以下安装步骤仅适合Centos 系统,接下来以cent os7系统为例进行安装
1、基础环境准备
yum install epep-release
yum install net-tools pciutils psmisc screen tar tcpdump wget rust zlib-devel
2、安装boost C++标准库
该代码库是世界上最受推崇和专业设计的C++库项目之一
安装相关依赖包
yum install bzip2-devel cmake cargo file-devel GeoIP-devel hiredis hiredis-devel jansson-devel jq kernel-devel libcap-ng-devel libdnet libevent libmaxminddb-devel libnet-devel libnetfilter_queue-devel
yum install libnss-mysql libpcap-devel libyaml-devel luajit lua-devel lz4-devel lzma ncurses-devel nss-devel pcre-devel python-devel python-yaml ragel sqlite-devel xz-devel
- 下载安装包
wget https://sourceforge.net/projects/boost/files/boost/1.74.0/boost_1_74_0.tar.gz --no-check-certificate - 编译安装执行步骤
tar zxvf boost_1_74_0.tar.gz
cd boost_1_74_0
./bootstrap.sh --prefix=/tmp/boost_build # 指定安装路径
./b2 install
查看 /tmp/boost_build目录是否存在
ls /tmp/boost_build
3、编译安装hyperscan
wget https://github.com/intel/hyperscan/archive/master.zip
unzip master
mv hyperscan-master hyperscan
cd hyperscan
mkdir build
cd build
cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=/tmp/boost_build/ ../ # 该路径为boost的安装路径
make -j 2 # 编译线程数量
make install
4、安装pfring
安装前环境准备
yum install bison flex git
yum install kernel-devel-$(uname -r)
- 编译安装
wget https://github.com/ntop/PF_RING/archive/refs/tags/8.2.0.tar.gz
cd PF_RING
make -j 3&& make instal
cd kernel
make install
cd ../userland/lib
./configure && make -j 3 && make install
# 向内核加载模块
cd PF_RING/kernel
insmod pf_ring.ko
5、安装suricata
下载suricata安装包 下载地址传送门
# 解压进入文件夹
tar zvxf 目标.tar.gz
cd suricata
# 查看文件夹里是否存在libhtp文件夹,如果不存在则下载libhtp包,有就跳过
# 我这里使用的是6版本的,默认是存在的,跳过该步骤
yum -y install autoconf automake libtool
git clone https://github.com/OISF/libhtp
./autogen.sh
# 编译安装
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-libhs-includes=/usr/local/include/hs/ --with-libhs-libraries=/usr/local/lib64/ --with-libhtp-includes=/usr/local/include/htp --with-libhtp-libraries=/usr/local/lib64/ --with-liblzma-includes=/usr/include/ --with-liblzma-libraries=/usr/lib64 --enable-gccprotect --enable-gccmarch-native --enable-lua --enable-geoip --enable-rust --enable-unix-socket --enable-pfring --with-libpfring-includes=/usr/local/include --with-libpfring-libraries=/usr/local/lib
make -j 8
make install
# 为了让动态链接库为系统所共享,程序能够正常执行,必要的一步
ldconfig
- 查看安装是否成功
suricata --build-info
6 TIP
基础环境安装
在centos上安装新版本suricata,可能需要升级gcc版本
- 安装centos-release-scl
sudo yum install centos-release-scl - 安装devtoolset,注意,如果想安装7.版本的,就改成devtoolset-7-gcc,以此类推
sudo yum install devtoolset-8-gcc* - 激活对应的devtoolset,所以你可以一次安装多个版本的devtoolset,需要的时候用下面这条命令切换到对应的版本
scl enable devtoolset-8 bash - 查看gcc版本
gcc -v
默认的镜像源已经失效了,需要修改centos 7 CentOS-Base.reop 的内容,如下
[base]
name=CentOS-$releasever - Base
baseurl=http://vault.centos.org/7.9.2009/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[updates]
name=CentOS-$releasever - Updates
baseurl=http://vault.centos.org/7.9.2009/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[extras]
name=CentOS-$releasever - Extras
baseurl=http://vault.centos.org/7.9.2009/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://vault.centos.org/7.9.2009/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
更改scl源,
CentOS-SCLo-scl.repo
[centos-sclo-sclo]
name=CentOS-7 - SCLo sclo
baseurl=http://vault.centos.org/centos/7/sclo/$basearch/rh
#mirrorlist=http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo
gpgcheck=1
enabled=1
增加epel源
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
执行命令 yum makecache
pfring依赖出错
安装suricata的时候出现错误 ERROR! --enable-pfring was passed but the library version is < 6, go get it ,但是通过执行modinfo pf_ring看是没有问题, 解决方式如下,进行编译配置的时候加上参数 CFLAGS="-D ,如下
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-libhs-includes=/usr/local/include/hs/ --with-libhs-libraries=/usr/local/lib64/ --with-libhtp-includes=/usr/local/include/htp --with-libhtp-libraries=/usr/local/lib64/ --with-liblzma-includes=/usr/include/ --with-liblzma-libraries=/usr/lib64 --enable-gccprotect --enable-gccmarch-native --enable-lua --enable-geoip --enable-rust --enable-unix-socket --enable-pfring --with-libpfring-includes=/usr/local/include --with-libpfring-libraries=/usr/local/lib
CFLAGS="-D_GNU_SOURCE"