Suricata on VirtualBox host

Virtual Box 5.0.40
OS on host machine is Debian 8

I want to install Suricata IPS on the host. How can I apply it to only VMs?

1 Like

Can you provide some more details about what you’re after? I also see the pfSense tag but you make no mention of it, so not sure if you plan to add pfSense into the mix?

I have a host. There is installed VirtualBox on it. There are some guest machines in VirtualBox. I need to protect these VMs and use Suricata for it. Can I install Suricata directly on the host and configure it for VMs network interfaces without harm to resources on the host?

So I have a solution ))) pfSense on the guest system with IPS.
I just thought there was an easier solution.

How did you configure the vritualbox networking to make this possible? I assume that somehow the traffic of the other guests goes through the pfSense VM?

If i got it, you could try to configure your VMs as below:

For example, let’s say your setup has three VMs:

  • Pfsense (PF/Suricata)
  • CentOS (Apache)
  • Window Server (Some kind of java app)

Pfsense with 2 NICs configured on VirtualBox network settings
1 NIC (bridge mode) with your Internet IP address
2 NIC (internal network) with an isolated network address

CentOS/Windows Server with 1 NIC each configured on VirtualBox network settings
1 NIC (internal network) with the same isolated network as above.

Now you can use Pfsense VM as a firewall and configure Suricata in IPS mode to project the traffic between your CentOS/Windows Server VMs and external side.

I don’t really know if this is what you’re looking for but i’ve tried this solution but just as a lab for practices purposes.

We used @lex’s solution

1 Like