Page 1 of 1
Suricata on the VirtualBox host
Posted: 2. Jul 2020, 15:16
by bender_sa
Virtual Box 5.0.40
OS on host machine is Debian 8
I want to install Suricata IPS on the host. How can I apply it to only VMs.
Re: Suricata on the VirtualBox host
Posted: 2. Jul 2020, 15:53
by multiOS
You would have to ask the developer of Suricata if that is possible and, if so, then how.
Re: Suricata on the VirtualBox host
Posted: 2. Jul 2020, 17:28
by scottgus1
When virtualizing OS's, it is helpful to imagine the VM's as separate physical computers.
How would you get Suricata installed on one computer to oversee a different computer? The computers would at least have to be networked, which is one thing Virtualbox provides. (Bridged definitely, especially if using wired Ethernet, not Wi-fi, see
Virtualbox Networks: In Pictures)
Also, Suricata would have to allow controlling a networked computer. As MultiOS says, you have to ask them if and how to do this.
Alternatively, install Suricata inside each VM's OS.
Re: Suricata on the VirtualBox host
Posted: 21. Sep 2020, 09:48
by bender_sa
The solution looks like this:
For example, let’s say your setup has three VMs:
Pfsense (PF/Suricata)
CentOS (Apache)
Window Server (Some kind of java app)
Pfsense with 2 NICs configured on VirtualBox network settings
1 NIC (bridge mode) with your Internet IP address
2 NIC (internal network) with an isolated network address
CentOS/Windows Server with 1 NIC each configured on VirtualBox network settings
1 NIC (internal network) with the same isolated network as above.
Now you can use Pfsense VM as a firewall and configure Suricata in IPS mode to project the traffic between your CentOS/Windows Server VMs and external side.
Reference https: [url deleted by mod]