+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS5
-
-
-CentOS5
-
-
-Pre-installation requirements
-
-You will have to use the Fedora EPEL repository for some packages to enable
-this repository. It is the same for i386 and x86_64:
-
- sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-
- 5-3.noarch.rpm
-
-Before you can build Suricata for your system, run the following command to
-ensure that you have everything you need for the installation.
-
- sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre \
- pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml \
- libyaml-devel zlib zlib-devel
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-
-IPS
-
-
-If you plan to build Suricata with IPS capabilities via ./configure --enable-
-nfqueue, there are no pre-built packages in the CentOS base or EPEL for
-libnfnetlink and libnetfilter_queue. If you wish, you may use the rpms in the
-Emerging Threats Cent OS 5 repository:
-i386
-
- sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/i386/
- libnetfilter_queue-0.0.15-1.i386.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/i386/
- libnetfilter_queue-devel-0.0.15-1.i386.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-
- 0.0.30-1.i386.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-
- devel-0.0.30-1.i386.rpm
-
-x86_64
-
- sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/
- x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
- libnetfilter_queue-devel-0.0.15-1.x86_64.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
- libnfnetlink-0.0.30-1.x86_64.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
- libnfnetlink-devel-0.0.30-1.x86_64.rpm
-
-
-libcap-ng installation
-
-This installation is needed for dropping privileges.
-
- wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.6.4.tar.gz
- tar -xzvf libcap-ng-0.6.4.tar.gz
- cd libcap-ng-0.6.4
- ./configure
- make
- sudo make install
-
-
-Suricata
-
-To download and build Suricata, enter the following:
-
- wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
- tar -xvzf suricata-1.3.3.tar.gz
- cd suricata-1.3.3
-
-If you are building from Git sources, enter all the following commands:
-
- bash autogen.sh
-
-If you are not building from Git sources, enter only:
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
- make
- sudo make install
-
-
-Auto setup
-
-You can also use the available auto setup features of Suricata:
-ex:
-
- ./configure && make && make install-conf
-
-make install-conf
-would do the regular "make install" and then it would automatically create/
-setup all the necessary directories and suricata.yaml for you.
-
- ./configure && make && make install-rules
-
-make install-rules
-would do the regular "make install" and then it would automatically download
-and set up the latest ruleset from Emerging Threats available for Suricata
-
- ./configure && make && make install-full
-
-make install-full
-would combine everything mentioned above (install-conf and install-rules) - and
-will present you with a ready to run (configured and set up) Suricata
-Please continue with the Basic_Setup.
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_56_Installation
-
-
-CentOS 5.6 Installation
-
-
-Pre-installation requirements
-
-You will have to use the Fedora EPEL repository for some packages to enable
-this repository. It is the same for i386 and x86_64:
-
- sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-
- 4.noarch.rpm
-
-Before you can build Suricata for your system, run the following command to
-ensure that you have everything you need for the installation.
-
- sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre \
- pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml \
- libyaml-devel zlib zlib-devel
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-
-IPS
-
-
-If you plan to build Suricata with IPS capabilities via ./configure --enable-
-nfqueue, there are no pre-built packages in the CentOS base or EPEL for
-libnfnetlink and libnetfilter_queue. If you wish, you may use the rpms in the
-Emerging Threats Cent OS 5 repository:
-i386
-
- sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/i386/
- libnetfilter_queue-0.0.15-1.i386.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/i386/
- libnetfilter_queue-devel-0.0.15-1.i386.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-
- 0.0.30-1.i386.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-
- devel-0.0.30-1.i386.rpm
-
-x86_64
-
- sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/
- x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
- libnetfilter_queue-devel-0.0.15-1.x86_64.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
- libnfnetlink-0.0.30-1.x86_64.rpm \
- http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
- libnfnetlink-devel-0.0.30-1.x86_64.rpm
-
-
-libcap-ng installation
-
-This installation is needed for dropping privileges.
-
- wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.6.4.tar.gz
- tar -xzvf libcap-ng-0.6.4.tar.gz
- cd libcap-ng-0.6.4
- ./configure
- make
- sudo make install
-
-
-Suricata
-
-To download and build Suricata, enter the following:
-
- wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
- tar -xvzf suricata-1.3.3.tar.gz
- cd suricata-1.3.3
-
-If you are building from Git sources, enter all the following commands:
-
- bash autogen.sh
-
-If you are not building from Git sources, enter only:
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
- make
- sudo make install
-
-
-Auto setup
-
-You can also use the available auto setup features of Suricata:
-ex:
-
- ./configure && make && make install-conf
-
-make install-conf
-would do the regular "make install" and then it would automatically create/
-setup all the necessary directories and suricata.yaml for you.
-
- ./configure && make && make install-rules
-
-make install-rules
-would do the regular "make install" and then it would automatically download
-and set up the latest ruleset from Emerging Threats available for Suricata
-
- ./configure && make && make install-full
-
-make install-full
-would combine everything mentioned above (install-conf and install-rules) - and
-will present you with a ready to run (configured and set up) Suricata
-Please continue with the Basic_Setup.
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation
-
-
-Debian Installation
-
-
-Pre-installation requirements
-
-Before you can build Suricata for your system, run the following command to
-ensure that you have everything you need for the installation.
-Make sure you will enter all the following commands as root/super-user,
-otherwise it will not work.
-
- apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
- build-essential autoconf automake libtool libpcap-dev libnet1-dev \
- libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
- pkg-config
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-IPS
-
-By default, Suricata works as an IDS. If you want to use it as a IDS and IPS
-program, enter:
-
- apt-get -y install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-
- dev libnfnetlink0
-
-
-Suricata
-
-To download and build Suricata, enter the following:
-
- wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
- tar -xvzf suricata-1.3.3.tar.gz
- cd suricata-1.3.3
-
-Compile and install the program
-If you plan to build Suricata with IPS capabilities, enter:
-
- ./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --
- localstatedir=/var
-
-instead of
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
-
-Continue with the next commands:
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
- make
- make install
-
-To make sure the existing list with libraries will be updated with the new
-library, enter:
-
- ldconfig
-
-
-Auto setup
-
-You can also use the available auto setup features of Suricata:
-ex:
-
- ./configure && make && make install-conf
-
-make install-conf
-would do the regular "make install" and then it would automatically create/
-setup all the necessary directories and suricata.yaml for you.
-
- ./configure && make && make install-rules
-
-make install-rules
-would do the regular "make install" and then it would automatically download
-and set up the latest ruleset from Emerging Threats available for Suricata
-
- ./configure && make && make install-full
-
-make install-full
-would combine everything mentioned above (install-conf and install-rules) - and
-will present you with a ready to run (configured and set up) Suricata
-Please continue with the Basic_Setup.
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Fedora_Core
-
-
-Fedora
-
-
-pre-installation requirements
-
-Before you can build Suricata for your system, run the following command to
-ensure that you have everything you need for the installation.
-
- sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre \
- pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml \
- libyaml-devel zlib zlib-devel libcap-ng libcap-ng-devel file-devel file
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-IPS
-
-If you plan to build Suricata with IPS capabilities via ./configure --enable-
-nfqueue, enter the following:
-
- sudo yum -y install libnfnetlink libnfnetlink-devel \
- libnetfilter_queue libnetfilter_queue-devel
-
-
-Suricata
-
-To download and build Suricata, enter the following:
-
- wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
- tar -xvzf suricata-1.3.3.tar.gz
- cd suricata-1.3.3
-
-If you are building from Git sources, enter all the following commands:
-
- bash autogen.sh
-
-If you are not building from Git sources, enter only the following:
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
- make
- sudo make install
-
-
-Auto setup
-
-You can also use the available auto setup features of Suricata:
-ex:
-
- ./configure && make && make install-conf
-
-make install-conf
-would do the regular "make install" and then it would automatically create/
-setup all the necessary directories and suricata.yaml for you.
-
- ./configure && make && make install-rules
-
-make install-rules
-would do the regular "make install" and then it would automatically download
-and set up the latest ruleset from Emerging Threats available for Suricata
-
- ./configure && make && make install-full
-
-make install-full
-would combine everything mentioned above (install-conf and install-rules) - and
-will present you with a ready to run (configured and set up) Suricata
-Please continue with the Basic_Setup.
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/FreeBSD_8
-
-
-FreeBSD 8 & 9
-
-
-Pre-installation requirements
-
-Before you can build Suricata for your system, run the following command to
-ensure that you have everything you need for the installation.
-Make sure you enter all commands as root/super-user, otherwise it will not
-work.
-For FreeBSD 8:
-
- pkg_add -r autoconf262 automake19 gcc45 libyaml pcre libtool \
- libnet11 libpcap gmake
-
-For FreeBSD 9.0:
-
- pkg_add -r autoconf268 automake111 gcc libyaml pcre libtool \
- libnet11 libpcap gmake
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-IPS
-
-If you would like to build suricata on FreeBSD with IPS capabilities with IPFW
-via --enable-ipfw, enter the following to enable ipfw and divert socket support
-before starting the engine with -d:
-Edit /etc/rc.conf and add or modify the following lines:
-
- firewall_enable="YES"
- firewall_type="open"
-
-Edit /boot/loader.conf and add or modify the following lines:
-
- ipfw_load="YES"
- ipfw_nat_load="YES"
- ipdivert_load="YES"
- dummynet_load="YES"
- libalias_load="YES"
-
-
-Suricata
-
-To download and build Suricata, enter the following:
-
- wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
- tar -xvzf suricata-1.3.3.tar.gz
- cd suricata-1.3.3
-
-If you are building from Git sources, enter all the following commands until
-the end of this file:
-
- bash autogen.sh
-
-If you are not building from Git sources, do not enter the above mentioned
-commands. Continue enter the following:
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
- make
- make install
- zerocopy bpf
- mkdir /var/log/suricata/
-
-FreeBSD 8 has support for zerocopy bpf in libpcap. To test this functionality,
-issue the following command and then start/restart the engine:
-
- sysctl net.bpf.zerocopy_enable=1
-
-
-Auto setup
-
-You can also use the available auto setup features of Suricata:
-ex:
-
- ./configure && make && make install-conf
-
-make install-conf
-would do the regular "make install" and then it would automatically create/
-setup all the necessary directories and suricata.yaml for you.
-
- ./configure && make && make install-rules
-
-make install-rules
-would do the regular "make install" and then it would automatically download
-and set up the latest ruleset from Emerging Threats available for Suricata
-
- ./configure && make && make install-full
-
-make install-full
-would combine everything mentioned above (install-conf and install-rules) - and
-will present you with a ready to run (configured and set up) Suricata
-Please continue with the Basic_Setup.
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTP_library_installation
-
-
-HTP library installation
-
-The installation of the HTP library is the same for several operating systems,
-except you can not use 'sudo' with Debian and FreeBSD. Using Debian or FreeBSD
-you have to Make sure you enter all following commands as root/super-user.
-To download and build HTP, enter the following:
-
- wget http://www.openinfosecfoundation.org/download/libhtp-0.2.3.tar.gz
- tar -xzvf libhtp-0.2.3.tar.gz
- cd libhtp-0.2.3
- ./configure
- make
- make install
-
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PCRE-JIT
-
-
-Installation from GIT with PCRE-JIT
-
-In this guide will be explained how to install and use the most recent code of
-Suricata on Ubuntu together with PCRE with JIT 8.20-RC1 support. The goal of
-PCRE-JIT is to improve the pcre pattern matching performance of the pcre
-library.
-The easiest way to see performance difference is to create a couple of pcre
-only rules or use for example the SSN rules from ET, and compare the
-performance statistics for rules.
-Installing from GIT on other operating systems is basically the same, except
-that some commands are Ubuntu-specific (like sudo and apt-get). In case you are
-using another operating system, you should replace those commands by your
-operating-specific commands.
-
-Pre-installation requirements
-
-Before you can build Suricata with PCRE-JIT for your system, run the following
-command to ensure that you have everything you need for the installation.
-
- sudo apt-get -y install build-essential autoconf automake \
- libtool libpcap-dev libnet1-dev libyaml-0-2 libyaml-dev \
- zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
- make g++
- sudo apt-get install git-core
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-PCRE with JIT support
-
-Enter the following commands for PCRE JIT installation:
-
- wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/pcre-8.20-
- RC1.tar.gz
- tar -xzvf pcre-8.20-RC1.tar.gz
- cd pcre-8.20-RC1
- ./configure --enable-jit
-
-Make sure you see that JIT compiling support is enabled, see example:
-
- make
- sudo make install
-
-
-
-HTP
-
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-
-IPS
-
-
-By default, Suricata works as an IDS. If you want to use it as a IDS and IPS
-program, enter:
-
- sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1
- libnfnetlink-dev libnfnetlink0
-
-
-Suricata
-
-First, it is convenient to create a directory for Suricata. Name it 'suricata'
-for example. Open the terminal and enter:
-
- mkdir suricata
-
-Followed by:
-
- cd suricata
-
-Next, enter the following line in the terminal:
-
- git clone git://phalanx.openinfosecfoundation.org/oisf.git
- cd oisf
-
-Followed by:
-
- ./autogen.sh
-
-
-Compile and install
-
-To configure, please enter:
-
- ./configure --enable-pcre-jit \
- --with-libpcre-includes=/usr/local/include \
- --with-libpcre-libraries=/usr/local/lib
-
-After entering the previous, make sure that your screen looks like the
-following example and you have PCRE with JIT support:
-
- make
- sudo make install
-
- sudo ldconfig
-
-To check the build information you can enter:
-
- suricata --build-info
-
-Please continue with Basic_Setup.
-In case you have already made a map for the most recent code, downloaded the
-code into that map, and want to download recent code again, please enter:
-
- cd suricata/oisf
-
-next, enter:
-
- git pull
-
-After that, you start again at running autogen.
+++ /dev/null
-Autogenerated on 2012-01-11
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104
-
-
-Installation from GIT with PF RING on Ubuntu server 11.04
-
-This guide is based on using Ubuntu Server 11.04
-Linux ubuntu 2.6.38-8-generic x86_64 GNU/Linux
-
-
-Pre installation requirements
-
-Install the following packages, to make sure you have everything needed for the
-installation:
-
- sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
- build-essential autoconf automake libtool libpcap-dev libnet1-dev \
- libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
- make flex bison git subversion
-
-Go to your download directory and get the latest PF_RING:
-
- svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING
-
-
-Compile and install
-
-Next, enter the following commands for configuration and installation:
-
- cd PF_RING/kernel
- make && make install
- sudo insmod ./pf_ring.ko
- cd ../userland
- make && make install
- cd /lib
- ./configure && make && make install
- cd ../libpcap
- ./configure && make && make install
- cd /examples
- echo "options pf_ring transparent_mode=0 min_num_slots=32768
- enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf
-
-To check if you have everything you need, enter:
-
- lsmod |grep pf_ring
- sudo modprobe pf_ring
- sudo modinfo pf_ring && cat /proc/net/pf_ring/info
-
-To check if PF_RING is functional, enter the following:
-
- ./pfcount -i eth0
-
-
-Suricata
-
-Go to your download directory of choice, and enter:
-
- git clone git://phalanx.openinfosecfoundation.org/oisf.git
- cd oisf
- sudo ./autogen.sh
- sudo ./configure --enable-pfring && make && make install
-
-You can always check if PF_RING is build in properly, by entering:
-
- suricata --build-info
-
-To run Suricata with PF_RING, enter:
-
- suricata --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-
- type=cluster_flow -c /etc/suricata/suricata.yaml
-
-Continue with the Basic_Setup.
-Thanks to Peter Manev
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_PF_RING
-
-
-Installation with PF RING
-
-This is the installation guide for Suricata with PF_RING support and a guide to
-install PF_RING.
-To install DKMS, enter:
-
- sudo apt-get install dkms
-
-To get subversion for checking out the PF_RING code, flex and bison for
-libpcap, enter:
-
- sudo apt-get install subversion flex bison
-
-To install the debs needed for Suricata, enter the following:
-
- sudo apt-get install libpcre3-dev libpcap-dev libyaml-dev zlib1g-dev libcap-
- ng-dev libnet1-dev
-
-In the example you will build from the GIT repository, so you will need some
-extra packages:
-
- sudo apt-get install git-core automake autoconf libtool
-
-To build your modules, please go to:
-
- cd /usr/src/
-
-Checkout the PF_RING code:
-
- sudo svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/
- PF_RING_CURRENT_SVN
-
-Create the DKMS build directory and copy files over for the main PF_RING module
-by entering the following:
-
- sudo mkdir /usr/src/pf_ring-4
- sudo cp -Rf /usr/src/PF_RING_CURRENT_SVN/kernel/* /usr/src/pf_ring-4/
- cd /usr/src/pf_ring-4/
-
-Create a file called 'dkms.conf'
-
- sudo nano dkms.conf
-
-and place the following into the file:
-
- PACKAGE_NAME="pf_ring"
- PACKAGE_VERSION="4"
- BUILT_MODULE_NAME[0]="pf_ring"
- DEST_MODULE_LOCATION[0]="/kernel/net/pf_ring/"
- AUTOINSTALL="yes"
-
-To close the file, do so by pressing Ctrl and X at the same time, followed by y
-and enter.
-Build and install the kernel -module of PF_RING:
-
- sudo dkms add -m pf_ring -v 4
- sudo dkms build -m pf_ring -v 4
- sudo dkms install -m pf_ring -v 4
-
-development headers.(zie aantekeningen)
-
- sudo mkdir -p /opt/PF_RING/{bin,lib,include/linux,sbin}
-
-Next, build and install the userland lib.:
-
- sudo cp -f /usr/src/PF_RING_CURRENT_SVN/kernel/linux/pf_ring.h /opt/PF_RING/
- include/linux/
- cd /usr/src/PF_RING_CURRENT_SVN/userland/lib
- sudo ./configure
- sudo sed -i -e 's/INSTDIR = \${DESTDIR}\/usr\/local/INSTDIR = \$
- {DESTDIR}\/opt\/PF_RING/' Makefile
- sudo cp -f pfring_e1000e_dna.h /opt/PF_RING/include
- sudo make
- sudo make install
-
-Enter the following to pull down the latest version of Suricata from the git
-repository and build with PF_RING support:
-
- cd /usr/src/PF_RING_CURRENT_SVN/userland/
- sudo git clone git://phalanx.openinfosecfoundation.org/oisf.git oisfnew
- cd oisfnew
- sudo ./autogen.sh
- sudo ./configure --enable-pfring --with-libpfring-libraries=/opt/PF_RING/lib
- --with-libpfring-includes=/opt/PF_RING/include --with-libpcap-libraries=/opt/
- PF_RING/lib --with-libpcap-includes=/opt/PF_RING/include LD_RUN_PATH="/opt/
- PF_RING/lib:/usr/lib:/usr/local/lib" --prefix=/opt/PF_RING/
- sudo make install
- sudo make
- sudo mkdir etc/suricata
-
-To make config and log directories for a more complete getting started, see:
-Basic_Setup.
-
- sudo mkdir /etc/suricata
- sudo cp suricata.yaml /etc/suricata/
- sudo cp classification.config /etc/suricata/
- sudo mkdir /var/log/suricata
-
-The information about the setup options for when you initialise the module:
-min_num_slots:Number of ring slots (uint)
-transparent_mode:0=standard Linux, 1=direct2pfring+transparent,
-2=direct2pfring+non transparent.
-For 1 and 2 you need to use a PF_RING aware driver (uint) .
-enable_tx_capture:Set to 1 to capture outgoing packets (uint)
-enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx traffic is
-defragmentead) (uint)
-Enter the following as super-user:
-
- echo "options pf_ring transparent_mode=0 min_num_slots=32768
- enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf
-
-To check the status of PF_RING :
-
- sudo modprobe pf_ring
- sudo modinfo pf_ring && cat /proc/net/pf_ring/info
-
-Start up Suricata with PF_RING support:
-
- sudo /opt/PF_RING/bin/suricata --pfring-int=eth0 --pfring-cluster-id=99 --
- pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml
-
-If you need to uninstall PF_RING or rollback your PF_RING aware drivers to
-their previous state you can do so with the following commands:
-
- sudo dkms remove -m pf_ring -v 4 --all
-
-
-Optional
-
-The following part is optional.
-
- sudo dkms remove -m e1000e-pf_ring -v 1.0.15 --all
-
-If you issue the following command, you can see that PF_RING should now be
-installed as DKMS module:
-
- dkms status
-
-Now go through the steps to build a PF_RING aware driver:
-
- sudo mkdir /usr/src/e1000e-pf_ring-1.0.15
- sudo cp -Rf /usr/src/PF_RING_CURRENT_SVN/drivers/intel/e1000e/old/e1000e-
- 1.0.15/src/* /usr/src/e1000e-pf_ring-1.0.15/
-
-Enter the following so that DKMS can find it for driver rebuilds:
-
- sudo cp -f /usr/src/PF_RING_CURRENT_SVN/kernel/linux/pf_ring.h /usr/src/
- e1000e-pf_ring-1.0.15/
- cd /usr/src/e1000e-pf_ring-1.0.15/
-
-After that, fix the path to pf_ring.h:
-
- sed -i -e 's/\.\.\/\.\.\/\.\.\/\.\.\/kernel\/linux\/pf\_ring\.h/pf\_ring\.h/
- ' netdev.c
-
-Then create a file called 'dkms.conf'.
-
- sudo nano dkms.conf
-
-and place the following into the file:
-
- PACKAGE_NAME="e1000e-pf_ring"
- PACKAGE_VERSION="1.0.15"
- BUILT_MODULE_NAME[0]="e1000e"
- DEST_MODULE_LOCATION[0]="/kernel/drivers/net/e1000e/"
- AUTOINSTALL="yes"
-
-Build and install the module of the e1000e-pf_ring network driver:
-
- sudo dkms add -m e1000e-pf_ring -v 1.0.15
- sudo dkms build -m e1000e-pf_ring -v 1.0.15
- sudo dkms install -m e1000e-pf_ring -v 1.0.15
-
-After that, build and install the PF_RING enabled libpcap:
-
- cd /usr/src/PF_RING_CURRENT_SVN/userland/libpcap-1.0.0-ring
- ./configure
- sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/
- ' Makefile
- sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/
- ' Makefile.in
- ./configure --prefix=/opt/PF_RING && make && make install
-
-Subsequently, build and install tcpdump using the PF_RING enabled version of
-libpcap:
-
- cd /usr/src/PF_RING_CURRENT_SVN/userland/tcpdump-4.0.0
- sudo ./configure
- sudo sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/
- ' Makefile
- sudo sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/
- ' Makefile.in
- sudo sed -i -e 's/-I \.\.\/libpcap-1\.0\.0-ring/-I \/opt\/PF_RING\/include/
- ' Makefile
- sudo sed -i -e 's/-I \.\.\/libpcap-1\.0\.0-ring/-I \/opt\/PF_RING\/include/
- ' Makefile.in
- sudo sed -i -e 's/-L \.\.\/libpcap-1\.0\.0-ring\/-L /\/opt\/PF_RING\/lib\//
- ' Makefile
- sed -i -e 's/-L \.\.\/libpcap-1\.0\.0-ring\/-L /\/opt\/PF_RING\/lib\//
- ' Makefile.in
- sudo ./configure LD_RUN_PATH="/opt/PF_RING/lib:/usr/lib:/usr/local/lib" --
- prefix=/opt/PF_RING/ --enable-ipv6 && make && make install
-
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Mac_OS_X_106x
-
-
-Mac OS X (10.6.x)
-
-
-Pre-installation requirements
-
-These instructions have been tested with Mac OS X (10.6.1). To begin, you will
-need an essential development environment much like gcc/make. You can download
-Xcode from http://developer.apple.com/technology/xcode.html.
-MacPorts is required for you to fetch the depends, so you will also need to
-install MacPorts, if you have not already done so. The online installation
-guide is located at http://guide.macports.org/#installing.
-Before you can build Suricata for your system, you must run the following
-command to ensure that you have everything you need for the installation.
-
- port install autoconf automake gcc44 make libnet11 libpcap pcre \
- libyaml libtool
- export AC_PROG_LIBTOOL=$( which libtool )
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-IPS
-
-If you would like to have IPS capabilities with IPFW, then you should run
-configure like this:
-
- ./configure --enable-ipfw --prefix=/usr --sysconfdir=/etc --localstatedir=/
- var
-
-and execute the rest of the commands the same as above.
-
-Suricata
-
-To download and build Suricata, enter the following:
-
- wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
- tar -xvzf suricata-1.3.3.tar.gz
- cd suricata-1.3.3
-
-You will also need to have an ipfw rule set for the engine to see the packets
-from ipfw. For example:
-
- ipfw add 100 divert 8000 ip from any to any
-
-The 8000 above should be the same number you pass on the command line of
-suricata with the option -d, that is, -d 8000:
-
- suricata -c config_file.yaml -d 8000
-
-You will need a Suricata rule set with IPS options (drop, reject, etc). For
-this, please refer to the Emerging Threats rule sets.
-If you are building from Git sources, enter the following:
-
- bash autogen.sh
-
-If you are not building from Git sources, enter the following:
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
- make
- sudo make install
-
-Please continue with the Basic_Setup.
INSTALL.WINDOWS \
\
Basic_Setup.txt \
-CentOS5.txt \
-CentOS_56_Installation.txt \
-Debian_Installation.txt \
-Fedora_Core.txt \
-FreeBSD_8.txt \
-HTP_library_installation.txt \
-Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104.txt \
-Installation_with_PF_RING.txt \
-Installation_from_GIT_with_PCRE-JIT.txt \
-Mac_OS_X_106x.txt \
-OpenBSD_Installation_from_GIT.txt \
Setting_up_IPSinline_for_Linux.txt \
-Third_Party_Installation_Guides.txt \
-Ubuntu_Installation.txt \
-Ubuntu_Installation_from_GIT.txt \
-Windows.txt
+Third_Party_Installation_Guides.txt
datarootdir=@datarootdir@
docdir = ${datarootdir}/doc/${PACKAGE}
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/OpenBSD_Installation_from_GIT
-
-
-OpenBSD Installation from GIT
-
-
-Pre-installation Requirements
-
-Before you can build Suricata for your system, run the following commands to
-ensure that you have everything you need for the installation.
-
- pkg_add gcc
- pkg_add pcre
- pkg_add libtool
- pkg_add libyaml
- pkg_add libnet-1.1.2.1p0
-
-If you would like to build from Git sources, you have to install the following
-building tools:
-
- pkg_add git
- pkg_add autoconf
- pkg_add automake
- If you use OpenBSD 4.8, enter the following:
- pkg_add git autoconf-2.61p3 automake-1.10.3
-
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-Suricata
-
-Next, clone the repository and run autogen:
-
- git clone git://phalanx.openinfosecfoundation.org/oisf.git
- cd oisf
- export AUTOCONF_VERSION=2.61
- export AUTOMAKE_VERSION=1.10
- ./autogen.sh
-
-Enter the following to configure:
-
- CPPFLAGS="-I/usr/local/include" CFLAGS="-L/usr/local/lib" ./configure --
- prefix=/opt/suricata
-
-To build and install Suricata, enter the following in your command line:
-
- make
- make install
-
-
-Auto setup
-
-You can also use the available auto setup features of Suricata:
-ex:
-
- ./configure && make && make install-conf
-
-make install-conf
-would do the regular "make install" and then it would automatically create/
-setup all the necessary directories and suricata.yaml for you.
-
- ./configure && make && make install-rules
-
-make install-rules
-would do the regular "make install" and then it would automatically download
-and set up the latest ruleset from Emerging Threats available for Suricata
-
- ./configure && make && make install-full
-
-make install-full
-would combine everything mentioned above (install-conf and install-rules) - and
-will present you with a ready to run (configured and set up) Suricata
-Next, continue with the Basic_Setup.
-Source: http://home.regit.org/?p=478
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation
-
-
-Ubuntu Installation
-
-
-Pre-installation requirements
-
-Before you can build Suricata for your system, run the following command to
-ensure that you have everything you need for the installation.
-
- sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
- build-essential autoconf automake libtool libpcap-dev libnet1-dev \
- libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
- make libmagic-dev
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-IPS
-
-By default, Suricata works as an IDS. If you want to use it as a IDS and IPS
-program, enter:
-
- sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1
- libnfnetlink-dev libnfnetlink0
-
-
-Suricata
-
-To download and build Suricata, enter the following:
-
- wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
- tar -xvzf suricata-1.3.3.tar.gz
- cd suricata-1.3.3
-
-Compile and install the engine
-If you plan to build Suricata with IPS capabilities, enter:
-
- ./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --
- localstatedir=/var
-
-instead of
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
-
-Continue with the next commands:
-
- ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
- make
- sudo make install
- sudo ldconfig
-
-
-Auto setup
-
-You can also use the available auto setup features of Suricata:
-ex:
-
- ./configure && make && make install-conf
-
-make install-conf
-would do the regular "make install" and then it would automatically create/
-setup all the necessary directories and suricata.yaml for you.
-
- ./configure && make && make install-rules
-
-make install-rules
-would do the regular "make install" and then it would automatically download
-and set up the latest ruleset from Emerging Threats available for Suricata
-
- ./configure && make && make install-full
-
-make install-full
-would combine everything mentioned above (install-conf and install-rules) - and
-will present you with a ready to run (configured and set up) Suricata
-Please continue with Basic_Setup.
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation_from_GIT
-
-
-Ubuntu Installation from GIT
-
-In this document will be explained how to install and use the most recent code
-of Suricata on Ubuntu. Installing from GIT on other operating systems is
-basically the same, except that some commands are Ubuntu-specific (like sudo
-and apt-get). In case you are using another operating system, you should
-replace those commands by your operating-specific commands.
-
-Pre-installation requirements
-
-Before you can build Suricata for your system, run the following command to
-ensure that you have everything you need for the installation.
-
- sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
- build-essential autoconf automake libtool libpcap-dev libnet1-dev \
- libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
- make libmagic-dev
-
-
- sudo apt-get install git-core
-
-Depending on the current status of your system, it may take a while to complete
-this process.
-
-HTP
-
-HTP is bundled with Suricata and installed automatically. If you need to
-install HTP manually for other reasons, instructions can be found at HTP
-library_installation.
-
-IPS
-
-By default, Suricata works as an IDS. If you want to use it as a IDS and IPS
-program, enter:
-
- sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1
- libnfnetlink-dev libnfnetlink0
-
-
-Suricata
-
-First, it is convenient to create a directory for Suricata. Name it 'suricata'
-for example. Open the terminal and enter:
-
- mkdir suricata
-
-Followed by:
-
- cd suricata
-
-Next, enter the following line in the terminal:
-
- git clone git://phalanx.openinfosecfoundation.org/oisf.git
-
-
- cd oisf
-
-Followed by:
-
- ./autogen.sh
-
-To configure, please enter:
-
- ./configure
-
-To compile, please enter:
-
- make
-
-To install Suricata, enter:
-
- sudo make install
- sudo ldconfig
-
-
-Auto setup
-
-You can also use the available auto setup features of Suricata:
-ex:
-
- ./configure && make && make install-conf
-
-
-make install-conf
-would do the regular "make install" and then it would automatically create/
-setup all the necessary directories and suricata.yaml for you.
-
- ./configure && make && make install-rules
-
-
-make install-rules
-would do the regular "make install" and then it would automatically download
-and set up the latest ruleset from Emerging Threats available for Suricata
-
- ./configure && make && make install-full
-
-
-make install-full
-would combine everything mentioned above (install-conf and install-rules) - and
-will present you with a ready to run (configured and set up) Suricata
-Please continue with Basic_Setup.
-In case you have already made a map for the most recent code, downloaded the
-code into that map, and want to download recent code again, please enter:
-
- cd suricata/oisf
-
-next, enter:
-
- git pull
-
-After that, you start again at running autogen.
+++ /dev/null
-Autogenerated on 2012-11-29
-from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows
-
-
-Windows
-
-NOTE -
-A new instruction set for Suricata installation (and/or compilation from
-scratch) can be found here:
-https://redmine.openinfosecfoundation.org/projects/suricata/files
-also a windows binary - self extracting auto install package is available here:
-http://www.openinfosecfoundation.org/index.php/download-suricata
-
-Preparing the build environment
-
-The instructions below should be followed in the order they appear. If your
-configuration requires unique actions to compile the package and/or you
-significantly modify the configure shell script, please e-mail the details of
-your requirements and/or solution to bugreports@openinfosecfoundation.org.
-Set up MinGW environment from http://mingw.org/
-Do not use the automatic installer, as it is deprecated. Instead, manually
-unpack the following packages to c:\mingw (you may use newer versions if you
-prefer):
-
-
- * binutils
- o binutils-2.20-1-mingw32-bin.tar.gz
- * mingw-runtime (dev and dll)
- o mingwrt-3.17-mingw32-dll.tar.gz
- o mingwrt-3.17-mingw32-dev.tar.gz
- * w32api
- o w32api-3.14-mingw32-dev.tar.gz
- * Required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads)
- o gmp-4.2.4-mingw32-dll.tar.gz
- o libiconv-1.13.1-1-mingw32-dll-2.tar.lzma
- o mpfr-2.4.1-mingw32-dll.tar.gz
- o pthreads-w32-2.8.0-mingw32-dll.tar.gz
- * gcc-core (bin and dll)
- o gcc-core-4.4.0-mingw32-bin.tar.gz
- o gcc-core-4.4.0-mingw32-dll.tar.gz
- * make
- o make-3.81-20090914-mingw32-bin.tar.gz
- * zlib
- o libz-1.2.3-1-mingw32-dll-1.tar.gz
- + libz-1.2.3-1-mingw32-dev.tar.gz
-
-
-Download MSYS
-
-Get MSYS from http://sourceforge.net/projects/mingw/files/ and install
-
- MSYS-1.0.11.exe (MSYS Base System)
- msysDTK-1.0.1.exe (MSYS Suplementary Tools)
- autoconf-2.63-1-msys-1.0.11-bin.tar.lzma
- automake-1.11-1-msys-1.0.11-bin.tar.lzma
- libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma
-
-MSYS will ask the following questions during installation.
-
- Accept Post Install: [y]
- MinGW Installed? : [y]
- path to MinGW: [c:/MinGW]
-
-
-Download pkg-config
-
-Install pkg-config taken from http://wiki.videolan.org/Win32CompileMSYSNew#PKG-
-CONFIG
-Download and extract the following into c:\Msys\1.0
-
- http://ftp.gnome.org/pub/GNOME/binaries/win32/glib/2.18/glib_2.18.2-
- 1_win32.zip
- ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config_0.23-
- 3_win32.zip
- ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config-
- dev_0.23-3_win32.zip
-
-
- Set PKG_CONFIG_PATH=/win32/lib/pkgconfig
-
-(e.g. by adding the Windows environment variable PKG_CONFIG_PATH in "Control
-Panel"->"System"->"Advanced System Settings"->"Environment Variables" and
-setting the value to /win32/lib/pkgconfig)
-
-Download Git sources
-
-Get Git sources from http://code.google.com/p/msysgit/
-Unpack to /msys/1.0
-Remember to edit ~/.gitconfig to set your username
-
-Download libpcre
-
-Get libpcre from http://www.pcre.org/
-
- ./configure --enable-utf8 --disable-cpp --prefix=/mingw
- make
- make install
-
-
-Download libyaml
-
-Download libyaml from http://pyyaml.org/wiki/LibYAML
-Though libyaml does not support mingw compilation, it does work in static mode.
-
- ./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC"
- make
- make install
-
-
-Download libpcap
-
-Download the developer pack from http://www.winpcap.org/devel.htm
-To have the driver in the system, download and install a corresponding
-installer package from http://www.winpcap.org/install/default.htm
-Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib
-Rename libwpcap.a to libpcap.a
-
-Get and compile Suricata
-
-
- git clone git://phalanx.openinfosecfoundation.org/oisf.git
- cd oisf
-
-Because of an autotools port bug, you will need to do the following:
-
- dos2unix.exe libhtp/configure.ac
- dos2unix.exe libhtp/htp.pc.in
- dos2unix.exe libhtp/Makefile.am
-
- ./autogen.sh
- ./configure CFLAGS="-DYAML_DECLARE_STATIC"
-
-Add --enable-nfqueue as a configurable parameter to enable inline mode.
-
- make
-
-If the full installation is successful, suricata.exe will be located in
-src/.lib. To test your build, you will need libpcre-0.dll, libz-1.dll, and
-pthreadGC2.dll, all of which should already be installed under c:/mingw or c:/
-msys.
-preparing the runtime environment.
-To prepare the runtime environment, you must copy the executable and DLLs to a
-dedicated directory. Get the classification.config and suricata.yaml, and then
-edit suricata.yaml to ensure the directories are correctly identified.
-pcap mode
-If you have not already done so, install winpcap runtime and its driver. Then,
-determine your eth device UUID in the registry:
-
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
- suricata.exe -c suricata.yaml -i \device\
-
-In the example above, device should be replaced with your device uuid.
-
-Inline mode
-
-To operate in inline mode, you must download, compile and install
-netfilterforwin, which is the netfilter.sys driver and Windows port of the
-libnetfilter_queue library.
-Download and install the Windows Driver Kit from Microsoft
-http://www.microsoft.com/downloads/
-details.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff
-Download netfilterforwin from http://sourceforge.net/projects/netfilterforwin/
-Unpack it so the netfilterforwin directory is beside the oisf directory. You
-must omit the version from its name.
-Compile the driver
-Open the correct build environment from your Start menu
-Start > All Programs > Windows Driver Kits > WDK xxxx.yyyy.z > Build
-Environments > Windows Server 2003 > x86 Free Build Environment
-At your command line prompt, enter the following:
-
- cd netfilterforwin/netfilter
- nmake
-
-Install the driver
-Copy inf/* files and the freshly built netfilter.sys to a separate directory,
-and then open the network connections.
-Right-click an interface, then select Properties
-Click install...
-Select Service
-Click Add
-Click Have disk...
-Browse to the directory with the inf files and netfilter.sys, select
-netfilter.inf, and then click Ok.
-Confirm everything
-The driver is now installed.
-Run Suricata in inline mode
-
- suricata.exe -c suricata.yaml -q 0
-
projects / thirdparty / suricata.git / commitdiff
