- 安装过程
- 安装过程以及可能出现的问题
- 1、运行环境
- 2、安装库文件
- 3、安装suricata
- 4、下载规则库
- 5、启动项目
- 6、可能出现的问题
参考博客
- https://www.cnblogs.com/miansj/p/13996181.html
- https://blog.csdn.net/javajiawei/article/details/104428725/
- http://blog.leanote.com/post/heming/suricata%E5%AE%89%E8%A3%85%E7%BC%96%E8%AF%91
- CentOS 7,运行IPTables防火墙。
- 测试服务器一台,运行web服务;
- 测试机一台;
- GCC的版本需要升级到较高版本,实验中可升级到6.4即可。
-
安装:libdnet-1.12.tgz、libpcap-1.1.1.tar.gz、pcre-8.32.tar.gz
yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel -
安装libhtp(suricata文件内)libdnt等库
需要手动下载git下载libhtp
修改https替换git https://blog.csdn.net/itguangzhi/article/details/77771903
Linux配置.gitconfig:git config --global --edit
git使用https协议代替git
- 下载yaml库,主要用于配置文件操作: http://pyyaml.org/download/libyaml/yaml-0.1.4.tar.gz
解压:tar -zxvf yaml-0.1.4.tar.gz到特定目录 ./configure make make install3、安装suricata
wget http://www.openinfosecfoundation.org/download/suricata-5.0.0-beta1.tar.gz --no-check-certificate 解压:tar -zxvf suricata-1.4.7.tar.gz 到特定目录 ./configure(默认安装)/(./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-nfqueue --enable-lua --enable-rust #添加enable-rust) make make install make install-conf # do the regular 'make install' then create/setup suricata.yaml > ** make install-rules(会出现问题)** `error: rules not installed as suricata-update not available` 解决方法:下载更新 suricata-update make install-full4、下载规则库
http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
解压到/etc/suricata目录下
suricata -c /etc/suricata/suricata.yaml -q 0
suricata -c /etc/suricata/suricata.yaml -i eth0
6、可能出现的问题测试运行错误:
[root@localhost suricata-4.1.3]# /usr/bin/suricata -v /usr/bin/suricata: error while loading shared libraries: libhtp.so.2: cannot open shared object file: No such file or directory 查看依赖关系,发现库文件均在/lib64/路径下: [root@localhost suricata-4.1.3]# ldd /usr/bin/suricata linux-vdso.so.1 => (0x00007ffc9d3a7000) libhtp.so.2 => not found librt.so.1 => /lib64/librt.so.1 (0x00007fedd6252000) libm.so.6 => /lib64/libm.so.6 (0x00007fedd5f50000) …… 做软连接: [root@localhost suricata-4.1.3]# ln -s /usr/lib/libhtp.so.2 /lib64/libhtp.so.2
执行make install-rules时,出错:
error: rules not installed as suricata-update not available
1、需要下载python 同时需要安装版本较高的pip:python get-pip.py 2、需要安装suricata-update pip install --upgrade suricata-update 3、需要配置 修改配置文件suricata.yaml default-rule-path: /var/lib/suricata/rules rule-files: suricata.rules
suricata: error while loading shared libraries: libhtp.so.2: cannot open shared object file: No such file or directory 解决方法: sudo vim /etc/ld.so.conf 加入一行 /usr/local/lib, 保存 执行sudo ldconfig命令 即可解决 注意规则路径,/etc/suricata/ suricata.yaml中设置的default-rule-path值应与安装路径处一致。 修改配置文件suricata.yaml default-rule-path: /var/lib/suricata/rules rule-files: - suricata.rules
