On 12/23/23 22:16, Timothy M Butterworth wrote:
On Sat, Dec 23, 2023 at 8:58 PM David Christensen wrote:
I believe Debian includes packages for various intrusion detection
systems. Does anyone have any comments or recommendations?
Debian has SNORT and Suricata. I use Suricata. It works well and does not
require paying the subscription for the SNORT oink account.
sudo apt install suricata suricata-update
You can configure Suricata via /etc/suricata/suricata.yaml. All that really
needs configured for a basic IDS/IPS is to change the interfaces from Eth0
to the actual interface. After that you can enable and start Suricata via
SystemD.
Thank you. :-)
David
