Setting up IPS with Docker Image
699 views
Skip to first unread message
Joppe Oostenrijk
Nov 25, 2021, 5:17:48 AM11/25/21
to SELKS
Hi,
I'm using the Docker image and want to set up IPS mode for Suricata.
Would edditing the suricata.yaml file in this way: https://suricata.readthedocs.io/en/suricata-6.0.0/setting-up-ipsinline-for-linux.html#settings-up-ips-at-layer-2
work for that?
Or should I do this another way?
Kind regards,
Joppe
Peter Manev
Nov 26, 2021, 3:53:17 AM11/26/21
to Joppe Oostenrijk, SELKS
Hi,
You would need to edit the selks6 yaml config and put the IPS a
section there (either at the beginning or at the end ) -
https://github.com/StamusNetworks/SELKS/blob/master/docker/containers-data/suricata/etc/selks6-addin.yaml
What does your setup look like?
Thank you
> --
> IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/theblog/
> Twitter: @StamusN
> g+: Stamus Networks
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/a11c1120-6327-42fb-b2ff-6c3a6613443bn%40googlegroups.com.
--
Regards,
Peter Manev
You would need to edit the selks6 yaml config and put the IPS a
section there (either at the beginning or at the end ) -
https://github.com/StamusNetworks/SELKS/blob/master/docker/containers-data/suricata/etc/selks6-addin.yaml
What does your setup look like?
Thank you
> IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/theblog/
> Twitter: @StamusN
> g+: Stamus Networks
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/a11c1120-6327-42fb-b2ff-6c3a6613443bn%40googlegroups.com.
--
Regards,
Peter Manev
Joppe Oostenrijk
Nov 29, 2021, 5:19:07 AM11/29/21
to SELKS
Hi Peter,
the setup will be an ETH0/ETH1 in/out config. --> Traffic passing from eth1 to eth0 and vice versa. this traffic should get blocked if the rule says so.
Op vrijdag 26 november 2021 om 09:53:17 UTC+1 schreef pevma:
Peter Manev
Nov 29, 2021, 9:25:00 AM11/29/21
to Joppe Oostenrijk, SELKS
Hi,
Ok - so the yaml additions should be done as in
https://github.com/StamusNetworks/SELKS/wiki/Initial-Setup---Suricata-IPS
but in docker you would need to edit this file
https://github.com/StamusNetworks/SELKS/blob/master/docker/containers-data/suricata/etc/selks6-addin.yaml
Thank you
On Mon, Nov 29, 2021 at 11:19 AM Joppe Oostenrijk
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/7f4bf110-b6b6-4eed-955a-5f6aa768036bn%40googlegroups.com.
--
Regards,
Peter Manev
Ok - so the yaml additions should be done as in
https://github.com/StamusNetworks/SELKS/wiki/Initial-Setup---Suricata-IPS
but in docker you would need to edit this file
https://github.com/StamusNetworks/SELKS/blob/master/docker/containers-data/suricata/etc/selks6-addin.yaml
Thank you
On Mon, Nov 29, 2021 at 11:19 AM Joppe Oostenrijk
--
Regards,
Peter Manev
Reply all
Reply to author
Forward
0 new messages