信息安全从业人员^_^
一个未入门de情报学胖子(邮箱:tenghm1986@163.com)
Toggle navigation
信息安全从业人员^_^
主页
About Me
归档
标签
suricata安装编译运行
2019-07-19 16:17:02
2858
0
0
heming
# 0. 参考 [1] [Git-suricata](https://github.com/OISF/suricata) [2] [suricata官网](https://suricata-ids.org/) [3] [suricata官方文档](https://suricata.readthedocs.io/en/latest/index.html) [4] [Rust官网](https://www.rust-lang.org/tools/install) [5] [CentOS Installation for suricata](https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation) [6] [Git-suricata-update](https://github.com/OISF/suricata-update)(suricata 依赖,关于规则) [7] [Git-libhtp](https://github.com/OISF/libhtp)(suricata依赖) [8] [suricata-update: Command not found](https://www.centos.org/forums/viewtopic.php?t=69604) [9] [Installing Python 2.7 on CentOS 6.x](http://tuxlabs.com/?p=194) [10] [Centos 6.5 升级python2.6到python2.7](https://www.jianshu.com/p/98952438748a) [11] [How to Install Rust Programming Language in Linux](https://www.tecmint.com/install-rust-programming-language-in-linux/) [12] [Rust Toolchain 反向代理使用帮助](https://cdn.jsdelivr.net/gh/rust-lang-nursery/rustup.rs/rustup-init.sh) # 1. 准备工作 系统:[centos 6.5(CentOS-6.5-x86_64-bin-DVD1)](http://%5C%5C192.168.3.5%5Cfile%5C%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E7%B1%BB%5Clinux%5CCentOS-6.5-x86_64-bin-DVD1) --- tips:建议采用 centos 7.0(suricata-update 依赖python2.7,而centos6.5采用python2.6,且与系统(源依赖)深度绑定,升级python比较麻烦) --- ## 1.1 相关依赖安装 ``` $ sudo yum install epel-release # (修改源)just for centos-6 $ sudo yum -y install libtool #error:no libtoolize glibtoolize $ sudo yum -y install lz4-devel $ sudo yum -y install xz-devel $ sudo yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-devel zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make libnetfilter_queue-devel lua-devel ``` ``` $ sudo yum -y install curl $ curl https://sh.rustup.rs -sSf | sh #安装rust,需翻墙 $ source $HOME/.cargo/env ``` #2.下载编译 ``` $ wget http://www.openinfosecfoundation.org/download/suricata-5.0.0-beta1.tar.gz --no-check-certificate #(包含htp模块,git源上需要下载htp模块) $ tar -xvzf suricata-5.0.0-beta1.tar.gz $ mv suricata-5.0.0-beta1 suricata-5.0.0 $ cd suricata-5.0.0 $ autoreconf -f -i(`optional`) $ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-nfqueue --enable-lua --enable-rust #添加`enable-rust` $ make $ sudo make install ``` #3.安装相关 ``` make install-conf # do the regular `make install` then create/setup suricata.yaml make install-rules # do the regular `make install` then it will automatically **download** and set up the latest ruleset from Emerging Threats available for Suricata make install-full #combine install-conf install-rules ``` 规则:24940条(date:20190712,自动安装不全) <center> ![make install-full](https://leanote.com/api/file/getImage?fileId=5d282c5aab64417804006320) </center> >安装可执行程序及相关路径: >>可执行程序(/usr/bin): suricata/suricatactl/suricatasc/suricata-update >>配置相关路径: /var/log/suricata #log相关 /etc/suricata(include:classification.config/reference.config/suricata.yaml(可配置rules路径)/threshold.config) #配置信息 协议等 /var/lib/suricata/rules #规则相关 ## 3.1 rules 安装 ``` wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz tar zxvf emerging.rules.tar.gz sudo cp -R rules/ /etc/suricata/ ``` ## 3.2 运行 ``` suricata -c /etc/suricata/suricata.yaml -i eth0 ``` <center> ![start](https://leanote.com/api/file/getImage?fileId=5d284a77ab64417804006966) </center> #4. Issue ##4.1 添加sudo权限 ``` $su $visudo ``` >root ALL=(ALL) ALL heming ALL=(ALL) ALL `#Allow user to run any commands anywhere` ##4.2 Cannot retrieve metalink for repository: epel 修改`/etc/yum.repos.d/epel.repo`,将所有baseurl注释取消,注释掉所有mirrorlist ##4.3 (rust)no default toolchain configured 需要以root账户安装rust(可以用rustc --version测试是否安装成功) ``` curl https://sh.rustup.rs -sSf | sh ``` ##4.4 (make install-full)/usr/bin/suricata-update: Command not found suricata-update 需要单独安装 ``` # cd suricata-update # python setup.py build # python setup.py install # yum install PyYAML.x86_64 ``` ##4.5 python2.6 upgrade python2.7 on centos 6.5 root用户下(可以参考[7]): ``` alias python=/usr/local/bin/python2.7 #修改~/.bashrc source ~/.bashrc ``` ##4.6 (suricata-update)error: pyyaml is required 参考[7]安装pyyaml,maybe it's a bug([Bug #2667](https://redmine.openinfosecfoundation.org/issues/2667)) ``` pip27 install pyyaml ```
上一篇:
suricata-code分析
下一篇:
2019版本等保2.0解读
0
赞
2858 人读过
新浪微博
微信
腾讯微博
QQ空间
人人网
Please enable JavaScript to view the
comments powered by Disqus.
comments powered by
Disqus
文档导航