Kept getting version conflicts trying to install Suricata 4 IDS on Debian Stretch. Looks like Suricata expects to be installed on Buster which is sort of weird. Here’s how to get past the errors (e.g. libc6 requirement not met).
For Ubuntu, the OISF maintains a PPA suricata-stable that always contains the latest stable release.
sudo add-apt-repository ppa:oisf/suricata-stable
Since Debian Stretch is out of date:
echo "deb http://http.debian.net/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list
Do your apt update:
Finally, use the stretch backport for the install:
apt-get install suricata -t stretch-backports
Don’t forget to take advantage of the new suricata-update for rules updates.
To install suricata-update
sudo apt install python-pip python-yamlsudo pip install --pre --upgrade suricata-update
To download the Emerging Threats Open ruleset, it is enough to simply run:
This will download the ruleset into /var/lib/suricata/rules/
Suricata’s configuration will have to be updated to have a rules config like this:
default-rule-path: /var/lib/suricata/rules rule-files: - suricata.rules
Now (re)start Suricata.