suricata install

[Maher Khalil]

Hello
Do I need to enable firewall before install suricata? do firewall required for suricata to function?

 

[Dunuin]

Wouldn't it be better to use something in a VM that actually officially supports suricata and got it already tightly integrated like SecurityOnion or OPNsense?

 

[Maher Khalil]

I cannot force my customer to install anything inside the VM machine. at the same time I need to prevent / block hackers

 

[Dunuin]

Your customer doesn't have to install anything inside a VM. I thought more of a single VM as part of the server infrastructure that you put as a gateway/firewall between the internet and all of the clients VMs.

 

[Maher Khalil]

Understood now
Do you know any guide or youtube video then I can learn from it

 

[Maher Khalil]

I see open sense is intrusion detection only while suricata is intrusion prevention am I right?

 

[Dunuin]

Just google for "OPNsense Proxmox tutorial" or "security onion" and you will find alot of tutorials like for example this one:
https://getlabsdone.com/how-to-install-opnsense-firewall-in-proxmox-step-by-step/

And you can configure suricata using the OPNsense webUI. There is also a checkbox to switch between intrusion detection and intrusion prevention mode. Suricata IDS as part of OPNsense is working fine here in a VM with 4GB RAM.

 

[Maher Khalil]

Got it
Thank you very much