-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup
To prepare the system for using it, enter:
- cd /etc
-
-Followed by:
-
- sudo mkdir suricata
-
-In this example the directory created is named 'suricata'. It is possible to
-choose the name you prefer.
-Then enter:
-
- cd ~/suricata/oisf
+ sudo mkdir /etc/suricata
The next step is to copy classification.config, reference.config and
-suricata.yaml from the oisf directory to the /etc/suricata directory. Do so by
-entering the following:
+suricata.yaml from the base build/installation directory (ex. from git it will
+be the oisf directory) to the /etc/suricata directory. Do so by entering the
+following:
sudo cp classification.config /etc/suricata
sudo cp reference.config /etc/suricata
sudo cp suricata.yaml /etc/suricata
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
+
Setting variables
Make sure every variable of the vars, address-groups and port-groups in the
-yaml file is set correctly for your needs.
-You need to set the ip-address(es) of your home network at HOME_NET.
-It is recommended to set EXTERNAL_NET to !$HOMENET_NET. This way, every ip-
-address but the
-one set at HOME_NET will be treated as external.
-It is also possible to set EXTERNAL_NET to 'any', only the recommended setting
-is more precise and lowers the change that false positives will be generated.
-HTTP_SERVERS, SMTP_SERVERS , SQL_SERVERS , DNS_SERVERS and TELNET_SERVERS are
-by default set to HOME_NET. AIM_SERVERS is by default set at 'any'. These
-variables have to be set for servers on your network.
-All settings have to be set precise to let it have a more accurate effect.
+yaml file is set correctly for your needs. A full explanation is available in
+the Rule_vars_section_of_the_yaml. You need to set the ip-address(es) of your
+local network at HOME_NET. It is recommended to set EXTERNAL_NET to !$HOME_NET.
+This way, every ip-address but the one set at HOME_NET will be treated as
+external. It is also possible to set EXTERNAL_NET to 'any', only the
+recommended setting is more precise and lowers the change that false positives
+will be generated. HTTP_SERVERS, SMTP_SERVERS , SQL_SERVERS , DNS_SERVERS and
+TELNET_SERVERS are by default set to HOME_NET. AIM_SERVERS is by default set at
+'any'. These variables have to be set for servers on your network. All settings
+have to be set to let it have a more accurate effect.
Next, make sure the following ports are set to your needs: HTTP_PORTS,
SHELLCODE_PORTS, ORACLE_PORTS and SSH_PORTS.
-In the near future you can set the host-os-policy to your needs.
+Finally, set the host-os-policy to your needs. See Host_OS_Policy_in_the_yaml
+for a full explanation.
windows:[]
bsd: []
- bsd_right: []
- old_linux: []
+ bsd-right: []
+ old-linux: []
linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:
0000"]
- old_solaris: []
+ old-solaris: []
solaris: ["::1"]
hpux10: []
hpux11: []
vista: []
windows2k3: []
+Note that bug #499 may prevent you from setting old-linux, bsd-right and old-
+solaris right now.
Interface cards
sudo suricata -c /etc/suricata/suricata.yaml -i wlan0
Instead of wlan0, you can enter the interface card of your preference.
-To see if the engine is working correctly and registrates traffic, enter:
+To see if the engine is working correctly and receives and inspects traffic,
+enter:
cd /var/log/suricata
And:
- tail -n 33 stats.log
+ tail -n 50 stats.log
-To make sure the information displayed is up-dated, enter before http.log and
-stats.log:
+To make sure the information displayed is up-dated in real time, use the -
+f option before http.log and stats.log:
- tail -f http.log
+ tail -f http.log stats.log
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS5
To download and build Suricata, enter the following:
- wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
- tar -xvzf suricata-1.0.5.tar.gz
- cd suricata-1.0.5
+ wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
+ tar -xvzf suricata-1.3.3.tar.gz
+ cd suricata-1.3.3
If you are building from Git sources, enter all the following commands:
If you are not building from Git sources, enter only:
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
Please continue with the Basic_Setup.
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_56_Installation
You will have to use the Fedora EPEL repository for some packages to enable
this repository. It is the same for i386 and x86_64:
- sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-
- release-5-4.noarch.rpm
+ sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-
+ 4.noarch.rpm
Before you can build Suricata for your system, run the following command to
ensure that you have everything you need for the installation.
To download and build Suricata, enter the following:
- wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
- tar -xvzf suricata-1.0.5.tar.gz
- cd suricata-1.0.5
+ wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
+ tar -xvzf suricata-1.3.3.tar.gz
+ cd suricata-1.3.3
If you are building from Git sources, enter all the following commands:
If you are not building from Git sources, enter only:
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
Please continue with the Basic_Setup.
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation
apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
- libyaml-0-1 libyaml-dev zlib1g zlib1g-dev
+ libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
+ pkg-config
Depending on the current status of your system, it may take a while to complete
this process.
To download and build Suricata, enter the following:
- wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
- tar -xvzf suricata-1.0.5.tar.gz
- cd suricata-1.0.5/
+ wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
+ tar -xvzf suricata-1.3.3.tar.gz
+ cd suricata-1.3.3
Compile and install the program
If you plan to build Suricata with IPS capabilities, enter:
- ./configure --enable-nfqueue
+ ./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --
+ localstatedir=/var
instead of
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
Continue with the next commands:
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
make install
ldconfig
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
Please continue with the Basic_Setup.
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Fedora_Core
-Fedora Core
+Fedora
pre-installation requirements
sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre \
pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml \
- libyaml-devel zlib zlib-devel libcap-ng libcap-ng-devel
+ libyaml-devel zlib zlib-devel libcap-ng libcap-ng-devel file-devel file
Depending on the current status of your system, it may take a while to complete
this process.
To download and build Suricata, enter the following:
- wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
- tar -xvzf suricata-1.0.5.tar.gz
- cd suricata-1.0.5
+ wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
+ tar -xvzf suricata-1.3.3.tar.gz
+ cd suricata-1.3.3
If you are building from Git sources, enter all the following commands:
If you are not building from Git sources, enter only the following:
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
Please continue with the Basic_Setup.
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/FreeBSD_8
-FreeBSD 8
+FreeBSD 8 & 9
Pre-installation requirements
ensure that you have everything you need for the installation.
Make sure you enter all commands as root/super-user, otherwise it will not
work.
+For FreeBSD 8:
pkg_add -r autoconf262 automake19 gcc45 libyaml pcre libtool \
libnet11 libpcap gmake
+For FreeBSD 9.0:
+
+ pkg_add -r autoconf268 automake111 gcc libyaml pcre libtool \
+ libnet11 libpcap gmake
+
Depending on the current status of your system, it may take a while to complete
this process.
To download and build Suricata, enter the following:
- wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
- tar -xvzf suricata-1.0.5.tar.gz
- cd suricata-1.0.5
+ wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
+ tar -xvzf suricata-1.3.3.tar.gz
+ cd suricata-1.3.3
If you are building from Git sources, enter all the following commands until
the end of this file:
If you are not building from Git sources, do not enter the above mentioned
commands. Continue enter the following:
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
make install
zerocopy bpf
sysctl net.bpf.zerocopy_enable=1
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
Please continue with the Basic_Setup.
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTP_library_installation
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PCRE-JIT
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6
PF_RING
-Get latest PF_RING from http://sourceforge.net/projects/ntop/files/PF_RING/.
-For example (v4.7.1 is necessary for Suricata 1.1beta2):
+Go to your download directory and get the latest PF_RING:
- wget http://sourceforge.net/projects/ntop/files/PF_RING/PF_RING-4.7.1.tar.gz/
- download
- tar -xzvf PF_RING-4.7.1.tar.gz
- cd PF_RING-4.7.1/
+ svn export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ pfring-svn-
+ latest
-Next, build & install kernel and userland:
+Compile and install
+Next, enter the following commands for configuration and installation:
- make
- cd kernel; make install
- cd ../userland/lib; make install
+ cd pfring-svn-latest/kernel
+ make && sudo make install
+ cd ../userland/lib
+ ./configure --prefix=/usr/local/pfring && make && sudo make install
+ cd ../libpcap-1.1.1-ring
+ ./configure --prefix=/usr/local/pfring && make && sudo make install
+ cd ../tcpdump-4.1.1
+ ./configure --prefix=/usr/local/pfring && make && sudo make install
Load the pf_ring kernel module:
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_on_Scientific_Linux_6
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_on_Ubuntu_server_1104
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_PF_RING
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Mac_OS_X_106x
If you would like to have IPS capabilities with IPFW, then you should run
configure like this:
- ./configure --enable-ipfw
+ ./configure --enable-ipfw --prefix=/usr --sysconfdir=/etc --localstatedir=/
+ var
and execute the rest of the commands the same as above.
To download and build Suricata, enter the following:
- wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
- tar -xvzf suricata-1.0.5.tar.gz
- cd suricata-1.0.5
+ wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
+ tar -xvzf suricata-1.3.3.tar.gz
+ cd suricata-1.3.3
You will also need to have an ipfw rule set for the engine to see the packets
from ipfw. For example:
If you are not building from Git sources, enter the following:
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/OpenBSD_Installation_from_GIT
make
make install
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
Next, continue with the Basic_Setup.
Source: http://home.regit.org/?p=478
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Third_Party_Installation_Guides
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
- make
+ make libmagic-dev
Depending on the current status of your system, it may take a while to complete
this process.
To download and build Suricata, enter the following:
- wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
- tar -xvzf suricata-1.0.5.tar.gz
- cd suricata-1.0.5/
+ wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
+ tar -xvzf suricata-1.3.3.tar.gz
+ cd suricata-1.3.3
Compile and install the engine
If you plan to build Suricata with IPS capabilities, enter:
- ./configure --enable-nfqueue
+ ./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --
+ localstatedir=/var
instead of
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
Continue with the next commands:
- ./configure
+ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install
sudo ldconfig
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
Please continue with Basic_Setup.
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation_from_GIT
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
- make
+ make libmagic-dev
sudo apt-get install git-core
sudo make install
sudo ldconfig
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+ ./configure && make && make install-conf
+
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+ ./configure && make && make install-rules
+
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+ ./configure && make && make install-full
+
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
Please continue with Basic_Setup.
In case you have already made a map for the most recent code, downloaded the
code into that map, and want to download recent code again, please enter:
-Autogenerated on 2012-01-11
+Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows
Windows
+NOTE -
+A new instruction set for Suricata installation (and/or compilation from
+scratch) can be found here:
+https://redmine.openinfosecfoundation.org/projects/suricata/files
+also a windows binary - self extracting auto install package is available here:
+http://www.openinfosecfoundation.org/index.php/download-suricata
Preparing the build environment
projects / thirdparty / suricata.git / commitdiff
