How to Secure Your Ubuntu VPS with Suricata IDS/IPS

Suricata IDS/IPS is a powerful tool to keep cyber threats at bay on your Ubuntu server.

Why Choose Suricata for Your Ubuntu Server?

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are essential for safeguarding your network against cyber threats. Suricata, a popular open-source choice, excels in monitoring and protecting network traffic across various operating systems, including Windows and Linux. This article will guide you through installing Suricata on an Ubuntu server to enhance your network security.

Prerequisites

While Suricata doesn’t specify minimum hardware requirements, a VPS with at least 2 CPU cores and 4 GB of RAM is recommended for optimal performance. Consider starting with a Hostinger VPS hosting plan, which offers the necessary resources and affordability.

Ensure your VPS is running Ubuntu 22.04 or later. Using Hostinger‘s hPanel, you can easily switch operating systems if needed. Additionally, full server access is crucial, so choose a hosting provider like Hostinger that offers this feature. Their services also include an AI Assistant, Kodee, for simplified VPS management and a browser terminal for easy remote access.

Installing Suricata on Ubuntu

Follow these steps to install Suricata on your Ubuntu server:

1. Update Ubuntu Packages

Before installation, update your APT repository to ensure all packages are current:

sudo apt update && sudo apt upgrade

This ensures security patches and compatibility with the latest software versions.

2. Install Suricata

There are multiple ways to install Suricata. Here are the three most common:

• Using APT: Install Suricata from the local repository:

sudo apt install -y suricata

Verify the installation by checking the version:

suricata -V

• Using Binary Packages: Import the OISF repository for the latest stable release:

sudo apt install software-properties-common

sudo add-apt-repository ppa:oisf/suricata-stable

sudo apt install suricata

• Using Source Distribution: For custom configurations, install Suricata from source files:

tar xzvf suricata-6.0.0.tar.gz

cd suricata-6.0.0

./configure && make && make install

3. Configure Suricata

Suricata uses a YAML configuration file located at /etc/suricata/suricata.yaml. Edit it using a text editor like Nano to adjust settings such as interfaces, logging, and detection rules:

sudo nano /etc/suricata/suricata.yaml

Ensure modifications align with your network’s requirements.

4. Enable Network Interfaces

Specify which network interface Suricata should monitor. For example, using the AF_PACKET method on the venet0 interface:

af-packet:
  - interface: venet0

Use the following command to identify available interfaces:

ip -p -j route show

5. Start Suricata

Start the Suricata service to run in the background:

sudo systemctl start suricata

Check its status to ensure it’s running correctly:

sudo systemctl status suricata

6. Automate Suricata Startup

Create a systemd service file to automate Suricata startup:

sudo nano /etc/systemd/system/suricata.service

[Unit]
Description=Suricata IDS/IPS
After=network.target

[Service]
ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i venet0

[Install]
WantedBy=default.target

Enable the service:

sudo systemctl enable suricata

7. Test Suricata Functionality

Test Suricata’s configuration with:

sudo suricata -T -c /etc/suricata/suricata.yaml -v

Check for warnings or errors in the YAML file and verify rule detection using curl to trigger alerts.

8. Update Suricata Rules

Keep Suricata’s rules up to date by listing available sources and enabling new ones as needed:

sudo suricata-update list-sources

Enable a source:

sudo suricata-update enable-source sslbl/ja3-fingerprints

Regular updates ensure your server is protected against the latest threats.

Conclusion

Suricata is an invaluable tool for enhancing the security of your Ubuntu server, providing robust IDS and IPS capabilities. By following the outlined steps, you can effectively install and configure Suricata to monitor and protect your network. If you’re looking for a reliable hosting provider, consider Hostinger for its excellent resources and features.

We hope this guide helps you set up Suricata on your Ubuntu VPS. For questions or assistance, feel free to leave a comment below.

Starter Pack

Get started with Suricata on your Ubuntu server today!

sudo apt update && sudo apt upgrade
sudo apt install -y suricata
sudo nano /etc/suricata/suricata.yaml
sudo systemctl start suricata
sudo systemctl enable suricata

By following these steps, you’ll be on your way to a more secure server environment.

👉 Start your website with Hostinger – get fast, secure hosting here 👈

🔗 Read more from MinimaDesk:

• How to Disable xmlrpc.php in WordPress: A Step-by-Step Guide
• The Ultimate Guide to WP-Content: Access, Upload, and Hide Your WordPress Directory
• How Many WordPress Plugins Are Too Many? Optimize Your Site for Success
• Mastering WordPress: Solving Broken Permalinks Effortlessly

🎁 Download free premium WordPress tools from our Starter Tools page.