Scribd
Upload
66 views30 pages

MobaXterm 192.168.195.131 20240419 222757

aa

Uploaded by

ishygo99
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
66 views30 pages

MobaXterm 192.168.195.131 20240419 222757

aa

Uploaded by

ishygo99
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 30

login as: root

┌──────────────────────────────────────────────────────────────────────┐
│ • MobaXterm Professional Edition v24.0 •

│ (SSH client, X server and network tools)



│ ⮞ SSH session to [email protected]

│ • Direct SSH : ✓

│ • SSH compression : ✓

│ • SSH-browser : ✓

│ • X11-forwarding : ✓ (remote display is forwarded through
SSH) │


│ ⮞ For more info, ctrl+click on help or visit our website.

└──────────────────────────────────────────────────────────────────────┘

Linux nico 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent


permitted by applicable law.
Last login: Wed Apr 3 16:02:42 2024 from 192.168.195.1
root@nico:~# iptables
iptables v1.8.9 (nf_tables): no command specified
Try `iptables -h' or 'iptables --help' for more information.
root@nico:~# ipconfig
-bash: ipconfig : commande introuvable
root@nico:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface


auto lo
iface lo inet loopback

# vmnet 3

auto ens37
iface ens37 inet static
address 192.168.20.1
netmask 255.255.255.0
# vmnet 2

auto ens38
iface ens38 inet static
address 192.168.10.1
netmask 255.255.255.0

root@nico:~# nano /etc/sysctl.conf


root@nico:~# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1
root@nico:~# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1
root@nico:~# iptables -t nat -A POSTROUTING -o ens37 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ens38 -j MASQUERADE
root@nico:~# ping google.fr
PING google.fr (142.250.74.227) 56(84) bytes of data.
64 bytes from par10s40-in-f3.1e100.net (142.250.74.227): icmp_seq=1 ttl=128 time
=9.79 ms
64 bytes from par10s40-in-f3.1e100.net (142.250.74.227): icmp_seq=2 ttl=128 time
=10.4 ms
^C
--- google.fr ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 9.789/10.105/10.422/0.316 ms
root@nico:~# ifconfig
-bash: ifconfig : commande introuvable
root@nico:~# ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp |
link | macsec | maddress | monitor | mptcp |
mroute | mrule |
neighbor | neighbour | netconf | netns |
nexthop | ntable |
ntbl | route | rule | sr | tap | tcpmetrics |
token | tunnel | tuntap | vrf | xfrm }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec | -j[son] | -
p[retty] |
-f[amily] { inet | inet6 | mpls | bridge |
link } |
-4 | -6 | -M | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -
br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -
b[atch] [filename]
|
-rc[vbuf] [size] | -n[etns] name | -N[umeric]
| -a[ll] |
-c[olor]}
root@nico:~# ip -d
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp |
link | macsec | maddress | monitor | mptcp |
mroute | mrule |
neighbor | neighbour | netconf | netns |
nexthop | ntable |
ntbl | route | rule | sr | tap | tcpmetrics |
token | tunnel | tuntap | vrf | xfrm }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec | -j[son] | -
p[retty] |
-f[amily] { inet | inet6 | mpls | bridge |
link } |
-4 | -6 | -M | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -
br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -
b[atch] [filename]
|
-rc[vbuf] [size] | -n[etns] name | -N[umeric]
| -a[ll] |
-c[olor]}
root@nico:~# ipconfig
-bash: ipconfig : commande introuvable
root@nico:~# apt-get ifconfig
E: L'opération ifconfig n'est pas valable
root@nico:~# apt-get install ifconfig
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances... Fait
Lecture des informations d'état... Fait
E: Impossible de trouver le paquet ifconfig
root@nico:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul
t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:e2 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.195.131/24 brd 192.168.195.255 scope global dynamic noprefixrou
te ens33
valid_lft 1186sec preferred_lft 1186sec
inet6 fe80::20c:29ff:fee2:a8e2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:ec brd ff:ff:ff:ff:ff:ff
altname enp2s5
inet 192.168.20.1/24 brd 192.168.20.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:a8ec/64 scope link
valid_lft forever preferred_lft forever
4: ens38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:f6 brd ff:ff:ff:ff:ff:ff
altname enp2s6
inet 192.168.10.1/24 brd 192.168.10.255 scope global ens38
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:a8f6/64 scope link
valid_lft forever preferred_lft forever
root@nico:~# ping 192.168.20.2
PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.20.2 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3069ms
pipe 4
root@nico:~# ping 192.168.20.128
PING 192.168.20.128 (192.168.20.128) 56(84) bytes of data.
^C
--- 192.168.20.128 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4073ms

root@nico:~# iptables -t nat -A POSTROUTING -o ens38 -j MASQUERADE


root@nico:~# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)


target prot opt source destination

Chain OUTPUT (policy ACCEPT)


target prot opt source destination
root@nico:~# iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
root@nico:~# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)


target prot opt source destination

Chain OUTPUT (policy ACCEPT)


target prot opt source destination
root@nico:~# ping 172.168.20.128
PING 172.168.20.128 (172.168.20.128) 56(84) bytes of data.
^C
--- 172.168.20.128 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3056ms

root@nico:~# nano /etc/iptables/rules.v4


root@nico:~# sudo iptables -A INPUT -j ACCEPT
root@nico:~# sudo iptables -A OUTPUT -j ACCEPT
root@nico:~# ping 172.168.20.128
PING 172.168.20.128 (172.168.20.128) 56(84) bytes of data.
^C
--- 172.168.20.128 ping statistics ---
45 packets transmitted, 0 received, 100% packet loss, time 45042ms

root@nico:~# ping 172.168.10.128


PING 172.168.10.128 (172.168.10.128) 56(84) bytes of data.
^C
--- 172.168.10.128 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1004ms

root@nico:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul
t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:e2 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.195.131/24 brd 192.168.195.255 scope global dynamic noprefixrou
te ens33
valid_lft 1324sec preferred_lft 1324sec
inet6 fe80::20c:29ff:fee2:a8e2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:ec brd ff:ff:ff:ff:ff:ff
altname enp2s5
inet 192.168.20.1/24 brd 192.168.20.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:a8ec/64 scope link
valid_lft forever preferred_lft forever
4: ens38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:f6 brd ff:ff:ff:ff:ff:ff
altname enp2s6
inet 192.168.10.1/24 brd 192.168.10.255 scope global ens38
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:a8f6/64 scope link
valid_lft forever preferred_lft forever
root@nico:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface


auto lo
iface lo inet loopback

# vmnet 3

auto ens37
iface ens37 inet static
address 192.168.20.1
netmask 255.255.255.0

# vmnet 2

auto ens38
iface ens38 inet static
address 192.168.10.1
netmask 255.255.255.0

root@nico:~# nano /etc/network/interfaces


root@nico:~# restart /etc/network/interfaces
-bash: restart : commande introuvable
root@nico:~# /etc/init.d/networking restart
Restarting networking (via systemctl): networking.service.
root@nico:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul
t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:e2 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.195.131/24 brd 192.168.195.255 scope global dynamic noprefixrou
te ens33
valid_lft 1214sec preferred_lft 1214sec
inet6 fe80::20c:29ff:fee2:a8e2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:ec brd ff:ff:ff:ff:ff:ff
altname enp2s5
inet 192.168.20.10/24 brd 192.168.20.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:a8ec/64 scope link
valid_lft forever preferred_lft forever
4: ens38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:f6 brd ff:ff:ff:ff:ff:ff
altname enp2s6
inet 192.168.10.10/24 brd 192.168.10.255 scope global ens38
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:a8f6/64 scope link
valid_lft forever preferred_lft forever
root@nico:~# ^ping 192.168.10.128
-bash: :s^ping 192.168.10.128: substitution failed
root@nico:~# ping 192.168.10.128
PING 192.168.10.128 (192.168.10.128) 56(84) bytes of data.
64 bytes from 192.168.10.128: icmp_seq=1 ttl=64 time=0.344 ms
64 bytes from 192.168.10.128: icmp_seq=2 ttl=64 time=0.206 ms
64 bytes from 192.168.10.128: icmp_seq=3 ttl=64 time=0.218 ms
^C
--- 192.168.10.128 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2055ms
rtt min/avg/max/mdev = 0.206/0.256/0.344/0.062 ms
root@nico:~# ping 192.168.20.128
PING 192.168.20.128 (192.168.20.128) 56(84) bytes of data.
64 bytes from 192.168.20.128: icmp_seq=1 ttl=64 time=0.252 ms
64 bytes from 192.168.20.128: icmp_seq=2 ttl=64 time=0.164 ms
^C
--- 192.168.20.128 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1017ms
rtt min/avg/max/mdev = 0.164/0.208/0.252/0.044 ms
root@nico:~# ping 192.168.10.128
PING 192.168.10.128 (192.168.10.128) 56(84) bytes of data.
64 bytes from 192.168.10.128: icmp_seq=1 ttl=64 time=0.259 ms
64 bytes from 192.168.10.128: icmp_seq=2 ttl=64 time=0.192 ms
^C
--- 192.168.10.128 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1024ms
rtt min/avg/max/mdev = 0.192/0.225/0.259/0.033 ms
root@nico:~# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)


target prot opt source destination

Chain OUTPUT (policy ACCEPT)


target prot opt source destination
ACCEPT all -- anywhere anywhere
root@nico:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul
t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:e2 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.195.131/24 brd 192.168.195.255 scope global dynamic noprefixrou
te ens33
valid_lft 1347sec preferred_lft 1347sec
inet6 fe80::20c:29ff:fee2:a8e2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:ec brd ff:ff:ff:ff:ff:ff
altname enp2s5
inet 192.168.20.10/24 brd 192.168.20.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:a8ec/64 scope link
valid_lft forever preferred_lft forever
4: ens38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP gro
up default qlen 1000
link/ether 00:0c:29:e2:a8:f6 brd ff:ff:ff:ff:ff:ff
altname enp2s6
inet 192.168.10.10/24 brd 192.168.10.255 scope global ens38
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:a8f6/64 scope link
valid_lft forever preferred_lft forever
root@nico:~# nano /etc/network/interfaces
root@nico:~# /etc/init.d/networking restart
Restarting networking (via systemctl): networking.serviceJob for networking.service
failed because the control process exited with error
See "systemctl status networking.service" and "journalctl -xeu networking.service"
for details.
failed!
root@nico:~# nano /etc/network/interfaces
root@nico:~# ping 192.168.20.128
PING 192.168.20.128 (192.168.20.128) 56(84) bytes of data.
64 bytes from 192.168.20.128: icmp_seq=1 ttl=64 time=0.145 ms
64 bytes from 192.168.20.128: icmp_seq=2 ttl=64 time=0.152 ms
64 bytes from 192.168.20.128: icmp_seq=3 ttl=64 time=0.153 ms
64 bytes from 192.168.20.128: icmp_seq=4 ttl=64 time=0.146 ms
64 bytes from 192.168.20.128: icmp_seq=5 ttl=64 time=0.143 ms
^C
--- 192.168.20.128 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4088ms
rtt min/avg/max/mdev = 0.143/0.147/0.153/0.004 ms
root@nico:~# ping 192.168.20.128
PING 192.168.20.128 (192.168.20.128) 56(84) bytes of data.
64 bytes from 192.168.20.128: icmp_seq=1 ttl=64 time=0.119 ms
64 bytes from 192.168.20.128: icmp_seq=2 ttl=64 time=0.155 ms
64 bytes from 192.168.20.128: icmp_seq=3 ttl=64 time=0.144 ms
64 bytes from 192.168.20.128: icmp_seq=4 ttl=64 time=0.156 ms
64 bytes from 192.168.20.128: icmp_seq=5 ttl=64 time=0.181 ms
64 bytes from 192.168.20.128: icmp_seq=6 ttl=64 time=0.133 ms
64 bytes from 192.168.20.128: icmp_seq=7 ttl=64 time=0.160 ms
64 bytes from 192.168.20.128: icmp_seq=8 ttl=64 time=0.150 ms
64 bytes from 192.168.20.128: icmp_seq=9 ttl=64 time=0.140 ms
^C
--- 192.168.20.128 ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time 8197ms
rtt min/avg/max/mdev = 0.119/0.148/0.181/0.016 ms
root@nico:~# ping 192.168.20.128
PING 192.168.20.128 (192.168.20.128) 56(84) bytes of data.
64 bytes from 192.168.20.128: icmp_seq=1 ttl=64 time=0.236 ms
64 bytes from 192.168.20.128: icmp_seq=2 ttl=64 time=0.148 ms
^C
--- 192.168.20.128 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1024ms
rtt min/avg/max/mdev = 0.148/0.192/0.236/0.044 ms
root@nico:~# ping 192.168.10.128
PING 192.168.10.128 (192.168.10.128) 56(84) bytes of data.
From 192.168.10.10 icmp_seq=1 Destination Host Unreachable
From 192.168.10.10 icmp_seq=2 Destination Host Unreachable
From 192.168.10.10 icmp_seq=3 Destination Host Unreachable
From 192.168.10.10 icmp_seq=4 Destination Host Unreachable
From 192.168.10.10 icmp_seq=5 Destination Host Unreachable
From 192.168.10.10 icmp_seq=6 Destination Host Unreachable
^C
--- 192.168.10.128 ping statistics ---
8 packets transmitted, 0 received, +6 errors, 100% packet loss, time 7157ms
pipe 4
root@nico:~# apt install wget curl nano ufw software-properties-common dirmngr a
pt-transport-https gnupg2 ca-certificates lsb-release debian-archive-keyring unz
ip -y
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances... Fait
Lecture des informations d'état... Fait
wget est déjà la version la plus récente (1.21.3-1+b2).
nano est déjà la version la plus récente (7.2-1).
software-properties-common est déjà la version la plus récente (0.99.30-4).
software-properties-common passé en « installé manuellement ».
dirmngr est déjà la version la plus récente (2.2.40-1.1).
dirmngr passé en « installé manuellement ».
ca-certificates est déjà la version la plus récente (20230311).
lsb-release est déjà la version la plus récente (12.0-1).
lsb-release passé en « installé manuellement ».
debian-archive-keyring est déjà la version la plus récente (2023.3+deb12u1).
unzip est déjà la version la plus récente (6.0-28).
unzip passé en « installé manuellement ».
Paquets suggérés :
rsyslog
Les paquets suivants seront ENLEVÉS :
iptables-persistent netfilter-persistent
Les NOUVEAUX paquets suivants seront installés :
apt-transport-https curl gnupg2 ufw
0 mis à jour, 4 nouvellement installés, 2 à enlever et 22 non mis à jour.
Il est nécessaire de prendre 954 ko dans les archives.
Après cette opération, 1 788 ko d'espace disque supplémentaires seront utilisés.
Réception de :1 http://deb.debian.org/debian bookworm/main amd64 apt-transport-h
ttps all 2.6.1 [25,2 kB]
Réception de :2 http://deb.debian.org/debian bookworm/main amd64 curl amd64 7.88
.1-10+deb12u5 [315 kB]
Réception de :3 http://deb.debian.org/debian bookworm/main amd64 gnupg2 all 2.2.
40-1.1 [445 kB]
Réception de :4 http://deb.debian.org/debian bookworm/main amd64 ufw all 0.36.2-
1 [168 kB]
954 ko réceptionnés en 0s (3 784 ko/s)
Préconfiguration des paquets...
(Lecture de la base de données... 150198 fichiers et répertoires déjà installés.
)
Suppression de iptables-persistent (1.0.20) ...
Suppression de netfilter-persistent (1.0.20) ...
Sélection du paquet apt-transport-https précédemment désélectionné.
(Lecture de la base de données... 150179 fichiers et répertoires déjà installés.
)
Préparation du dépaquetage de .../apt-transport-https_2.6.1_all.deb ...
Dépaquetage de apt-transport-https (2.6.1) ...
Sélection du paquet curl précédemment désélectionné.
Préparation du dépaquetage de .../curl_7.88.1-10+deb12u5_amd64.deb ...
Dépaquetage de curl (7.88.1-10+deb12u5) ...
Sélection du paquet gnupg2 précédemment désélectionné.
Préparation du dépaquetage de .../gnupg2_2.2.40-1.1_all.deb ...
Dépaquetage de gnupg2 (2.2.40-1.1) ...
Sélection du paquet ufw précédemment désélectionné.
Préparation du dépaquetage de .../archives/ufw_0.36.2-1_all.deb ...
Dépaquetage de ufw (0.36.2-1) ...
Paramétrage de gnupg2 (2.2.40-1.1) ...
Paramétrage de apt-transport-https (2.6.1) ...
Paramétrage de ufw (0.36.2-1) ...

Creating config file /etc/ufw/before.rules with new version

Creating config file /etc/ufw/before6.rules with new version

Creating config file /etc/ufw/after.rules with new version

Creating config file /etc/ufw/after6.rules with new version


Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service → /lib/s
ystemd/system/ufw.service.
Paramétrage de curl (7.88.1-10+deb12u5) ...
Traitement des actions différées (« triggers ») pour man-db (2.11.2-2) ...
root@nico:~# ping 192.168.20.128
PING 192.168.20.128 (192.168.20.128) 56(84) bytes of data.
64 bytes from 192.168.20.128: icmp_seq=1 ttl=64 time=0.165 ms
64 bytes from 192.168.20.128: icmp_seq=2 ttl=64 time=0.146 ms
^C
--- 192.168.20.128 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1017ms
rtt min/avg/max/mdev = 0.146/0.155/0.165/0.009 ms
root@nico:~# apt install suricata
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances... Fait
Lecture des informations d'état... Fait
Les paquets supplémentaires suivants seront installés :
libevent-core-2.1-7 libevent-pthreads-2.1-7 libhiredis0.14 libhtp2
libhyperscan5 libluajit-5.1-2 libluajit-5.1-common libnet1 libnetfilter-log1
libnetfilter-queue1 libpcre3 python3-yaml suricata-update
Paquets suggérés :
libtcmalloc-minimal4
Paquets recommandés :
snort-rules-default
Les NOUVEAUX paquets suivants seront installés :
libevent-core-2.1-7 libevent-pthreads-2.1-7 libhiredis0.14 libhtp2
libhyperscan5 libluajit-5.1-2 libluajit-5.1-common libnet1 libnetfilter-log1
libnetfilter-queue1 libpcre3 python3-yaml suricata suricata-update
0 mis à jour, 14 nouvellement installés, 0 à enlever et 22 non mis à jour.
Il est nécessaire de prendre 5 661 ko dans les archives.
Après cette opération, 26,3 Mo d'espace disque supplémentaires seront utilisés.
Souhaitez-vous continuer ? [O/n] o
Réception de :1 http://deb.debian.org/debian bookworm/main amd64 libhyperscan5 a
md64 5.4.0-2 [2 489 kB]
Réception de :2 http://deb.debian.org/debian bookworm/main amd64 libevent-core-2
.1-7 amd64 2.1.12-stable-8 [131 kB]
Réception de :3 http://deb.debian.org/debian bookworm/main amd64 libevent-pthrea
ds-2.1-7 amd64 2.1.12-stable-8 [53,6 kB]
Réception de :4 http://deb.debian.org/debian bookworm/main amd64 libhiredis0.14
amd64 0.14.1-3 [35,9 kB]
Réception de :5 http://deb.debian.org/debian bookworm/main amd64 libhtp2 amd64 1
:0.5.42-1 [70,4 kB]
Réception de :6 http://deb.debian.org/debian bookworm/main amd64 libluajit-5.1-c
ommon all 2.1.0~beta3+git20220320+dfsg-4.1 [49,8 kB]
Réception de :7 http://deb.debian.org/debian bookworm/main amd64 libluajit-5.1-2
amd64 2.1.0~beta3+git20220320+dfsg-4.1 [258 kB]
Réception de :8 http://deb.debian.org/debian bookworm/main amd64 libnet1 amd64 1
.1.6+dfsg-3.2 [60,3 kB]
Réception de :9 http://deb.debian.org/debian bookworm/main amd64 libnetfilter-lo
g1 amd64 1.0.2-3 [13,4 kB]
Réception de :10 http://deb.debian.org/debian bookworm/main amd64 libnetfilter-q
ueue1 amd64 1.0.5-3 [14,7 kB]
Réception de :11 http://deb.debian.org/debian bookworm/main amd64 libpcre3 amd64
2:8.39-15 [341 kB]
Réception de :12 http://deb.debian.org/debian bookworm/main amd64 suricata amd64
1:6.0.10-1 [1 963 kB]
Réception de :13 http://deb.debian.org/debian bookworm/main amd64 python3-yaml a
md64 6.0-3+b2 [119 kB]
Réception de :14 http://deb.debian.org/debian bookworm/main amd64 suricata-updat
e amd64 1.2.7-1 [61,4 kB]
5 661 ko réceptionnés en 0s (19,8 Mo/s)
Préconfiguration des paquets...
Sélection du paquet libhyperscan5 précédemment désélectionné.
(Lecture de la base de données... 150307 fichiers et répertoires déjà installés.
)
Préparation du dépaquetage de .../00-libhyperscan5_5.4.0-2_amd64.deb ...
Dépaquetage de libhyperscan5 (5.4.0-2) ...
Sélection du paquet libevent-core-2.1-7:amd64 précédemment désélectionné.
Préparation du dépaquetage de .../01-libevent-core-2.1-7_2.1.12-stable-8_amd64.d
eb ...
Dépaquetage de libevent-core-2.1-7:amd64 (2.1.12-stable-8) ...
Sélection du paquet libevent-pthreads-2.1-7:amd64 précédemment désélectionné.
Préparation du dépaquetage de .../02-libevent-pthreads-2.1-7_2.1.12-stable-8_amd
64.deb ...
Dépaquetage de libevent-pthreads-2.1-7:amd64 (2.1.12-stable-8) ...
Sélection du paquet libhiredis0.14:amd64 précédemment désélectionné.
Préparation du dépaquetage de .../03-libhiredis0.14_0.14.1-3_amd64.deb ...
Dépaquetage de libhiredis0.14:amd64 (0.14.1-3) ...
Sélection du paquet libhtp2 précédemment désélectionné.
Préparation du dépaquetage de .../04-libhtp2_1%3a0.5.42-1_amd64.deb ...
Dépaquetage de libhtp2 (1:0.5.42-1) ...
Sélection du paquet libluajit-5.1-common précédemment désélectionné.
Préparation du dépaquetage de .../05-libluajit-5.1-common_2.1.0~beta3+git2022032
0+dfsg-4.1_all.deb ...
Dépaquetage de libluajit-5.1-common (2.1.0~beta3+git20220320+dfsg-4.1) ...
Sélection du paquet libluajit-5.1-2:amd64 précédemment désélectionné.
Préparation du dépaquetage de .../06-libluajit-5.1-2_2.1.0~beta3+git20220320+dfs
g-4.1_amd64.deb ...
Dépaquetage de libluajit-5.1-2:amd64 (2.1.0~beta3+git20220320+dfsg-4.1) ...
Sélection du paquet libnet1:amd64 précédemment désélectionné.
Préparation du dépaquetage de .../07-libnet1_1.1.6+dfsg-3.2_amd64.deb ...
Dépaquetage de libnet1:amd64 (1.1.6+dfsg-3.2) ...
Sélection du paquet libnetfilter-log1:amd64 précédemment désélectionné.
Préparation du dépaquetage de .../08-libnetfilter-log1_1.0.2-3_amd64.deb ...
Dépaquetage de libnetfilter-log1:amd64 (1.0.2-3) ...
Sélection du paquet libnetfilter-queue1:amd64 précédemment désélectionné.
Préparation du dépaquetage de .../09-libnetfilter-queue1_1.0.5-3_amd64.deb ...
Dépaquetage de libnetfilter-queue1:amd64 (1.0.5-3) ...
Sélection du paquet libpcre3:amd64 précédemment désélectionné.
Préparation du dépaquetage de .../10-libpcre3_2%3a8.39-15_amd64.deb ...
Dépaquetage de libpcre3:amd64 (2:8.39-15) ...
Sélection du paquet suricata précédemment désélectionné.
Préparation du dépaquetage de .../11-suricata_1%3a6.0.10-1_amd64.deb ...
Dépaquetage de suricata (1:6.0.10-1) ...
Sélection du paquet python3-yaml précédemment désélectionné.
Préparation du dépaquetage de .../12-python3-yaml_6.0-3+b2_amd64.deb ...
Dépaquetage de python3-yaml (6.0-3+b2) ...
Sélection du paquet suricata-update précédemment désélectionné.
Préparation du dépaquetage de .../13-suricata-update_1.2.7-1_amd64.deb ...
Dépaquetage de suricata-update (1.2.7-1) ...
Paramétrage de libnetfilter-log1:amd64 (1.0.2-3) ...
Paramétrage de libhtp2 (1:0.5.42-1) ...
Paramétrage de python3-yaml (6.0-3+b2) ...
Paramétrage de libnet1:amd64 (1.1.6+dfsg-3.2) ...
Paramétrage de libhyperscan5 (5.4.0-2) ...
Paramétrage de libpcre3:amd64 (2:8.39-15) ...
Paramétrage de libluajit-5.1-common (2.1.0~beta3+git20220320+dfsg-4.1) ...
Paramétrage de libevent-core-2.1-7:amd64 (2.1.12-stable-8) ...
Paramétrage de suricata-update (1.2.7-1) ...
Paramétrage de libnetfilter-queue1:amd64 (1.0.5-3) ...
Paramétrage de libevent-pthreads-2.1-7:amd64 (2.1.12-stable-8) ...
Paramétrage de libhiredis0.14:amd64 (0.14.1-3) ...
Paramétrage de libluajit-5.1-2:amd64 (2.1.0~beta3+git20220320+dfsg-4.1) ...
Paramétrage de suricata (1:6.0.10-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/suricata.service → /
lib/systemd/system/suricata.service.
Traitement des actions différées (« triggers ») pour man-db (2.11.2-2) ...
Traitement des actions différées (« triggers ») pour libc-bin (2.36-9+deb12u4) .
..
root@nico:~# systemctl stop suricata
root@nico:~# nano /etc/suricata/suricata.yaml
root@nico:~# nano /etc/suricata/suricata.yaml
root@nico:~# ip -p -j route show default
[ {
"dst": "default",
"gateway": "192.168.195.2",
"dev": "ens33",
"protocol": "dhcp",
"prefsrc": "192.168.195.131",
"metric": 100,
"flags": [ ]
} ]
root@nico:~# nano /etc/suricata/suricata.yaml
root@nico:~# nano /etc/suricata/suricata.yaml
root@nico:~# suricata-update -o /etc/suricata/rules
19/4/2024 -- 22:12:29 - <Info> -- Using data-directory /var/lib/suricata.
19/4/2024 -- 22:12:29 - <Info> -- Using Suricata configuration /etc/suricata/sur
icata.yaml
19/4/2024 -- 22:12:29 - <Info> -- Using /etc/suricata/rules for Suricata provide
d rules.
19/4/2024 -- 22:12:29 - <Info> -- Found Suricata version 6.0.10 at /usr/bin/suri
cata.
19/4/2024 -- 22:12:29 - <Info> -- Loading /etc/suricata/suricata.yaml
19/4/2024 -- 22:12:29 - <Info> -- Disabling rules for protocol http2
19/4/2024 -- 22:12:29 - <Info> -- Disabling rules for protocol modbus
19/4/2024 -- 22:12:29 - <Info> -- Disabling rules for protocol dnp3
19/4/2024 -- 22:12:29 - <Info> -- Disabling rules for protocol enip
19/4/2024 -- 22:12:29 - <Info> -- No sources configured, will use Emerging Threa
ts Open
19/4/2024 -- 22:12:29 - <Info> -- Fetching https://rules.emergingthreats.net/ope
n/suricata-6.0.10/emerging.rules.tar.gz.
100% - 4252267/4252267
19/4/2024 -- 22:12:31 - <Info> -- Done.
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/app-layer-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/decoder-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/dhcp-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/dnp3-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/dns-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/files.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/http-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/ipsec-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/kerberos-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/modbus-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/nfs-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/ntp-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/smb-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/smtp-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/stream-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/tls-events.rules
19/4/2024 -- 22:12:31 - <Info> -- Ignoring file rules/emerging-deleted.rules
19/4/2024 -- 22:12:32 - <Info> -- Loaded 48762 rules.
19/4/2024 -- 22:12:32 - <Info> -- Disabled 14 rules.
19/4/2024 -- 22:12:32 - <Info> -- Enabled 0 rules.
19/4/2024 -- 22:12:32 - <Info> -- Modified 0 rules.
19/4/2024 -- 22:12:32 - <Info> -- Dropped 0 rules.
19/4/2024 -- 22:12:32 - <Info> -- Enabled 135 rules for flowbit dependencies.
19/4/2024 -- 22:12:32 - <Info> -- Backing up current rules.
19/4/2024 -- 22:12:32 - <Info> -- Writing rules to /etc/suricata/rules/suricata.
rules: total: 48762; enabled: 37195; added: 48762; removed 0; modified: 0
19/4/2024 -- 22:12:32 - <Info> -- Writing /etc/suricata/rules/classification.con
fig
19/4/2024 -- 22:12:33 - <Info> -- Testing with suricata -T.
19/4/2024 -- 22:12:33 - <Error> -- [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)]
- failed to parse address "1972.168.10.0/24"
19/4/2024 -- 22:12:33 - <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)
] - failed to parse address var "HOME_NET" with value "[192.168.20.0/24,1972.168
.10.0/24]". Please check its syntax
19/4/2024 -- 22:12:33 - <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)
] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for
errors
19/4/2024 -- 22:12:33 - <Error> -- Suricata test failed, aborting.
19/4/2024 -- 22:12:33 - <Error> -- Restoring previous rules.
root@nico:~# nano /etc/suricata/suricata.yaml
root@nico:~# suricata-update -o /etc/suricata/rules
19/4/2024 -- 22:12:59 - <Info> -- Using data-directory /var/lib/suricata.
19/4/2024 -- 22:12:59 - <Info> -- Using Suricata configuration /etc/suricata/sur
icata.yaml
19/4/2024 -- 22:12:59 - <Info> -- Using /etc/suricata/rules for Suricata provide
d rules.
19/4/2024 -- 22:12:59 - <Info> -- Found Suricata version 6.0.10 at /usr/bin/suri
cata.
19/4/2024 -- 22:12:59 - <Info> -- Loading /etc/suricata/suricata.yaml
19/4/2024 -- 22:12:59 - <Info> -- Disabling rules for protocol http2
19/4/2024 -- 22:12:59 - <Info> -- Disabling rules for protocol modbus
19/4/2024 -- 22:12:59 - <Info> -- Disabling rules for protocol dnp3
19/4/2024 -- 22:12:59 - <Info> -- Disabling rules for protocol enip
19/4/2024 -- 22:12:59 - <Info> -- No sources configured, will use Emerging Threa
ts Open
19/4/2024 -- 22:12:59 - <Info> -- Last download less than 15 minutes ago. Not do
wnloading https://rules.emergingthreats.net/open/suricata-6.0.10/emerging.rules.
tar.gz.
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/app-layer-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/decoder-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/dhcp-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/dnp3-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/dns-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/files.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/http-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/ipsec-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/kerberos-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/modbus-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/nfs-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/ntp-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/smb-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/smtp-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/stream-events.rules
19/4/2024 -- 22:12:59 - <Info> -- Loading distribution rule file /etc/suricata/r
ules/tls-events.rules
19/4/2024 -- 22:13:00 - <Info> -- Ignoring file rules/emerging-deleted.rules
19/4/2024 -- 22:13:01 - <Info> -- Loaded 48762 rules.
19/4/2024 -- 22:13:01 - <Info> -- Disabled 14 rules.
19/4/2024 -- 22:13:01 - <Info> -- Enabled 0 rules.
19/4/2024 -- 22:13:01 - <Info> -- Modified 0 rules.
19/4/2024 -- 22:13:01 - <Info> -- Dropped 0 rules.
19/4/2024 -- 22:13:01 - <Info> -- Enabled 135 rules for flowbit dependencies.
19/4/2024 -- 22:13:01 - <Info> -- Backing up current rules.
19/4/2024 -- 22:13:03 - <Info> -- Writing rules to /etc/suricata/rules/suricata.
rules: total: 48762; enabled: 37195; added: 0; removed 0; modified: 0
19/4/2024 -- 22:13:03 - <Info> -- Writing /etc/suricata/rules/classification.con
fig
19/4/2024 -- 22:13:03 - <Info> -- No changes detected, exiting.
root@nico:~# suricata-update list-sources
19/4/2024 -- 22:13:34 - <Info> -- Using data-directory /var/lib/suricata.
19/4/2024 -- 22:13:34 - <Info> -- Using Suricata configuration /etc/suricata/sur
icata.yaml
19/4/2024 -- 22:13:34 - <Info> -- Using /etc/suricata/rules for Suricata provide
d rules.
19/4/2024 -- 22:13:34 - <Info> -- Found Suricata version 6.0.10 at /usr/bin/suri
cata.
19/4/2024 -- 22:13:34 - <Info> -- No source index found, running update-sources
19/4/2024 -- 22:13:34 - <Info> -- Downloading https://www.openinfosecfoundation.
org/rules/index.yaml
19/4/2024 -- 22:13:35 - <Info> -- Adding all sources
19/4/2024 -- 22:13:35 - <Info> -- Saved /var/lib/suricata/update/cache/index.yam
l
Name: et/open
Vendor: Proofpoint
Summary: Emerging Threats Open Ruleset
License: MIT
Name: et/pro
Vendor: Proofpoint
Summary: Emerging Threats Pro Ruleset
License: Commercial
Replaces: et/open
Parameters: secret-code
Subscription: https://www.proofpoint.com/us/threat-insight/et-pro-ruleset
Name: oisf/trafficid
Vendor: OISF
Summary: Suricata Traffic ID ruleset
License: MIT
Name: scwx/enhanced
Vendor: Secureworks
Summary: Secureworks suricata-enhanced ruleset
License: Commercial
Parameters: secret-code
Subscription: https://www.secureworks.com/contact/ (Please reference CTU Count
ermeasures)
Name: scwx/malware
Vendor: Secureworks
Summary: Secureworks suricata-malware ruleset
License: Commercial
Parameters: secret-code
Subscription: https://www.secureworks.com/contact/ (Please reference CTU Count
ermeasures)
Name: scwx/security
Vendor: Secureworks
Summary: Secureworks suricata-security ruleset
License: Commercial
Parameters: secret-code
Subscription: https://www.secureworks.com/contact/ (Please reference CTU Count
ermeasures)
Name: sslbl/ssl-fp-blacklist
Vendor: Abuse.ch
Summary: Abuse.ch SSL Blacklist
License: Non-Commercial
Name: sslbl/ja3-fingerprints
Vendor: Abuse.ch
Summary: Abuse.ch Suricata JA3 Fingerprint Ruleset
License: Non-Commercial
Name: etnetera/aggressive
Vendor: Etnetera a.s.
Summary: Etnetera aggressive IP blacklist
License: MIT
Name: tgreen/hunting
Vendor: tgreen
Summary: Threat hunting rules
License: GPLv3
Name: malsilo/win-malware
Vendor: malsilo
Summary: Commodity malware rules
License: MIT
Name: stamus/lateral
Vendor: Stamus Networks
Summary: Lateral movement rules
License: GPL-3.0-only
Name: stamus/nrd-30-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 30 day list, complete
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-14-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 14 day list, complete
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-entropy-30-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 30 day list, high entropy
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-entropy-14-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 14 day list, high entropy
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-phishing-30-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 30 day list, phishing
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-phishing-14-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 14 day list, phishing
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: pawpatrules
Vendor: pawpatrules
Summary: PAW Patrules is a collection of rules for IDPS / NSM Suricata engine
License: CC-BY-SA-4.0
root@nico:~# suricata-update enable-source tgreen/hunting
19/4/2024 -- 22:13:46 - <Info> -- Using data-directory /var/lib/suricata.
19/4/2024 -- 22:13:46 - <Info> -- Using Suricata configuration /etc/suricata/sur
icata.yaml
19/4/2024 -- 22:13:46 - <Info> -- Using /etc/suricata/rules for Suricata provide
d rules.
19/4/2024 -- 22:13:46 - <Info> -- Found Suricata version 6.0.10 at /usr/bin/suri
cata.
19/4/2024 -- 22:13:46 - <Info> -- Creating directory /var/lib/suricata/update/so
urces
19/4/2024 -- 22:13:46 - <Info> -- Enabling default source et/open
19/4/2024 -- 22:13:46 - <Info> -- Source tgreen/hunting enabled
root@nico:~# suricata -T -c /etc/suricata/suricata.yaml -v
19/4/2024 -- 22:13:58 - <Info> - Running suricata under test mode
19/4/2024 -- 22:13:58 - <Notice> - This is Suricata version 6.0.10 RELEASE runni
ng in SYSTEM mode
19/4/2024 -- 22:13:58 - <Info> - CPUs/cores online: 2
19/4/2024 -- 22:13:58 - <Info> - fast output device (regular) initialized: fast.
log
19/4/2024 -- 22:13:58 - <Info> - eve-log output device (regular) initialized: ev
e.json
19/4/2024 -- 22:13:58 - <Info> - stats output device (regular) initialized: stat
s.log
19/4/2024 -- 22:14:03 - <Info> - 1 rule files processed. 37195 rules successfull
y loaded, 0 rules failed
19/4/2024 -- 22:14:03 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:14:04 - <Info> - 37198 signatures processed. 1179 are IP-only ru
les, 4891 are inspecting packet payload, 30923 inspect application layer, 108 ar
e decoder event only
19/4/2024 -- 22:14:10 - <Notice> - Configuration provided was successfully loade
d. Exiting.
19/4/2024 -- 22:14:11 - <Info> - cleaning up signature grouping structure... com
plete
root@nico:~# systemctl start suricata
root@nico:~# systemctl status suricata
● suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/lib/systemd/system/suricata.service; enabled; preset: ena>
Active: active (running) since Fri 2024-04-19 22:14:24 CEST; 5s ago
Docs: man:suricata(8)
man:suricatasc(8)
https://suricata-ids.org/docs/
Process: 7468 ExecStart=/usr/bin/suricata -D --af-packet -c /etc/suricata/s>
Main PID: 7473 (Suricata-Main)
Tasks: 1 (limit: 2252)
Memory: 315.8M
CPU: 5.652s
CGroup: /system.slice/suricata.service
└─7473 /usr/bin/suricata -D --af-packet -c
/etc/suricata/suricata.>

avril 19 22:14:23 nico systemd[1]: Starting suricata.service - Suricata IDS/IDP>


avril 19 22:14:23 nico suricata[7468]: 19/4/2024 -- 22:14:23 - <Notice> - This >
avril 19 22:14:24 nico suricata[7468]: 19/4/2024 -- 22:14:24 - <Warning> - [ERR>
avril 19 22:14:24 nico suricata[7468]: 19/4/2024 -- 22:14:24 - <Warning> - [ERR>
avril 19 22:14:24 nico systemd[1]: Started suricata.service - Suricata IDS/IDP >
lines 1-19/19 (END)
root@nico:~# ^C
root@nico:~# tail -f /var/log/suricata/suricata.log
19/4/2024 -- 22:14:49 - <Info> - CPUs/cores online: 2
19/4/2024 -- 22:14:49 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:14:49 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:14:49 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:14:49 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:14:49 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:14:49 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:14:49 - <Info> - fast output device (regular) initialized: fast.log
19/4/2024 -- 22:14:49 - <Info> - eve-log output device (regular) initialized:
eve.json
19/4/2024 -- 22:14:49 - <Info> - stats output device (regular) initialized: stats.log
19/4/2024 -- 22:14:54 - <Info> - 1 rule files processed. 37195 rules successfully
loaded, 0
rules failed
19/4/2024 -- 22:14:54 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:14:54 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
^C
root@nico:~# curl http://testmynids.org/uid/index.html
uid=0(root) gid=0(root) groups=0(root)
root@nico:~# grep 2100498 /var/log/suricata/fast.log
root@nico:~# suricata-update list-sources
19/4/2024 -- 22:17:07 - <Info> -- Using data-directory /var/lib/suricata.
19/4/2024 -- 22:17:07 - <Info> -- Using Suricata configuration
/etc/suricata/suricata.yaml
19/4/2024 -- 22:17:07 - <Info> -- Using /etc/suricata/rules for Suricata provided
rules.
19/4/2024 -- 22:17:07 - <Info> -- Found Suricata version 6.0.10 at /usr/bin/suricata.
Name: et/open
Vendor: Proofpoint
Summary: Emerging Threats Open Ruleset
License: MIT
Name: et/pro
Vendor: Proofpoint
Summary: Emerging Threats Pro Ruleset
License: Commercial
Replaces: et/open
Parameters: secret-code
Subscription: https://www.proofpoint.com/us/threat-insight/et-pro-ruleset
Name: oisf/trafficid
Vendor: OISF
Summary: Suricata Traffic ID ruleset
License: MIT
Name: scwx/enhanced
Vendor: Secureworks
Summary: Secureworks suricata-enhanced ruleset
License: Commercial
Parameters: secret-code
Subscription: https://www.secureworks.com/contact/ (Please reference CTU
Countermeasures)
Name: scwx/malware
Vendor: Secureworks
Summary: Secureworks suricata-malware ruleset
License: Commercial
Parameters: secret-code
Subscription: https://www.secureworks.com/contact/ (Please reference CTU
Countermeasures)
Name: scwx/security
Vendor: Secureworks
Summary: Secureworks suricata-security ruleset
License: Commercial
Parameters: secret-code
Subscription: https://www.secureworks.com/contact/ (Please reference CTU
Countermeasures)
Name: sslbl/ssl-fp-blacklist
Vendor: Abuse.ch
Summary: Abuse.ch SSL Blacklist
License: Non-Commercial
Name: sslbl/ja3-fingerprints
Vendor: Abuse.ch
Summary: Abuse.ch Suricata JA3 Fingerprint Ruleset
License: Non-Commercial
Name: etnetera/aggressive
Vendor: Etnetera a.s.
Summary: Etnetera aggressive IP blacklist
License: MIT
Name: tgreen/hunting
Vendor: tgreen
Summary: Threat hunting rules
License: GPLv3
Name: malsilo/win-malware
Vendor: malsilo
Summary: Commodity malware rules
License: MIT
Name: stamus/lateral
Vendor: Stamus Networks
Summary: Lateral movement rules
License: GPL-3.0-only
Name: stamus/nrd-30-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 30 day list, complete
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-14-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 14 day list, complete
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-entropy-30-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 30 day list, high entropy
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-entropy-14-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 14 day list, high entropy
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-phishing-30-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 30 day list, phishing
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: stamus/nrd-phishing-14-open
Vendor: Stamus Networks
Summary: Newly Registered Domains Open only - 14 day list, phishing
License: Commercial
Parameters: secret-code
Subscription: https://www.stamus-networks.com/stamus-labs/subscribe-to-threat-
intel-feed
Name: pawpatrules
Vendor: pawpatrules
Summary: PAW Patrules is a collection of rules for IDPS / NSM Suricata engine
License: CC-BY-SA-4.0
root@nico:~# suricata-update enable-source tgreen/hunting
19/4/2024 -- 22:17:16 - <Info> -- Using data-directory /var/lib/suricata.
19/4/2024 -- 22:17:16 - <Info> -- Using Suricata configuration
/etc/suricata/suricata.yaml
19/4/2024 -- 22:17:16 - <Info> -- Using /etc/suricata/rules for Suricata provided
rules.
19/4/2024 -- 22:17:16 - <Info> -- Found Suricata version 6.0.10 at /usr/bin/suricata.
19/4/2024 -- 22:17:16 - <Warning> -- The source tgreen/hunting is already enabled.
19/4/2024 -- 22:17:16 - <Info> -- Source tgreen/hunting enabled
root@nico:~# suricata -T -c /etc/suricata/suricata.yaml -v
19/4/2024 -- 22:17:24 - <Info> - Running suricata under test mode
19/4/2024 -- 22:17:24 - <Notice> - This is Suricata version 6.0.10 RELEASE running in
SYSTE
M mode
19/4/2024 -- 22:17:24 - <Info> - CPUs/cores online: 2
19/4/2024 -- 22:17:24 - <Info> - fast output device (regular) initialized: fast.log
19/4/2024 -- 22:17:24 - <Info> - eve-log output device (regular) initialized:
eve.json
19/4/2024 -- 22:17:24 - <Info> - stats output device (regular) initialized: stats.log
19/4/2024 -- 22:17:30 - <Info> - 1 rule files processed. 37195 rules successfully
loaded, 0
rules failed
19/4/2024 -- 22:17:30 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:17:30 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
19/4/2024 -- 22:17:38 - <Notice> - Configuration provided was successfully loaded.
Exiting.
19/4/2024 -- 22:17:38 - <Info> - cleaning up signature grouping structure... complete
root@nico:~# systemctl start suricata
root@nico:~# systemctl status suricata
● suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/lib/systemd/system/suricata.service; enabled; preset:
enabled)
Active: active (running) since Fri 2024-04-19 22:18:00 CEST; 578ms ago
Docs: man:suricata(8)
man:suricatasc(8)
https://suricata-ids.org/docs/
Process: 7847 ExecStart=/usr/bin/suricata -D --af-packet -c
/etc/suricata/suricata.yam>
Main PID: 7852 (Suricata-Main)
Tasks: 1 (limit: 2252)
Memory: 67.0M
CPU: 622ms
CGroup: /system.slice/suricata.service
└─7852 /usr/bin/suricata -D --af-packet -c
/etc/suricata/suricata.yaml --pidf>

avril 19 22:18:00 nico systemd[1]: Starting suricata.service - Suricata IDS/IDP


daemon...
avril 19 22:18:00 nico suricata[7847]: 19/4/2024 -- 22:18:00 - <Notice> - This is
Suricata>
avril 19 22:18:00 nico suricata[7847]: 19/4/2024 -- 22:18:00 - <Warning> - [ERRCODE:
SC_ER>
avril 19 22:18:00 nico suricata[7847]: 19/4/2024 -- 22:18:00 - <Warning> - [ERRCODE:
SC_ER>
avril 19 22:18:00 nico systemd[1]: Started suricata.service - Suricata IDS/IDP
daemon.
lines 1-19/19 (END)

root@nico:~# ^C
root@nico:~# tail -f /var/log/suricata/suricata.log
19/4/2024 -- 22:18:25 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:18:25 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:18:25 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:18:25 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:18:25 - <Info> - fast output device (regular) initialized: fast.log
19/4/2024 -- 22:18:25 - <Info> - eve-log output device (regular) initialized:
eve.json
19/4/2024 -- 22:18:25 - <Info> - stats output device (regular) initialized: stats.log
19/4/2024 -- 22:18:30 - <Info> - 1 rule files processed. 37195 rules successfully
loaded, 0
rules failed
19/4/2024 -- 22:18:30 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:18:31 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
19/4/2024 -- 22:18:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
type f
or iface "eth0": No such device
19/4/2024 -- 22:18:38 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:18:38 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:18:38 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:18:38 - <Info> - Using unix socket file '/var/run/suricata-
command.socket'
19/4/2024 -- 22:18:38 - <Notice> - all 6 packet processing threads, 4 management
threads in
itialized, engine started.
19/4/2024 -- 22:18:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
iface
eth0: No such device
19/4/2024 -- 22:18:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init
AF_PACK
ET socket, fatal error
19/4/2024 -- 22:18:38 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0
failed
19/4/2024 -- 22:18:38 - <Notice> - This is Suricata version 6.0.10 RELEASE running in
SYSTE
M mode
19/4/2024 -- 22:18:38 - <Info> - CPUs/cores online: 2
19/4/2024 -- 22:18:38 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:18:38 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:18:38 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:18:38 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:18:38 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:18:38 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:18:38 - <Info> - fast output device (regular) initialized: fast.log
19/4/2024 -- 22:18:38 - <Info> - eve-log output device (regular) initialized:
eve.json
19/4/2024 -- 22:18:38 - <Info> - stats output device (regular) initialized: stats.log
19/4/2024 -- 22:18:43 - <Info> - 1 rule files processed. 37195 rules successfully
loaded, 0
rules failed
19/4/2024 -- 22:18:43 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:18:44 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
19/4/2024 -- 22:18:50 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
type f
or iface "eth0": No such device
19/4/2024 -- 22:18:50 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:18:50 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:18:50 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:18:50 - <Info> - Using unix socket file '/var/run/suricata-
command.socket'
19/4/2024 -- 22:18:50 - <Notice> - all 6 packet processing threads, 4 management
threads in
itialized, engine started.
19/4/2024 -- 22:18:50 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
iface
eth0: No such device
19/4/2024 -- 22:18:51 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init
AF_PACK
ET socket, fatal error
19/4/2024 -- 22:18:51 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0
failed
19/4/2024 -- 22:18:51 - <Notice> - This is Suricata version 6.0.10 RELEASE running in
SYSTE
M mode
19/4/2024 -- 22:18:51 - <Info> - CPUs/cores online: 2
19/4/2024 -- 22:18:51 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:18:51 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:18:51 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:18:51 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:18:51 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:18:51 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:18:51 - <Info> - fast output device (regular) initialized: fast.log
19/4/2024 -- 22:18:51 - <Info> - eve-log output device (regular) initialized:
eve.json
19/4/2024 -- 22:18:51 - <Info> - stats output device (regular) initialized: stats.log
19/4/2024 -- 22:18:56 - <Info> - 1 rule files processed. 37195 rules successfully
loaded, 0
rules failed
19/4/2024 -- 22:18:56 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:18:56 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
19/4/2024 -- 22:19:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
type f
or iface "eth0": No such device
19/4/2024 -- 22:19:04 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:04 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:04 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:04 - <Info> - Using unix socket file '/var/run/suricata-
command.socket'
19/4/2024 -- 22:19:04 - <Notice> - all 6 packet processing threads, 4 management
threads in
itialized, engine started.
19/4/2024 -- 22:19:04 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
iface
eth0: No such device
19/4/2024 -- 22:19:04 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init
AF_PACK
ET socket, fatal error
19/4/2024 -- 22:19:04 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0
failed
19/4/2024 -- 22:19:04 - <Notice> - This is Suricata version 6.0.10 RELEASE running in
SYSTE
M mode
19/4/2024 -- 22:19:04 - <Info> - CPUs/cores online: 2
19/4/2024 -- 22:19:04 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:19:04 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:19:04 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:19:04 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:19:04 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:19:04 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:19:04 - <Info> - fast output device (regular) initialized: fast.log
19/4/2024 -- 22:19:04 - <Info> - eve-log output device (regular) initialized:
eve.json
19/4/2024 -- 22:19:04 - <Info> - stats output device (regular) initialized: stats.log
19/4/2024 -- 22:19:09 - <Info> - 1 rule files processed. 37195 rules successfully
loaded, 0
rules failed
19/4/2024 -- 22:19:09 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:19:10 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
19/4/2024 -- 22:19:16 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
type f
or iface "eth0": No such device
19/4/2024 -- 22:19:16 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:17 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:17 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:17 - <Info> - Using unix socket file '/var/run/suricata-
command.socket'
19/4/2024 -- 22:19:17 - <Notice> - all 6 packet processing threads, 4 management
threads in
itialized, engine started.
19/4/2024 -- 22:19:17 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
iface
eth0: No such device
19/4/2024 -- 22:19:17 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init
AF_PACK
ET socket, fatal error
19/4/2024 -- 22:19:17 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0
failed
19/4/2024 -- 22:19:17 - <Notice> - This is Suricata version 6.0.10 RELEASE running in
SYSTE
M mode
19/4/2024 -- 22:19:17 - <Info> - CPUs/cores online: 2
19/4/2024 -- 22:19:17 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:19:17 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:19:17 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:19:17 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:19:17 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:19:17 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:19:17 - <Info> - fast output device (regular) initialized: fast.log
19/4/2024 -- 22:19:17 - <Info> - eve-log output device (regular) initialized:
eve.json
19/4/2024 -- 22:19:17 - <Info> - stats output device (regular) initialized: stats.log
19/4/2024 -- 22:19:22 - <Info> - 1 rule files processed. 37195 rules successfully
loaded, 0
rules failed
19/4/2024 -- 22:19:22 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:19:23 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
^C
root@nico:~# curl http://testmynids.org/uid/index.html
uid=0(root) gid=0(root) groups=0(root)
root@nico:~# grep 2100498 /var/log/suricata/fast.log
root@nico:~# tail -f /var/log/suricata/suricata.log
19/4/2024 -- 22:19:35 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
19/4/2024 -- 22:19:42 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
type f
or iface "eth0": No such device
19/4/2024 -- 22:19:42 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:42 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:42 - <Info> - Going to use 2 thread(s)
19/4/2024 -- 22:19:42 - <Info> - Using unix socket file '/var/run/suricata-
command.socket'
19/4/2024 -- 22:19:42 - <Notice> - all 6 packet processing threads, 4 management
threads in
itialized, engine started.
19/4/2024 -- 22:19:42 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find
iface
eth0: No such device
19/4/2024 -- 22:19:42 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init
AF_PACK
ET socket, fatal error
19/4/2024 -- 22:19:42 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0
failed
19/4/2024 -- 22:19:42 - <Notice> - This is Suricata version 6.0.10 RELEASE running in
SYSTE
M mode
19/4/2024 -- 22:19:42 - <Info> - CPUs/cores online: 2
19/4/2024 -- 22:19:43 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:19:43 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when
trying to
get MTU via ioctl for 'eth0': No such device (19)
19/4/2024 -- 22:19:43 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:19:43 - <Info> - Found an MTU of 1500 for 'ens37'
19/4/2024 -- 22:19:43 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:19:43 - <Info> - Found an MTU of 1500 for 'ens38'
19/4/2024 -- 22:19:43 - <Info> - fast output device (regular) initialized: fast.log
19/4/2024 -- 22:19:43 - <Info> - eve-log output device (regular) initialized:
eve.json
19/4/2024 -- 22:19:43 - <Info> - stats output device (regular) initialized: stats.log
19/4/2024 -- 22:19:48 - <Info> - 1 rule files processed. 37195 rules successfully
loaded, 0
rules failed
19/4/2024 -- 22:19:48 - <Info> - Threshold config parsed: 0 rule(s) found
19/4/2024 -- 22:19:48 - <Info> - 37198 signatures processed. 1179 are IP-only rules,
4891 a
re inspecting packet payload, 30923 inspect application layer, 108 are decoder event
only
^C
root@nico:~# wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg
--dea
rmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
root@nico:~# echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg]
https://ar
tifacts.elastic.co/packages/8.x/apt stable main" | sudo tee
/etc/apt/sources.list.d/elastic
-8.x.list
deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg]
https://artifacts.elastic.co/
packages/8.x/apt stable main
root@nico:~# apt update
Atteint :1 http://deb.debian.org/debian bookworm InRelease
Réception de :2 http://security.debian.org/debian-security bookworm-security
InRelease [48,
0 kB]
Atteint :3 http://deb.debian.org/debian bookworm-updates InRelease
Réception de :4 https://artifacts.elastic.co/packages/8.x/apt stable InRelease [10,4
kB]
Réception de :5 http://security.debian.org/debian-security bookworm-security/main
Sources [
90,8 kB]
Réception de :6 https://artifacts.elastic.co/packages/8.x/apt stable/main amd64
Packages [9
3,0 kB]
242 ko réceptionnés en 0s (491 ko/s)
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances... Fait
Lecture des informations d'état... Fait
22 paquets peuvent être mis à jour. Exécutez « apt list --upgradable » pour les voir.
root@nico:~# apt install elasticsearch
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances... Fait
Lecture des informations d'état... Fait
Les NOUVEAUX paquets suivants seront installés :
elasticsearch
0 mis à jour, 1 nouvellement installés, 0 à enlever et 22 non mis à jour.
Il est nécessaire de prendre 576 Mo dans les archives.
Après cette opération, 1 136 Mo d'espace disque supplémentaires seront utilisés.
Réception de :1 https://artifacts.elastic.co/packages/8.x/apt stable/main amd64
elasticsear
ch amd64 8.13.2 [576 MB]
576 Mo réceptionnés en 7s (77,2 Mo/s)
Sélection du paquet elasticsearch précédemment désélectionné.
(Lecture de la base de données... 150567 fichiers et répertoires déjà installés.)
Préparation du dépaquetage de .../elasticsearch_8.13.2_amd64.deb ...
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Dépaquetage de elasticsearch (8.13.2) ...
Paramétrage de elasticsearch (8.13.2) ...
--------------------------- Security autoconfiguration information
------------------------
------

Authentication and authorization are enabled.


TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : IgeIuFOJt*9-i+z*3CX+

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token
<token-here
>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with


'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with


'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with


'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------
------
------
### NOT starting on installation, please execute the following statements to
configure elas
ticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
root@nico:~# nano /etc/elasticsearch/elasticsearch.yml
root@nico:~# ufw allow in on eth1
Rules updated
Rules updated (v6)
root@nico:~# ufw allow out on eth1
Rules updated
Rules updated (v6)
root@nico:~# ufw allow in on eth0
Rules updated
Rules updated (v6)
root@nico:~# ufw allow out on eth0
Rules updated
Rules updated (v6)
root@nico:~# systemctl daemon-reload
root@nico:~# systemctl enable elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service
→ /lib/sy
stemd/system/elasticsearch.service.
root@nico:~# systemctl start elasticsearch
Job for elasticsearch.service failed.
See "systemctl status elasticsearch.service" and "journalctl -xeu
elasticsearch.service" fo
r details.
root@nico:~# systemctl status elasticsearch
× elasticsearch.service - Elasticsearch
Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; preset:
enabled)
Active: failed (Result: oom-kill) since Fri 2024-04-19 22:26:35 CEST; 30s
ago
Docs: https://www.elastic.co
Process: 9293 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p $
{PID_DIR}/>
Main PID: 9293 (code=exited, status=143)
CPU: 23.629s

avril 19 22:26:09 nico systemd[1]: Starting elasticsearch.service - Elasticsearch...


avril 19 22:26:12 nico systemd-entrypoint[9293]: avr. 19, 2024 10:26:12 PM
sun.util.locale>
avril 19 22:26:12 nico systemd-entrypoint[9293]: WARNING: COMPAT locale provider will
be r>
avril 19 22:26:35 nico systemd[1]: elasticsearch.service: A process of this unit has
been >
avril 19 22:26:35 nico systemd-entrypoint[9293]: ERROR: Elasticsearch died while
starting >
avril 19 22:26:35 nico systemd[1]: elasticsearch.service: Failed with result 'oom-
kill'.
avril 19 22:26:35 nico systemd[1]: Failed to start elasticsearch.service -
Elasticsearch.
avril 19 22:26:35 nico systemd[1]: elasticsearch.service: Consumed 23.629s CPU time.
lines 1-16/16 (END)
× elasticsearch.service - Elasticsearch
Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; preset:
enabled)
Active: failed (Result: oom-kill) since Fri 2024-04-19 22:26:35 CEST; 30s
ago
Docs: https://www.elastic.co
Process: 9293 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p $
{PID_DIR}/elasticsearch.pid --quiet (code=exited, status>
Main PID: 9293 (code=exited, status=143)
CPU: 23.629s

avril 19 22:26:09 nico systemd[1]: Starting elasticsearch.service - Elasticsearch...


avril 19 22:26:12 nico systemd-entrypoint[9293]: avr. 19, 2024 10:26:12 PM
sun.util.locale.provider.LocaleProviderAdapter <clinit>
avril 19 22:26:12 nico systemd-entrypoint[9293]: WARNING: COMPAT locale provider will
be removed in a future release
avril 19 22:26:35 nico systemd[1]: elasticsearch.service: A process of this unit has
been killed by the OOM killer.
avril 19 22:26:35 nico systemd-entrypoint[9293]: ERROR: Elasticsearch died while
starting up, with exit code 137
avril 19 22:26:35 nico systemd[1]: elasticsearch.service: Failed with result 'oom-
kill'.
avril 19 22:26:35 nico systemd[1]: Failed to start elasticsearch.service -
Elasticsearch.
avril 19 22:26:35 nico systemd[1]: elasticsearch.service: Consumed 23.629s CPU time.
~
~
~
~
~
~
~
~
~
~
~
~
lines 1-16/16 (END)

Broadcast message from root@nico (Fri 2024-04-19 22:27:45 CEST):

The system will power off now!

Remote side unexpectedly closed network connection

─────────────────────────────────────────────────────────────────────────────────────
────────────────────────────────────────────────────

Session stopped
- Press <Return> to exit tab
- Press R to restart session
- Press S to save terminal output to file

You might also like