@echo "'LD_LIBRARY_PATH="$(DESTDIR)$(prefix)/lib" "$(DESTDIR)$(bindir)/suricata" -c "$(DESTDIR)$(e_sysconfdir)/suricata.yaml" -i eth0'."
@echo ""
@echo "While rules are installed now, it's highly recommended to use a rule manager for maintaining rules."
- @echo "The two most common are Oinkmaster and Pulledpork. For a guide see:"
- @echo "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster"
+ @echo "The three most common are Suricata-Update, Oinkmaster and Pulledpork. For a guide see:"
+ @echo "https://suricata.readthedocs.io/en/latest/rule-management/index.html"
User Guide
----------
-You can follow the [Suricata user guide](http://suricata.readthedocs.io/en/latest/) to get started.
+You can follow the [Suricata user guide](https://suricata.readthedocs.io/en/latest/) to get started.
Our deprecated (but still useful) user guide is also [available](https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_User_Guide).
fi
# see if we have the patched libnet 1.1
- # http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html
+ # https://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html
#
# To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
# see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
Team:
-http://suricata-ids.org/about/team/
+https://suricata-ids.org/about/team/
All contributors:
https://www.ohloh.net/p/suricata-engine/contributors/summary
=====
Suricata is a multi-threaded intrusion detection/prevention engine.
engine available from the Open Information Security Foundation
-(http://www.openinfosecfoundation.org).
+(https://www.openinfosecfoundation.org).
Suricata and the HTP library are licensed under the GPLv2. A copy of this
license is available in this tarball, or at:
./configure --enable-pfring --with-libpfring-libraries=/opt/PF_RING/lib --with-libpfring-includes=/opt/PF_RING/include --with-libpcap-libraries=/opt/PF_RING/lib --with-libpcap-includes=/opt/PF_RING/include LD_RUN_PATH="/opt/PF_RING/lib:/usr/lib:/usr/local/lib" --prefix=/opt/PF_RING/
make && make install
-#Make config and log directories for a more complete getting started see http://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initial-use-on-ubuntu-lucid-10-04.html
+#Make config and log directories for a more complete getting started see https://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initial-use-on-ubuntu-lucid-10-04.html
mkdir /etc/suricata
cp suricata.yaml /etc/suricata/
cp classification.config /etc/suricata/
-http://suricata-ids.org/news/
-
+https://suricata-ids.org/news/
Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux
+from - https://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
Setting up IPS/inline for Linux
Plenty, and you're welcome to help!
-http://suricata-ids.org/participate/
-
+https://suricata-ids.org/participate/
Myricom
=======
-From: http://blog.inliniac.net/2012/07/10/suricata-on-myricom-capture-cards/
+From: https://blog.inliniac.net/2012/07/10/suricata-on-myricom-capture-cards/
In this guide I’ll describe using the Myricom libpcap support. I’m going to assume you installed the card properly, installed the Sniffer driver and made sure that all works. Make sure that in your dmesg you see that the card is in sniffer mode:
Further reading
~~~~~~~~~~~~~~~
-See http://suricata-update.readthedocs.io/en/latest/
+See https://suricata-update.readthedocs.io/en/latest/
- :doc:`../reputation/ipreputation/ip-reputation-config`
- :doc:`ip-reputation-rules`
- :doc:`../reputation/ipreputation/ip-reputation-format`
-- `http://blog.inliniac.net/2012/11/21/ip-reputation-in-suricata/ <http://blog.inliniac.net/2012/11/21/ip-reputation-in-suricata/>`_
+- `https://blog.inliniac.net/2012/11/21/ip-reputation-in-suricata/ <https://blog.inliniac.net/2012/11/21/ip-reputation-in-suricata/>`_
Flowbits
--------
- :doc:`file-keywords`
- :doc:`../file-extraction/file-extraction`
-- `http://blog.inliniac.net/2011/11/29/file-extraction-in-suricata/ <http://blog.inliniac.net/2011/11/29/file-extraction-in-suricata/>`_
-- `http://blog.inliniac.net/2014/11/11/smtp-file-extraction-in-suricata/ <http://blog.inliniac.net/2014/11/11/smtp-file-extraction-in-suricata/>`_
+- `https://blog.inliniac.net/2011/11/29/file-extraction-in-suricata/ <https://blog.inliniac.net/2011/11/29/file-extraction-in-suricata/>`_
+- `https://blog.inliniac.net/2014/11/11/smtp-file-extraction-in-suricata/ <https://blog.inliniac.net/2014/11/11/smtp-file-extraction-in-suricata/>`_
Lua Scripting
-------------
Each MD5 uses 16 bytes of memory. 20 Million MD5's use about 310 MiB of memory.
-See also: http://blog.inliniac.net/2012/06/09/suricata-md5-blacklisting/
+See also: https://blog.inliniac.net/2012/06/09/suricata-md5-blacklisting/
filesha1
--------
**Note**: the header buffer is *normalized*. Any trailing
whitespace and tab characters are removed. See:
- http://lists.openinfosecfoundation.org/pipermail/oisf-users/2011-October/000935.html.
+ https://lists.openinfosecfoundation.org/pipermail/oisf-users/2011-October/000935.html.
To avoid that, use the ``http_raw_header`` keyword.
Example of a header in a HTTP request:
comes to performance than using the ``http_header`` buffer (~10%
better).
-- `http://blog.inliniac.net/2012/07/09/suricata-http\_user\_agent-vs-http\_header/ <http://blog.inliniac.net/2012/07/09/suricata-http_user_agent-vs-http_header/>`_
+- `https://blog.inliniac.net/2012/07/09/suricata-http\_user\_agent-vs-http\_header/ <https://blog.inliniac.net/2012/07/09/suricata-http_user_agent-vs-http_header/>`_
http_accept
-----------
{
sigmatch_table[DETECT_FILEMAGIC].name = "filemagic";
sigmatch_table[DETECT_FILEMAGIC].desc = "match on the information libmagic returns about a file";
- sigmatch_table[DETECT_FILEMAGIC].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filemagic";
+ sigmatch_table[DETECT_FILEMAGIC].url = "https://suricata.readthedocs.io/en/latest/rules/file-keywords.html#filemagic";
sigmatch_table[DETECT_FILEMAGIC].Setup = DetectFilemagicSetupNoSupport;
sigmatch_table[DETECT_FILEMAGIC].flags = SIGMATCH_QUOTES_MANDATORY|SIGMATCH_HANDLE_NEGATION;
}
sigmatch_table[DETECT_LUA].name = "lua";
sigmatch_table[DETECT_LUA].alias = "luajit";
sigmatch_table[DETECT_LUA].desc = "match via a lua script";
- sigmatch_table[DETECT_LUA].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting";
+ sigmatch_table[DETECT_LUA].url = "https://suricata.readthedocs.io/en/latest/rules/rule-lua-scripting.html";
sigmatch_table[DETECT_LUA].Match = DetectLuaMatch;
sigmatch_table[DETECT_LUA].AppLayerTxMatch = DetectLuaAppTxMatch;
sigmatch_table[DETECT_LUA].Setup = DetectLuaSetup;
#define DEFAULT_PID_BASENAME "suricata.pid"
#define DEFAULT_PID_FILENAME DEFAULT_PID_DIR DEFAULT_PID_BASENAME
-#define DOC_URL "http://suricata.readthedocs.io/en/"
+#define DOC_URL "https://suricata.readthedocs.io/en/"
#if defined RELEASE
#define DOC_VERSION PROG_VER
# Suricata configuration file. In addition to the comments describing all
# options in this file, full documentation can be found at:
-# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml
+# https://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html
##
## Step 1: inform Suricata about your network
# Lua Output Support - execute lua script to generate alert and event
# output.
# Documented at:
- # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
+ # https://suricata.readthedocs.io/en/latest/output/lua-output.html
- lua:
enabled: no
#scripts-dir: /etc/suricata/lua-output/
#threshold gen_id 1, sig_id 2404000, type threshold, track by_dst, count 1, seconds 10
# Avoid to alert on f-secure update
-# Example taken from http://blog.inliniac.net/2012/03/07/f-secure-av-updates-and-suricata-ips/
+# Example taken from https://blog.inliniac.net/2012/03/07/f-secure-av-updates-and-suricata-ips/
#suppress gen_id 1, sig_id 2009557, track by_src, ip 217.110.97.128/25
#suppress gen_id 1, sig_id 2012086, track by_src, ip 217.110.97.128/25
#suppress gen_id 1, sig_id 2003614, track by_src, ip 217.110.97.128/25
projects / thirdparty / suricata.git / commitdiff
