Click here for "Error Codes for Commercial Air Conditioners".

Debian12 ;  Suricata , Logwatch , Chkrootkit , Disk Usage Check Script

 Suricata

SURICATA IDS/IPS is an open source IDS that monitors communications on the network and detects suspicious traffic.
The basic mechanism is signature-based, so it can detect predefined unauthorized communications. Suricata is also characterized by its ability to provide protection as well as detection.

1.Suricata Installation and Configuration

①Suricata Install

Check Version

Register and activate the service

②Determine interface and IP address where Suricata will inspect network packets

③Edit configuration file

④Suricata rules update

⑤Suricata startup confirmation

Check Log

Check the stats.log file for statistics (updated every 8 seconds by default)

A more advanced output, EVE JSON, can be generated with the following command

2.Suricata Testing

①Run ping test with curl utility

②Check the alert log to see if it has been logged

3.Setting Suricata Rules

①Display of rule sets packaged in Suricata

②Index list of sources providing rule sets

③Enable source (if et/open is enabled)

Perform update

Suricata service restart

4.Creating Suricata Custom Rules

①Create files containing customer rules

②Edit configuration file (define new rule paths)

 ③Testing the configuration file

Suricat service restart

④Testing the application of Custom Rules
Ping another device on the same local network to see if it was logged

To get logs in JSON format, install jq on your system

Execute the following command to ping another device on the same local network

Logwatch

①Install

②Copy the default configuration file

Change email address, etc.

Creating Directories

⑤Confirmation of Operation
When logwatch is installed, cron is registered by default, so report mail is delivered every day.
Test if the report is delivered to the address you set.

Chkrootkit

①Install chkrootkit

➁Check chkrootkit

④Create chkrootkit periodic execution script and change permissions

Automatically creates /etc/cron.daily/chkrtootkit based on /usr/sbin/chkrootkit-daily and runs it automatically every day, so no script creation is required

Disk Usage Check Script

1. Scripting

Contents of disk_capacity_check.sh
Configured to notify when disk usage exceeds 80%.

2. Execution check

Check current usage

It appears as follows

②Create a dummy file (in the example, it is called "dummyfile" and is about 14G) so that the utilization is 80% or more.

Check again

Run it and make sure it is above 80%.

④Run disk space check script

You will receive an e-mail to the e-mail address you have set up with the body of the message as "Disk usage alert : 93%".

⑤Delete the "dummyfile" you created.

⑥Periodic Execution Setting

タイトルとURLをコピーしました