nuy

Suricata SURICATA IDS/IPS is an open source IDS that monitors communications on the network and detects suspicious traffic. Its basic mechanism is signature-based, so it can detect predefined unauthorized communications. Suricata is also characterized by its ability to provide protection as well as detection. 1.Suricata Install ①Install required packages Snort3 1.Install required packages # apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y 2. Install DAQ library

Apache2 Install Allow http:80 port and https:443 port in UFW first. 3 Apache2 : Using Perl Scripts Enable CGI to make Perl scripts available ①Perl Install 4 Apache2 : Using PHP Scripts ①PHP Install 5 Apache2 : Virtual Host Settings ①Copy the default configuration file (file name is arbitrary, in this case vhost-yourdomain.conf as an example) and configure the virtual host 6. Digest authentication with Apache2 Since Basic Authentication, a well-known authentication authentication method for http, transmits authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted. On the other hand, Digest Authentication encrypts the authentication information and sends it in encrypted form, so there is almost no risk of information leakage.

1.Obtain a certificate (Let's Encrypt) 1.1 advance preparation 1.Enable mod_ssl 2.Package management system Snappy installed Let's Encrypt's SSL certificate issuing tool "certbot" is recommended to be installed using "snap" after 2021, so install Snapd first. (It can also be installed using the conventional method with dnf or yum) 1.3 Obtain a Let's Encrypt Certificate It is assumed that a web server such as Apache httpd or Nginx is running. If the web server is not running on the server where the work is to be performed, follow the procedure below under "Obtaining a Let's Encrypt certificate when the web server is not running". It is also assumed that the server on which the work is to be performed (the server with the FQDN of the server from which you want to obtain the certificate) is accessible from the Internet at port 80. 2. SSL/TLS (Let's Encrypt) configuration for Apache2 ①Edit Apache2 SSL-related configuration files 3. SSL/TLS (Let's Encrypt) settings on the mail server 3.1 Obtaining a certificate for the mail server Obtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.