Virtual Box 5.0.40
OS on host machine is Debian 8
I want to install Suricata IPS on the host. How can I apply it to only VMs.
Suricata on the VirtualBox host
-
multiOS
- Volunteer
- Posts: 841
- Joined: 14. Sep 2019, 16:51
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: WIN11,10, 7, Linux (various)
- Location: United Kingdom
Re: Suricata on the VirtualBox host
You would have to ask the developer of Suricata if that is possible and, if so, then how.
-
scottgus1
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Suricata on the VirtualBox host
When virtualizing OS's, it is helpful to imagine the VM's as separate physical computers.
How would you get Suricata installed on one computer to oversee a different computer? The computers would at least have to be networked, which is one thing Virtualbox provides. (Bridged definitely, especially if using wired Ethernet, not Wi-fi, see Virtualbox Networks: In Pictures)
Also, Suricata would have to allow controlling a networked computer. As MultiOS says, you have to ask them if and how to do this.
Alternatively, install Suricata inside each VM's OS.
How would you get Suricata installed on one computer to oversee a different computer? The computers would at least have to be networked, which is one thing Virtualbox provides. (Bridged definitely, especially if using wired Ethernet, not Wi-fi, see Virtualbox Networks: In Pictures)
Also, Suricata would have to allow controlling a networked computer. As MultiOS says, you have to ask them if and how to do this.
Alternatively, install Suricata inside each VM's OS.
Re: Suricata on the VirtualBox host
The solution looks like this:
For example, let’s say your setup has three VMs:
Pfsense (PF/Suricata)
CentOS (Apache)
Window Server (Some kind of java app)
Pfsense with 2 NICs configured on VirtualBox network settings
1 NIC (bridge mode) with your Internet IP address
2 NIC (internal network) with an isolated network address
CentOS/Windows Server with 1 NIC each configured on VirtualBox network settings
1 NIC (internal network) with the same isolated network as above.
Now you can use Pfsense VM as a firewall and configure Suricata in IPS mode to project the traffic between your CentOS/Windows Server VMs and external side.
Reference https: [url deleted by mod]
For example, let’s say your setup has three VMs:
Pfsense (PF/Suricata)
CentOS (Apache)
Window Server (Some kind of java app)
Pfsense with 2 NICs configured on VirtualBox network settings
1 NIC (bridge mode) with your Internet IP address
2 NIC (internal network) with an isolated network address
CentOS/Windows Server with 1 NIC each configured on VirtualBox network settings
1 NIC (internal network) with the same isolated network as above.
Now you can use Pfsense VM as a firewall and configure Suricata in IPS mode to project the traffic between your CentOS/Windows Server VMs and external side.
Reference https: [url deleted by mod]
Last edited by mpack on 21. Sep 2020, 10:06, edited 3 times in total.
Reason: Let's see you post a few more times before we allow offsite links.
Reason: Let's see you post a few more times before we allow offsite links.