How To Install suricata on Rocky Linux 8

In this tutorial we learn how to install suricata on Rocky Linux 8. suricata is Intrusion Detection System

Introduction

In this tutorial we learn how to install suricata on Rocky Linux 8.

What is `suricata`

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching, and GeoIP identification.

We can use yum or dnf to install suricata on Rocky Linux 8. In this tutorial we discuss both methods but you only need to choose one of method to install suricata.

Install suricata on Rocky Linux 8 Using dnf

Update yum database with dnf using the following command.

sudo dnf makecache --refresh

After updating yum database, We can install suricata using dnf by running the following command:

sudo dnf -y install suricata

Install suricata on Rocky Linux 8 Using yum

Update yum database with yum using the following command.

sudo yum makecache --refresh

After updating yum database, We can install suricata using yum by running the following command:

sudo yum -y install suricata

How To Uninstall suricata on Rocky Linux 8

To uninstall only the suricata package we can use the following command:

sudo dnf remove suricata

suricata Package Contents on Rocky Linux 8

/etc/logrotate.d/suricata
/etc/suricata
/etc/suricata/classification.config
/etc/suricata/reference.config
/etc/suricata/rules
/etc/suricata/rules/app-layer-events.rules
/etc/suricata/rules/decoder-events.rules
/etc/suricata/rules/dhcp-events.rules
/etc/suricata/rules/dnp3-events.rules
/etc/suricata/rules/dns-events.rules
/etc/suricata/rules/files.rules
/etc/suricata/rules/http-events.rules
/etc/suricata/rules/ipsec-events.rules
/etc/suricata/rules/kerberos-events.rules
/etc/suricata/rules/modbus-events.rules
/etc/suricata/rules/nfs-events.rules
/etc/suricata/rules/ntp-events.rules
/etc/suricata/rules/smb-events.rules
/etc/suricata/rules/smtp-events.rules
/etc/suricata/rules/stream-events.rules
/etc/suricata/rules/tls-events.rules
/etc/suricata/suricata.yaml
/etc/suricata/threshold.config
/etc/sysconfig/suricata
/run/suricata
/usr/bin/suricata-update
/usr/bin/suricatactl
/usr/bin/suricatasc
/usr/lib/.build-id
/usr/lib/.build-id/32
/usr/lib/.build-id/32/33bcf784cbe39b8334283bfa67c9ed1a302774
/usr/lib/.build-id/37
/usr/lib/.build-id/37/8b5c58952fa243c695c4ea8b49faf27746731e
/usr/lib/python3.6/site-packages/suricata-5.0.7-py3.6.egg-info
/usr/lib/python3.6/site-packages/suricata/__init__.py
/usr/lib/python3.6/site-packages/suricata/__pycache__
/usr/lib/python3.6/site-packages/suricata/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/config
/usr/lib/python3.6/site-packages/suricata/config/__init__.py
/usr/lib/python3.6/site-packages/suricata/config/__pycache__
/usr/lib/python3.6/site-packages/suricata/config/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/config/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/config/__pycache__/defaults.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/config/__pycache__/defaults.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/config/defaults.py
/usr/lib/python3.6/site-packages/suricata/ctl
/usr/lib/python3.6/site-packages/suricata/ctl/__init__.py
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/filestore.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/filestore.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/loghandler.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/loghandler.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/main.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/main.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/test_filestore.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/__pycache__/test_filestore.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/ctl/filestore.py
/usr/lib/python3.6/site-packages/suricata/ctl/loghandler.py
/usr/lib/python3.6/site-packages/suricata/ctl/main.py
/usr/lib/python3.6/site-packages/suricata/ctl/test_filestore.py
/usr/lib/python3.6/site-packages/suricata/sc
/usr/lib/python3.6/site-packages/suricata/sc/__init__.py
/usr/lib/python3.6/site-packages/suricata/sc/__pycache__
/usr/lib/python3.6/site-packages/suricata/sc/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/sc/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/sc/__pycache__/specs.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/sc/__pycache__/specs.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/sc/__pycache__/suricatasc.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/sc/__pycache__/suricatasc.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/sc/specs.py
/usr/lib/python3.6/site-packages/suricata/sc/suricatasc.py
/usr/lib/python3.6/site-packages/suricata/update
/usr/lib/python3.6/site-packages/suricata/update/__init__.py
/usr/lib/python3.6/site-packages/suricata/update/__pycache__
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/config.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/config.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/engine.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/engine.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/exceptions.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/exceptions.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/extract.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/extract.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/loghandler.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/loghandler.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/main.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/main.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/maps.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/maps.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/net.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/net.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/notes.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/notes.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/rule.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/rule.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/sources.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/sources.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/util.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/util.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/version.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/__pycache__/version.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands
/usr/lib/python3.6/site-packages/suricata/update/commands/__init__.py
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/addsource.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/addsource.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/checkversions.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/checkversions.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/disablesource.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/disablesource.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/enablesource.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/enablesource.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/listenabledsources.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/listenabledsources.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/listsources.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/listsources.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/removesource.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/removesource.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/updatesources.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/__pycache__/updatesources.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/commands/addsource.py
/usr/lib/python3.6/site-packages/suricata/update/commands/checkversions.py
/usr/lib/python3.6/site-packages/suricata/update/commands/disablesource.py
/usr/lib/python3.6/site-packages/suricata/update/commands/enablesource.py
/usr/lib/python3.6/site-packages/suricata/update/commands/listenabledsources.py
/usr/lib/python3.6/site-packages/suricata/update/commands/listsources.py
/usr/lib/python3.6/site-packages/suricata/update/commands/removesource.py
/usr/lib/python3.6/site-packages/suricata/update/commands/updatesources.py
/usr/lib/python3.6/site-packages/suricata/update/compat
/usr/lib/python3.6/site-packages/suricata/update/compat/__init__.py
/usr/lib/python3.6/site-packages/suricata/update/compat/__pycache__
/usr/lib/python3.6/site-packages/suricata/update/compat/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/compat/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/compat/__pycache__/ordereddict.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/compat/__pycache__/ordereddict.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/compat/argparse
/usr/lib/python3.6/site-packages/suricata/update/compat/argparse/__init__.py
/usr/lib/python3.6/site-packages/suricata/update/compat/argparse/__pycache__
/usr/lib/python3.6/site-packages/suricata/update/compat/argparse/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/compat/argparse/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/compat/argparse/__pycache__/argparse.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/compat/argparse/__pycache__/argparse.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/compat/argparse/argparse.py
/usr/lib/python3.6/site-packages/suricata/update/compat/ordereddict.py
/usr/lib/python3.6/site-packages/suricata/update/config.py
/usr/lib/python3.6/site-packages/suricata/update/configs
/usr/lib/python3.6/site-packages/suricata/update/configs/__init__.py
/usr/lib/python3.6/site-packages/suricata/update/configs/__pycache__
/usr/lib/python3.6/site-packages/suricata/update/configs/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/configs/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/configs/disable.conf
/usr/lib/python3.6/site-packages/suricata/update/configs/drop.conf
/usr/lib/python3.6/site-packages/suricata/update/configs/enable.conf
/usr/lib/python3.6/site-packages/suricata/update/configs/modify.conf
/usr/lib/python3.6/site-packages/suricata/update/configs/threshold.in
/usr/lib/python3.6/site-packages/suricata/update/configs/update.yaml
/usr/lib/python3.6/site-packages/suricata/update/data
/usr/lib/python3.6/site-packages/suricata/update/data/__init__.py
/usr/lib/python3.6/site-packages/suricata/update/data/__pycache__
/usr/lib/python3.6/site-packages/suricata/update/data/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/data/__pycache__/__init__.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/data/__pycache__/index.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/data/__pycache__/index.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/data/__pycache__/update.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricata/update/data/__pycache__/update.cpython-36.pyc
/usr/lib/python3.6/site-packages/suricata/update/data/index.py
/usr/lib/python3.6/site-packages/suricata/update/data/update.py
/usr/lib/python3.6/site-packages/suricata/update/engine.py
/usr/lib/python3.6/site-packages/suricata/update/exceptions.py
/usr/lib/python3.6/site-packages/suricata/update/extract.py
/usr/lib/python3.6/site-packages/suricata/update/loghandler.py
/usr/lib/python3.6/site-packages/suricata/update/main.py
/usr/lib/python3.6/site-packages/suricata/update/maps.py
/usr/lib/python3.6/site-packages/suricata/update/net.py
/usr/lib/python3.6/site-packages/suricata/update/notes.py
/usr/lib/python3.6/site-packages/suricata/update/rule.py
/usr/lib/python3.6/site-packages/suricata/update/sources.py
/usr/lib/python3.6/site-packages/suricata/update/util.py
/usr/lib/python3.6/site-packages/suricata/update/version.py
/usr/lib/python3.6/site-packages/suricata_update-1.1.3-py3.6.egg-info
/usr/lib/python3.6/site-packages/suricatasc/__init__.py
/usr/lib/python3.6/site-packages/suricatasc/__pycache__
/usr/lib/python3.6/site-packages/suricatasc/__pycache__/__init__.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/suricatasc/__pycache__/__init__.cpython-36.pyc
/usr/lib/systemd/system/suricata.service
/usr/lib/tmpfiles.d/suricata.conf
/usr/lib64/libhtp.so.2
/usr/lib64/libhtp.so.2.0.0
/usr/sbin/suricata
/usr/share/doc/suricata
/usr/share/doc/suricata/Basic_Setup.txt
/usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt
/usr/share/doc/suricata/fedora.notes
/usr/share/doc/suricata/suricata-update-README.rst
/usr/share/licenses/suricata
/usr/share/licenses/suricata/COPYING
/usr/share/man/man1/suricata.1.gz
/usr/share/man/man1/suricatactl-filestore.1.gz
/usr/share/man/man1/suricatactl.1.gz
/usr/share/man/man1/suricatasc.1.gz
/usr/share/suricata/rules
/usr/share/suricata/rules/app-layer-events.rules
/usr/share/suricata/rules/decoder-events.rules
/usr/share/suricata/rules/dhcp-events.rules
/usr/share/suricata/rules/dnp3-events.rules
/usr/share/suricata/rules/dns-events.rules
/usr/share/suricata/rules/files.rules
/usr/share/suricata/rules/http-events.rules
/usr/share/suricata/rules/ipsec-events.rules
/usr/share/suricata/rules/kerberos-events.rules
/usr/share/suricata/rules/modbus-events.rules
/usr/share/suricata/rules/nfs-events.rules
/usr/share/suricata/rules/ntp-events.rules
/usr/share/suricata/rules/smb-events.rules
/usr/share/suricata/rules/smtp-events.rules
/usr/share/suricata/rules/stream-events.rules
/usr/share/suricata/rules/tls-events.rules
/var/lib/suricata
/var/log/suricata

References

suricata website

Summary

In this tutorial we learn how to install suricata on Rocky Linux 8 using yum and dnf.