Setting Up Suricata Notification Service on Linux for Real-time Security Alerts
Security is very important in today’s daily activities, and real-time alerting is vital to any secure system. That's why I try to simplify with the Suricata Notification Service, a real-time alert system that notifies you when specific Suricata rules are triggered. This article provides a step-by-step guide on how to set up this service on Debian-based, Red Hat, and Arch Linux systems.
Objective:
The aim is straightforward — immediate alerts when a predefined Suricata rule is triggered. This automated system relieves you from the labor-intensive task of manual log monitoring, allowing for more proactive threat management.
Setting Up Suricata
Before diving into notifications, let’s make sure Suricata and libnotify(responsible for notifications) are properly installed:
Debian/Ubuntu:
sudo apt-get update
sudo apt-get install suricata libnotify-binRHEL/Fedora:
sudo dnf update
sudo dnf install suricata libnotifyArch/Endeavour:
sudo pacman -Syu
sudo pacman -S suricata libnotifyCreating the Suricata Notification Service
For each Linux variant, create a systemd service file as follows:
Debian/Ubuntu:
sudo nano /etc/systemd/system/suricata-notification.serviceAdd the service configuration and save.
RHEL/Fedora:
sudo nano /etc/systemd/system/suricata-notification.serviceAdd the service configuration, being mindful of any SELinux permissions that need to be adjusted.
Arch/Endeavour:
sudo nano /etc/systemd/system/suricata-notification.serviceAdd the service configuration and save.
Systemd service file example:
[Unit]
#If you have problems not showing the notification try to uncomment these lines
#Maybe your $DISPLAY or $DBUS_SESSION_BUS_ADDRESS are not well configured.
#Environment="DISPLAY=:0"
#Environment="DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus"
Description=Suricata Notification Service
[Service]
Type=simple
ExecStart=/path/to/your/notification/script.sh
[Install]
WantedBy=multi-user.targetBy following these steps, you’ll have a functional Suricata Notification Service that enhances your proactive security measures by alerting you in real time about potential threats.
Conclusion
The Suricata Notification Service provides an additional security layer by providing real-time alerts. You no longer need to sift through logs to spot suspicious activities; you’ll be notified instantly.
At least, that was helpful for me. If you have problems or questions, just let me know. Bye!
