[DPI][suricata] suricata-4.0.3 安装部署
suricata 很值得借鉴。但是首先还是要安装使用,作为第一步的熟悉。
安装文档:https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation
1. 先做个虚拟机:
┬─[tong@T7:~/VM/suricata-centos7]─[:: AM]
╰─>$ cat start.sh
#! /usr/bin/bash sudo qemu-system-x86_64 -enable-kvm -nographic -vnc 127.0.0.1: \
-m 2G -drive file=disk.img,if=virtio \
-name suricata \
-device virtio-net-pci,netdev=dev0,mac='00:00:00:09:00:00' \
-netdev tap,ifname=tap-suricata-ctrl,vhost=on,queues=,id=dev0 \
-cdrom /home/tong/Data/ISO/CentOS--x86_64-DVD-.iso \
&
2. 安装操作系统CentOS7
使用的版本:CentOS-7-x86_64-DVD-1708.iso 安装 infrastructure server
3. 安装必要的依赖
yum install gcc
yum install pcre-devel
yum install libyaml-devel
yum install libpcap-devel
yum install lua-devel
yum search zlib-devel
4. 从源码编译安装
版本:suricata-4.0.3.tar.gz
编译安装:
[root@suricata suricata-4.0.]# ./configure --prefix=/suricata/usr --sysconfdir=/suricata/etc --localstatedir=/suricata/var --enable-nfqueue --enable-lua
[root@suricata suricata-4.0.]# mak
[root@suricata suricata-4.0.]# make install
都安装了哪些东西?
[root@suricata suricata]# tree
.
└── usr
├── bin
│ ├── suricata
│ └── suricatasc
├── include
│ └── htp
│ ├── bstr_builder.h
│ ├── bstr.h
│ ├── htp_base64.h
│ ├── htp_config.h
│ ├── htp_connection_parser.h
│ ├── htp_core.h
│ ├── htp_decompressors.h
│ ├── htp.h
│ ├── htp_hooks.h
│ ├── htp_list.h
│ ├── htp_multipart.h
│ ├── htp_table.h
│ ├── htp_transaction.h
│ ├── htp_urlencoded.h
│ ├── htp_utf8_decoder.h
│ └── htp_version.h
├── lib
│ ├── libhtp.a
│ ├── libhtp.la
│ ├── libhtp.so -> libhtp.so.2.0.
│ ├── libhtp.so. -> libhtp.so.2.0.
│ ├── libhtp.so.2.0.
│ ├── pkgconfig
│ │ └── htp.pc
│ └── python2.
│ └── site-packages
│ ├── suricatasc
│ │ ├── __init__.py
│ │ ├── __init__.pyc
│ │ ├── suricatasc.py
│ │ └── suricatasc.pyc
│ └── suricatasc-0.9-py2..egg-info
└── share
├── doc
│ └── suricata
│ ├── AUTHORS
│ ├── Basic_Setup.txt
│ ├── CentOS_56_Installation.txt
│ ├── CentOS5.txt
│ ├── Debian_Installation.txt
│ ├── Fedora_Core.txt
│ ├── FreeBSD_8.txt
│ ├── GITGUIDE
│ ├── HTP_library_installation.txt
│ ├── INSTALL
│ ├── Installation_from_GIT_with_PCRE-JIT.txt
│ ├── Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104.txt
│ ├── Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6.txt
│ ├── Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt
│ ├── Installation_with_CUDA_on_Scientific_Linux_6.txt
│ ├── Installation_with_CUDA_on_Ubuntu_server_1104.txt
│ ├── Installation_with_PF_RING.txt
│ ├── INSTALL.PF_RING
│ ├── INSTALL.WINDOWS
│ ├── Mac_OS_X_106x.txt
│ ├── NEWS
│ ├── OpenBSD_Installation_from_GIT.txt
│ ├── README
│ ├── Setting_up_IPSinline_for_Linux.txt
│ ├── Third_Party_Installation_Guides.txt
│ ├── TODO
│ ├── Ubuntu_Installation_from_GIT.txt
│ ├── Ubuntu_Installation.txt
│ └── Windows.txt
└── man
└── man1
└── suricata. directories, files
[root@suricata suricata]#
有个man手册,因为我没有直接安装在根目录,所以可以这样打开:
[root@suricata suricata]# man -M /suricata/usr/share/man/ suricata
装完了是没法运行的,还需要配置。自动化配置:
[root@suricata suricata-4.0.3]# make install-conf
install -d "/suricata/etc/suricata/"
install -d "/suricata/var/log/suricata/files"
install -d "/suricata/var/log/suricata/certs"
install -d "/suricata/var/run/"
install -m 770 -d "/suricata/var/run/suricata"
那么,部署了哪些东西呢?
[root@suricata suricata-4.0.]# diff org install-conf
74a75,
> /suricata/etc
> /suricata/etc/suricata
> /suricata/etc/suricata/suricata.yaml
> /suricata/etc/suricata/classification.config
> /suricata/etc/suricata/reference.config
> /suricata/etc/suricata/threshold.config
> /suricata/var
> /suricata/var/log
> /suricata/var/log/suricata
> /suricata/var/log/suricata/files
> /suricata/var/log/suricata/certs
> /suricata/var/run
> /suricata/var/run/suricata
[root@suricata suricata-4.0.]#
启动:
[root@suricata ~]# /suricata/usr/bin/suricata -c /suricata/etc/suricata/suricata.yaml -i eth0
// -- :: - <Notice> - This is Suricata version 4.0. RELEASE
// -- :: - <Warning> - [ERRCODE: SC_ERR_NO_RULES()] - No rule files match the pattern /suricata/etc/suricata/rules/botcc.rules
// -- :: - <Warning> - [ERRCODE: SC_ERR_NO_RULES()] - No rule files match the pattern /suricata/etc/suricata/rules/ciarmy.rules
// -- :: - <Warning> - [ERRCODE: SC_ERR_NO_RULES()] - No rule files match the pattern /suricata/etc/suricata/rules/compromised.rules
... ...
安装规则:
在安装的过程中,程序会从网络上,下载最新的规则进行安装。
[root@suricata suricata-4.0.]# make install-rules
install -d "/suricata/etc/suricata/rules"
/usr/bin/wget -qO - https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz | tar -x -z -C "/suricata/etc/suricata/" -f - You can now start suricata by running as root something like '/suricata/usr/bin/suricata -c /suricata/etc/suricata//suricata.yaml -i eth0'. If a library like libhtp.so is not found, you can run suricata with:
'LD_LIBRARY_PATH=/suricata/usr/lib /suricata/usr/bin/suricata -c /suricata/etc/suricata//suricata.yaml -i eth0'. While rules are installed now, it's highly recommended to use a rule manager for maintaining rules.
The two most common are Oinkmaster and Pulledpork. For a guide see:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
引申一下: 这里提到了rule manager, 基本上来说,就是用来更新规则的, 可以参考阅读:
http://suricata.readthedocs.io/en/latest/rule-management/index.html
安装规则的时候, 都安装了些什么东西呢?
[root@suricata ~]# diff old new
80a81,
> /suricata/etc/suricata/rules
> /suricata/etc/suricata/rules/emerging-ftp.rules
> /suricata/etc/suricata/rules/emerging-activex.rules
> /suricata/etc/suricata/rules/dshield.rules
> /suricata/etc/suricata/rules/emerging-pop3.rules
> /suricata/etc/suricata/rules/emerging-web_specific_apps.rules
> /suricata/etc/suricata/rules/emerging-icmp.rules
> /suricata/etc/suricata/rules/suricata-1.3-etpro-etnamed.yaml
> /suricata/etc/suricata/rules/emerging-scan.rules
> /suricata/etc/suricata/rules/emerging-current_events.rules
> /suricata/etc/suricata/rules/emerging-imap.rules
> /suricata/etc/suricata/rules/emerging-sql.rules
> /suricata/etc/suricata/rules/emerging-p2p.rules
> /suricata/etc/suricata/rules/drop.rules
> /suricata/etc/suricata/rules/emerging-worm.rules
> /suricata/etc/suricata/rules/suricata-1.3-open.yaml
> /suricata/etc/suricata/rules/emerging-snmp.rules
> /suricata/etc/suricata/rules/emerging-scada.rules
> /suricata/etc/suricata/rules/emerging-malware.rules
> /suricata/etc/suricata/rules/emerging-trojan.rules
> /suricata/etc/suricata/rules/emerging-inappropriate.rules
> /suricata/etc/suricata/rules/emerging-shellcode.rules
> /suricata/etc/suricata/rules/BSD-License.txt
> /suricata/etc/suricata/rules/botcc.portgrouped.rules
> /suricata/etc/suricata/rules/emerging-smtp.rules
> /suricata/etc/suricata/rules/emerging-web_server.rules
> /suricata/etc/suricata/rules/emerging-web_client.rules
> /suricata/etc/suricata/rules/compromised.rules
> /suricata/etc/suricata/rules/emerging-netbios.rules
> /suricata/etc/suricata/rules/botcc.rules
> /suricata/etc/suricata/rules/ciarmy.rules
> /suricata/etc/suricata/rules/emerging-tftp.rules
> /suricata/etc/suricata/rules/classification.config
> /suricata/etc/suricata/rules/rbn.rules
> /suricata/etc/suricata/rules/emerging.conf
> /suricata/etc/suricata/rules/emerging-attack_response.rules
> /suricata/etc/suricata/rules/emerging-deleted.rules
> /suricata/etc/suricata/rules/emerging-mobile_malware.rules
> /suricata/etc/suricata/rules/emerging-rpc.rules
> /suricata/etc/suricata/rules/tor.rules
> /suricata/etc/suricata/rules/rbn-malvertisers.rules
> /suricata/etc/suricata/rules/emerging-icmp_info.rules
> /suricata/etc/suricata/rules/emerging-exploit.rules
> /suricata/etc/suricata/rules/emerging-telnet.rules
> /suricata/etc/suricata/rules/emerging-user_agents.rules
> /suricata/etc/suricata/rules/gpl-2.0.txt
> /suricata/etc/suricata/rules/decoder-events.rules
> /suricata/etc/suricata/rules/stream-events.rules
> /suricata/etc/suricata/rules/smtp-events.rules
> /suricata/etc/suricata/rules/http-events.rules
> /suricata/etc/suricata/rules/dns-events.rules
> /suricata/etc/suricata/rules/tls-events.rules
> /suricata/etc/suricata/rules/modbus-events.rules
> /suricata/etc/suricata/rules/app-layer-events.rules
> /suricata/etc/suricata/rules/dnp3-events.rules
> /suricata/etc/suricata/rules/emerging-info.rules
> /suricata/etc/suricata/rules/emerging-chat.rules
> /suricata/etc/suricata/rules/LICENSE
> /suricata/etc/suricata/rules/emerging-misc.rules
> /suricata/etc/suricata/rules/suricata-4.0-enhanced-open.txt
> /suricata/etc/suricata/rules/reference.config
> /suricata/etc/suricata/rules/gen-msg.map
> /suricata/etc/suricata/rules/emerging-policy.rules
> /suricata/etc/suricata/rules/emerging-dns.rules
> /suricata/etc/suricata/rules/unicode.map
> /suricata/etc/suricata/rules/compromised-ips.txt
> /suricata/etc/suricata/rules/emerging-voip.rules
> /suricata/etc/suricata/rules/suricata-1.2-prior-open.yaml
> /suricata/etc/suricata/rules/emerging-games.rules
> /suricata/etc/suricata/rules/emerging-dos.rules
> /suricata/etc/suricata/rules/sid-msg.map
[root@suricata ~]#
再次启动:
[root@suricata ~]# /suricata/usr/bin/suricata -c /suricata/etc/suricata/suricata.yaml -i eth0
// -- :: - <Notice> - This is Suricata version 4.0. RELEASE
// -- :: - <Notice> - all packet processing threads, management threads initialized, engine started.
至此, 安装部署启动已完成.
下一篇:
一篇参考文章,还不错 : 构建基于Suricata+Splunk的IDS入侵检测系统
http://www.cnblogs.com/ssooking/p/IDS.html
[DPI][suricata] suricata-4.0.3 安装部署的更多相关文章
- Storm-0.9.0.1安装部署 指导
可以带着下面问题来阅读本文章: 1.Storm只支持什么传输 2.通过什么配置,可以更改Zookeeper默认端口 3.Storm UI必须和Storm Nimbus部署在同一台机器上,UI无法正常工 ...
- kafka_2.11-2.0.0_安装部署
参考博文:kafka 配置文件参数详解 参考博文:Kafka[第一篇]Kafka集群搭建 参考博文:如何为Kafka集群选择合适的Partitions数量 参考博文:Kafka Server.prop ...
- 大数据篇:DolphinScheduler-1.2.0.release安装部署
大数据篇:DolphinScheduler-1.2.0.release安装部署 1 配置jdk #查看命令 rpm -qa | grep java #删除命令 rpm -e --nodeps xxx ...
- zabbix4.0.1 安装部署
zabbix安装部署 目录 一.环境准备... 3 1.1.版本:... 3 1.2.部署环境... 3 二.安装部署... 3 2.1.zabbix安装... 3 2.1.1.下载zabbix的rp ...
- presto 0.166安装部署
系统:linux java:jdk 8,64-bit Connector:hive 分布式,node1-3 node1:Coordinator . Discovery service node2-3: ...
- Hbase-2.0.0_01_安装部署
该文章是基于 Hadoop2.7.6_01_部署 进行的 1. 主机规划 主机名称 IP信息 内网IP 操作系统 安装软件 备注:运行程序 mini01 10.0.0.11 172.16.1.11 C ...
- Hadoop1.0.3安装部署
0x00 大数据平台相关链接 官网:http://hadoop.apache.org/ 主要参考教程:http://www.cnblogs.com/xia520pi/archive/2012/05/1 ...
- jumperserver3.0的安装部署
适用于jumperserver版本:v0.3.1-2 官网:http://www.jumpserver.org/ 系统:centos7.2 基本安装 备注:如果是centos系统最好使用基本安装,否 ...
- zabbix3.0.4安装部署与SendEmail报警配置
MySQL:5.6.21 nginx:1.62 PHP:5.7 pcre:8.32 zabbix:3.0.4 LNMP安装步骤略过 # tar xvf zabbix-3.0.4.tar.gz # cd ...
随机推荐
- 9-8-B树-查找-第9章-《数据结构》课本源码-严蔚敏吴伟民版
课本源码部分 第9章 查找 - B树 ——<数据结构>-严蔚敏.吴伟民版 源码使用说明 链接☛☛☛ <数据结构-C语言版>(严蔚敏,吴伟民版)课本源码+习题集 ...
- 【Java多线程】JDK1.5并发包API杂谈
并发与并行 并发 一个或多个处理器执行更多的任务(通过划分时间片来执行更多的任务),从逻辑上实现同时运行: 如,N个并发请求在一个两核CPU上: 并行 N个处理器分别同时执行N个任务,从物理上实现同时 ...
- Asp.Net WebApi swagger使用教程
swagger简介 别名:丝袜哥 功能:用于生产api文档 swagger安装 Nuget搜索swagger,然后安装Swashbuckle swagger使用 生成api的xml文档 webapi项 ...
- java框架篇---hibernate(一对一)映射关系
对象-关系映射(Object/Relation Mapping,简称ORM),是随着面向对象的软件开发方法发展而产生的,是一种为了解决面向对象与关系数据库存在的互不匹配的现象的技术,本质上就是将数据从 ...
- 【iCore1S 双核心板_FPGA】例程十一:Modelsim仿真实验
实验现象: 通过仿真波形,分析输入与输出的关系,可以清晰的看到所添加信号波形的变化与程序所写的一致. 核心代码: module modelsim( input CLK_12M, output FPGA ...
- java 中使用log4j
一.控制台使用 1.导入log4j包到工程中 2.配置: log4j.rootLogger=DEBUG,console,R log4j.appender.console=org.apache.log4 ...
- Redis系统性介绍
虽然Redis已经很火了,相信还是有很多同学对Redis只是有所听闻或者了解并不全面,下面是一个比较系统的Redis介绍,对Redis的特性及各种数据类型及操作进行了介绍.是一个很不错的Redis入门 ...
- 编写具有临时root权限的应用
本文以dpkg为例进行演示 关于setuid具体原理可查阅<Unix高级环境编程>“进程控制”章节关于“设置用户id和设置组id”的介绍 1. 首先需要通过setuid(0),让程序获取临 ...
- [JS] Topic - why "strict mode" here
Ref: Javascript 严格模式详解 使得Javascript在更严格的条件下运行: - 消除Javascript语法的一些不合理.不严谨之处,减少一些怪异行为; - 消除代码运行的一些不安全 ...
- c# 二十四小时制
是显示数据时时间格式化12小时制的问题 HH为24小时制 DataFormatString="{0:yyyy-MM-dd HH:mm:ss}" hh为12小时制 DataForma ...