یک سیستم تشخیص نفوذ شبکه، سیستم پیشگیری از نفوذ و موتور نظارت بر امنیت شبکه است
Suricata is a network IDS, IPS and NSM engine developed by the OISF and the Suricata community.
https://suricata.readthedocs.io/en/latest/install.htmlYou can follow the Suricata user guide to get started.
We're happily taking patches and other contributions. Please see https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing for how to get started.
Suricata is a complex piece of software dealing with mostly untrusted input. Mishandling this input will have serious consequences:
In other words, we think the stakes are pretty high, especially since in many common cases the IDS/IPS will be directly reachable by an attacker.
For this reason, we have developed a QA process that is quite extensive. A consequence is that contributing to Suricata can be a somewhat lengthy process.
On a high level, the steps are:
GitHub-CI based checks. This runs automatically when a pull request is made.
Review by devs from the team and community
QA runs from private QA setups. These are private due to the nature of the test traffic.
OISF team members are able to submit builds to our private QA setup. It will run a series of build tests and a regression suite to confirm no existing features break.
The final QA runs takes a few hours minimally, and generally runs overnight. It currently runs:
Next to these tests, based on the type of code change further tests can be run manually:
It's important to realize that almost all of the tests above are used as acceptance tests. If something fails, it's up to you to address this in your code.
One step of the QA is currently run post-merge. We submit builds to the Coverity Scan program. Due to limitations of this (free) service, we can submit once a day max. Of course it can happen that after the merge the community will find issues. For both cases we request you to help address the issues as they may come up.