In this tutorial, we will show you how to install Suricata on Fedora 39. Suricata is a high-performance, open-source network analysis and threat detection software. It can function as both an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS). As an IDS, Suricata detects and alerts about potential threats. As an IPS, it goes a step further by actively blocking suspicious network traffic.
Suricata’s capabilities include logging HTTP requests, storing TLS certificates, extracting files from flows, and storing them to disk. It also supports full pcap capture for easy analysis. Suricata uses a complete signature language to match known threats, policy violations, and malicious behavior, making it a powerful engine for your Network Security Monitoring (NSM) ecosystem.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Suricata network security monitoring on a Fedora 39.
Before diving into the installation process, let’s ensure that you have everything you need:
- A server running one of the following operating systems: Fedora 39.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- You will need access to the terminal to execute commands. Fedora 39 provides the Terminal application for this purpose. It can be found in your Applications menu.
- A basic understanding of Linux and CLI commands for smooth navigation through the process
- You’ll need an active internet connection to download Suricata and its dependencies.
- Sudo or root privileges to execute administrative commands.
Install Suricata on Fedora 39
Step 1. To ensure a smooth installation process, it is crucial to update your system packages to their latest versions. This step helps prevent potential conflicts and ensures that you have the most recent security updates. To update your system packages, execute the following command:
sudo dnf clean all sudo dnf update
Step 2. Installing Dependencies.
Some essential tools are required for the installation of Suricata. One such tool is the DNF plugins core, which provides core plugins for DNF, Fedora’s package manager. To install the DNF plugins core, run the following command:
sudo dnf install dnf-plugins-core
Step 3. Installing Suricata on Fedora 39.
Suricata has its own dedicated repository hosted by the Open Information Security Foundation (OISF). This repository contains the latest Suricata packages and updates. To enable the Suricata repository, execute the following command:
sudo dnf copr enable @oisf/suricata-7.0
With the Suricata repository enabled, you can now proceed to install Suricata on your Fedora 39 system. To do this, run the following command:
sudo dnf install suricata
After the installation is complete, it is essential to verify that Suricata has been installed correctly. To do this, execute the following command:
This command should return information about the Suricata build, indicating a successful installation.
Step 4. Configure Suricata.
Proper configuration of Suricata is crucial for optimal performance and security. The main configuration file for Suricata is located at
/etc/suricata/suricata.yaml. Open this file with a text editor of your choice, such as Vim or Nano, to make any necessary configurations. Some key configurations to consider include:
- Home Networks: Define the IP addresses of your home networks to help Suricata identify internal and external traffic.
- Logging: Configure the logging settings to control the verbosity and output format of Suricata’s logs.
- Rules: Specify the rule files and directories that Suricata should use for detecting network threats.
For a comprehensive list of configuration options, consult the official Suricata documentation.
Once you have configured Suricata to your liking, it is time to enable the Suricata service to start automatically on boot. To do this, execute the following command:
sudo systemctl enable suricata
Next, start the Suricata service by running the following command:
sudo systemctl start suricata
To ensure that Suricata is running correctly and efficiently, it is essential to check its service status. To do this, execute the following command:
sudo systemctl status suricata
Congratulations! You have successfully installed Suricata. Thanks for using this tutorial for installing the Suricata network security monitoring on your Fedora 39 system. For additional Apache or useful information, we recommend you check the official Suricata website.