricata, Ubuntu 22.04, VirtualBox, 入侵检测系统, 威胁检测, 安全数据湖, 安全运维, 安全配置, 实验环境搭建, 故障排查, 流量监控, 现代安全运营, 网络安全, 虚拟机实验, 规则管理, 隐私保护