Setting up an IPS with Fedora 17, Suricata and Vuurmuur

I recently found out that Fedora includes Vuurmuur in it’s repositories. Since Suricata is also included, I figured I would do a quick write up on how to setup a Fedora IPS. While writing it turned more into a real “howto”, so I decided to submit it to Howtoforge.

It can be found here one HowtoForge.

Vuurmuur on Fedora is at the 0.7 version, which is still the current stable. It’s rather old though, and it reminds me again I need to make sure the 0.8 branch gets to a stable release soon. The Suricata included in Fedora 17 is 1.2.1, with 1.3.2 expected to land any day now.

The guide sets the user up from base Fedora install to a working IPS, but doesn’t cover any advanced topics such as rule management, event management etc. Still, I hope it’s useful to some, especially those that are intimidated by Vuurmuur’s and Suricata’s initial learning curves.

Looking forward to feedback! 🙂

1 thought on “Setting up an IPS with Fedora 17, Suricata and Vuurmuur

  1. Hi,

    Thanks for the tutorial, it helped me a lot installing Suricata IPS on SL6! 🙂
    I can see packets going through the NFQUEUE fine and the facebook website test rule you provide works fine too.
    However, I’m a little unsure of where to go from here. I’ve installed Oinkmaster to automatically update the rules from EmeringThreats each day.
    Do I need to individually configure rules to ‘drop’ via Oinkmaster in order to get Suricata protecting the network?
    There is lots if data showing up in fast.log, http.log, but I get the impression these are just alerts and nothing is actually being dropped.
    In addition, if I enable drop logging, there are some packets being dropped, but it’s not clear what for 😦


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.