Suricata 3.1 is Released and Available PPA For Ubuntu Derivative System
How to Install and Update Suricata 3.1 on Ubuntu 12.04 Precise Pangolin, Ubuntu 14.04 Trusty Tahr, Ubuntu 15.04 Vivid Vervet, Ubuntu 15.10 Wily Werewolf, Ubuntu 16.04 Xenial Xerus via PPA
Suricata is an open source, multi-platform and totally free network intrusion prevention and detection engine developed by the Open Information Security Foundation (OISF) and its supporting vendors.
The IDS/IPS engine is multi-threaded
Suricata’s IDS/IPS engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
What's new in Suricata 3.1
This release brings significant improvements on the performance side:
- Hyperscan integration for Multi Pattern Matcher and Single Pattern Matcher. If installed, Hyperscan is now the default.
- Rewrite of the detection engine, simplifying rule grouping. This improves performance, while reducing memory usage and start up time in many scenarios.
Packet capture got a lot of attention:
- AF_PACKET support for tpacket-v3 (experimental)
- NETMAP usability improvements, especially on FreeBSD
Config:
- Reorganised default configuration layout provides for intuitive and easy set up.
- This release also comes with libhtp 0.5.20, in which we address a number of issues Steffen Ullrich of HTTP Evader reported.
- A new keyword ‘tls_sni’ was added, including MPM support. It allows matching on the TLS SNI field.
- Other than that, lots of clean ups and optimizations:
- locking has been much simplified
- TCP and IPv6 decoder optimizations
- unittest clean ups
- AFL fuzz testing options were added
To get Suricata 3.1, visit:
http://www.openinfosecfoundation.org/download/suricata-3.1.tar.gz
How to Install Suricata 3.1 on Ubuntu Derivative System :
To Install/Update Suricata 3.1 via PPA on Ubuntu 16.04 Xenial Xerus, Ubuntu 15.10 wily werewolf, Ubuntu 15.04 vivid Vervet, ubuntu 14.10 Utopic Unicorn, Ubuntu 14.04 Trusty Tahr (LTS), Ubuntu 13.10/13.04/12.04, Linux Mint 17.1 Rebecca, Linux Mint 17 Qiana, Linux Mint 13 Maya, Pinguy OS 14.04, Elementary OS 0.3 Freya, Elementary OS 0.2 Luna, Peppermint Five, Deepin 2014, LXLE 14.04, Linux Lite 2.0, Linux Lite 2.2 and other Ubuntu derivative systems, open a new Terminal window and bash (get it?) in the following commands:To setup to install the latest stable Suricata, do:
sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update
Then you can install the latest stable Suricata with:
sudo apt-get install suricata
or for the Suricata package with build in (enabled) debugging!
sudo apt-get install suricata-dbg
After installation, continue with the Basic Setup.
Upgrading,
Upgrading is simple:
sudo apt-get update
sudo apt-get upgrade
Remove
To remove Suricata from your system:
sudo apt-get remove suricata
Enjoy! I hope this article adding you more clarity.