Suricata is an open source network intrusion detection system(NIDS). It is developed by The Open Information Security Foundation and the first stable release was available back in summer 2010.
Since Ubuntu 10.10 there is already a suricata package in the official Ubuntu repository. But if you want to try the latest version of suricata you can use the Honeynet PPA on launchpad.net. At the moment the packages are build every weekend for Ubuntu 10.04 and 10.10.
To install packages from the PPA you have to add it to your source list. The easiest way to do this is by using the add-apt-repository tool. If it isn't already available in your systems you can just install by installing the python-software-properties package.
$ sudo apt-get install python-software-properties
Adding a new repository is now very simple and don't forget to update your package index.
$ sudo add-apt-repository ppa:honeynet/nightly
$ sudo apt-get update
After this you can install suricata by running the command.
$ sudo apt-get install suricata
You can find a sample configuration here: /etc/suricata/suricata-debian.yaml
Links
- Suricata project website (english)
- The Open Information Security Foundation (english)
- Ubuntu (english)
- PPA on launcpad.net (english)