Suricata is IDS / Alerting solution in RockNSM.
Intrusion Detection Systems (IDS) are a great way to quickly alert on known bad. Alerts are triggered when a packet matches a defined pattern or signature.
The Suricata service is configured and enabled on startup.
The newest versions of Suricata come with the
suricata-update command to
manange and update rulesets. The official documentation is found
Checkout a full writeup from one of RockNSM's authors about managing Suricata.
For more detailed information on the
suricata-update command, you can also check out a detailed blog post over at Perched.
Suricata is deployed as a systemd unit, called suricata. Normal systemd procedures apply here:
sudo systemctl start suricata sudo systemctl status suricata sudo systemctl stop suricata sudo systemctl restart suricata
It can also be managed using the
/etc/suricata/ - configuration path