Configuring the User-Custom Packages repository¶
Note
This is an Optional step, you only need to do this step if you want to deploy custom built Suricata Packages, skip this step to use official Suricata packages (available in IDSTower Cluster Setup Wizard).
Advanced Users of Suricata sometime need to use their own custom built Suricata Package that has certain features enabled or bugfix that are not available yet in the binaries provided by OISF or other operating systems repositories.
IDSTower makes installing those packages easy by providing a way to the user to use his own custom built packages, the below steps explain how to do that:-
Prepare & compile your Suricata package in “.rpm” or “.dep” format.
Create the directory structure of the Custom repository in the IDSTower directory
$ cd /opt/idstower/
$ sudo mkdir custom
$ sudo mkdir custom/Suricata
$ sudo mkdir custom/Suricata/packages
$ sudo mkdir custom/Suricata/packages/6.0.1
$ sudo mkdir custom/Suricata/packages/6.0.1/el8
$ sudo mkdir custom/Suricata/packages/6.0.1/el8/x86_64
$ sudo cp /root/suricata-6.0.1-1.el8.x86_64.rpm /opt/idstower/custom/Suricata/packages/6.0.1/el8/x86_64/
Note
IDSTower will pick the appropriate package to install for the target host depending on target host Operating System, because of that you will need to create a directory for each OS flavor you will deploy this package in, in the above example we will be installing on Centos8.
Please use the following OS Codes instead of el8 in the example above - Redhat7/CentOS7: el7 - Redhat8/CentOS8: el8 - Ubuntu18 (Bionic): Ubuntu18 - Ubuntu20 (Focal): Ubuntu20
Make sure to place any Suricata Package dependencies in the same directory so they will be installed along with the Suricata package.
For Docker Installation Only: If you are using the Docker installation method, you need to mount the packages directory to the container, you can do this by adding the following line to your docker run command:
docker run \
-p 80:80 \
-p 443:443 \
-e LicenseKey=<Key> \
-e Hosting__URL=http://idstower.company.local \
-e Database__Host=<database host> \
-e Database__Name=<database name> \
-e Database__Username=<database username> \
-e Database__Password=<database password> \
-v /host/path/to/custom/Suricata/packages:/opt/idstower/custom/Suricata/packages/ \
-v /host/path/to/custom/Filebeat/packages:/opt/idstower/custom/Filebeat/packages/ \
idstower/idstower:latest
Now you will find your custom built versions available in the cluster installation wizard when you select the User Custom Packages Repository as shown below.
Note
If nothing shows up in the “IDS Software to Install”/”Logs Shipper Software to Install” dropdown menus, please make sure you have the correct folder structure in the packages directory.