开源IDS Suricata安装
Linux下的依赖问题的解决
在Debian,Ubuntu或者Linux Mint系列
$ sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev
在CentOS、Fedora或者RHEL系列
$ sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel
在Mac OS X下
brew install pkg-config libmagic libyaml nss nspr jansson libnet lua pcre
下载安装
$ wget http://www.openinfosecfoundation.org/download/suricata-4.0.4.tar.gz
$ tar -xvf suricata-4.0.4.tar.gz
$ cd suricata-4.0.4
$ ./configure --sysconfdir=/etc --localstatedir=/var
/mac ox x下(CC=llvm-gcc ./configure --sysconfdir=/etc --localstatedir=/var
--with-libpcre-includes=/usr/local/include --with-libpcre-libraries=/usr/local/lib
--with-libnss-includes=/usr/local/opt/nss/include/nss --with-libnss-libraries=/usr/local/opt/nss/lib
--with-libnspr-includes=/usr/local/opt/nspr/include/nspr --with-libnspr-libraries=/usr/local/opt/nspr/lib
--enable-ipfw --enable-lua)/
$ make
$ make install
$ make install-conf
$ make install-rules(mac下make install-full)
配置文件
路径在/etc/suricata/suricata.yaml
Mac在安装目录下
启用Suricata功能
$ sudo ethtool -K eth0 gro off lro off
$ sudo /usr/local/bin/suricata --list-runmodes
$ sudo /usr/local/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 --init-errors-fatal
$ tail -f /var/log/suricata/fast.log