Technical requirements
In this chapter's examples, we will use pre-packaged virtual machines, either based on Suricata-Elasticsearch-Logstash-Kibana-Scurius (SELKS) or Security Onion (two different pre-packaged Linux distributions). As in our packet capture examples, IPS solutions often operate against captured traffic, so you may need to refer to Chapter 11, Packet Capture and Analysis in Linux, to ensure you have an appropriate SPAN port configuration. More commonly, though, IPS solutions operate in line with the packet stream, usually with some decryption functionality – so, you may find yourself comparing the architecture more to our load balancer examples from Chapter 10, Load Balancer Services for Linux.
As IPS installations change frequently, this reflects on the installations for these two distributions. Because of this, we won't walk through installing packages and so on in this chapter, so please refer to the online installation for whichever solution...
