[DPI][suricata] suricata-4.0.3 安装部署
suricata 很值得借鉴。但是首先还是要安装使用,作为第一步的熟悉。
安装文档:https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation
1. 先做个虚拟机:
┬─[tong@T7:~/VM/suricata-centos7]─[:: AM]
╰─>$ cat start.sh
#! /usr/bin/bash sudo qemu-system-x86_64 -enable-kvm -nographic -vnc 127.0.0.1: \
-m 2G -drive file=disk.img,if=virtio \
-name suricata \
-device virtio-net-pci,netdev=dev0,mac='00:00:00:09:00:00' \
-netdev tap,ifname=tap-suricata-ctrl,vhost=on,queues=,id=dev0 \
-cdrom /home/tong/Data/ISO/CentOS--x86_64-DVD-.iso \
&
2. 安装操作系统CentOS7
使用的版本:CentOS-7-x86_64-DVD-1708.iso 安装 infrastructure server
3. 安装必要的依赖
yum install gcc
yum install pcre-devel
yum install libyaml-devel
yum install libpcap-devel
yum install lua-devel
yum search zlib-devel
4. 从源码编译安装
版本:suricata-4.0.3.tar.gz
编译安装:
[root@suricata suricata-4.0.]# ./configure --prefix=/suricata/usr --sysconfdir=/suricata/etc --localstatedir=/suricata/var --enable-nfqueue --enable-lua
[root@suricata suricata-4.0.]# mak
[root@suricata suricata-4.0.]# make install
都安装了哪些东西?
[root@suricata suricata]# tree
.
└── usr
├── bin
│ ├── suricata
│ └── suricatasc
├── include
│ └── htp
│ ├── bstr_builder.h
│ ├── bstr.h
│ ├── htp_base64.h
│ ├── htp_config.h
│ ├── htp_connection_parser.h
│ ├── htp_core.h
│ ├── htp_decompressors.h
│ ├── htp.h
│ ├── htp_hooks.h
│ ├── htp_list.h
│ ├── htp_multipart.h
│ ├── htp_table.h
│ ├── htp_transaction.h
│ ├── htp_urlencoded.h
│ ├── htp_utf8_decoder.h
│ └── htp_version.h
├── lib
│ ├── libhtp.a
│ ├── libhtp.la
│ ├── libhtp.so -> libhtp.so.2.0.
│ ├── libhtp.so. -> libhtp.so.2.0.
│ ├── libhtp.so.2.0.
│ ├── pkgconfig
│ │ └── htp.pc
│ └── python2.
│ └── site-packages
│ ├── suricatasc
│ │ ├── __init__.py
│ │ ├── __init__.pyc
│ │ ├── suricatasc.py
│ │ └── suricatasc.pyc
│ └── suricatasc-0.9-py2..egg-info
└── share
├── doc
│ └── suricata
│ ├── AUTHORS
│ ├── Basic_Setup.txt
│ ├── CentOS_56_Installation.txt
│ ├── CentOS5.txt
│ ├── Debian_Installation.txt
│ ├── Fedora_Core.txt
│ ├── FreeBSD_8.txt
│ ├── GITGUIDE
│ ├── HTP_library_installation.txt
│ ├── INSTALL
│ ├── Installation_from_GIT_with_PCRE-JIT.txt
│ ├── Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104.txt
│ ├── Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6.txt
│ ├── Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt
│ ├── Installation_with_CUDA_on_Scientific_Linux_6.txt
│ ├── Installation_with_CUDA_on_Ubuntu_server_1104.txt
│ ├── Installation_with_PF_RING.txt
│ ├── INSTALL.PF_RING
│ ├── INSTALL.WINDOWS
│ ├── Mac_OS_X_106x.txt
│ ├── NEWS
│ ├── OpenBSD_Installation_from_GIT.txt
│ ├── README
│ ├── Setting_up_IPSinline_for_Linux.txt
│ ├── Third_Party_Installation_Guides.txt
│ ├── TODO
│ ├── Ubuntu_Installation_from_GIT.txt
│ ├── Ubuntu_Installation.txt
│ └── Windows.txt
└── man
└── man1
└── suricata. directories, files
[root@suricata suricata]#
有个man手册,因为我没有直接安装在根目录,所以可以这样打开:
[root@suricata suricata]# man -M /suricata/usr/share/man/ suricata
装完了是没法运行的,还需要配置。自动化配置:
[root@suricata suricata-4.0.3]# make install-conf
install -d "/suricata/etc/suricata/"
install -d "/suricata/var/log/suricata/files"
install -d "/suricata/var/log/suricata/certs"
install -d "/suricata/var/run/"
install -m 770 -d "/suricata/var/run/suricata"
那么,部署了哪些东西呢?
[root@suricata suricata-4.0.]# diff org install-conf
74a75,
> /suricata/etc
> /suricata/etc/suricata
> /suricata/etc/suricata/suricata.yaml
> /suricata/etc/suricata/classification.config
> /suricata/etc/suricata/reference.config
> /suricata/etc/suricata/threshold.config
> /suricata/var
> /suricata/var/log
> /suricata/var/log/suricata
> /suricata/var/log/suricata/files
> /suricata/var/log/suricata/certs
> /suricata/var/run
> /suricata/var/run/suricata
[root@suricata suricata-4.0.]#
启动:
[root@suricata ~]# /suricata/usr/bin/suricata -c /suricata/etc/suricata/suricata.yaml -i eth0
// -- :: - <Notice> - This is Suricata version 4.0. RELEASE
// -- :: - <Warning> - [ERRCODE: SC_ERR_NO_RULES()] - No rule files match the pattern /suricata/etc/suricata/rules/botcc.rules
// -- :: - <Warning> - [ERRCODE: SC_ERR_NO_RULES()] - No rule files match the pattern /suricata/etc/suricata/rules/ciarmy.rules
// -- :: - <Warning> - [ERRCODE: SC_ERR_NO_RULES()] - No rule files match the pattern /suricata/etc/suricata/rules/compromised.rules
... ...
安装规则:
在安装的过程中,程序会从网络上,下载最新的规则进行安装。
[root@suricata suricata-4.0.]# make install-rules
install -d "/suricata/etc/suricata/rules"
/usr/bin/wget -qO - https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz | tar -x -z -C "/suricata/etc/suricata/" -f - You can now start suricata by running as root something like '/suricata/usr/bin/suricata -c /suricata/etc/suricata//suricata.yaml -i eth0'. If a library like libhtp.so is not found, you can run suricata with:
'LD_LIBRARY_PATH=/suricata/usr/lib /suricata/usr/bin/suricata -c /suricata/etc/suricata//suricata.yaml -i eth0'. While rules are installed now, it's highly recommended to use a rule manager for maintaining rules.
The two most common are Oinkmaster and Pulledpork. For a guide see:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
引申一下: 这里提到了rule manager, 基本上来说,就是用来更新规则的, 可以参考阅读:
http://suricata.readthedocs.io/en/latest/rule-management/index.html
安装规则的时候, 都安装了些什么东西呢?
[root@suricata ~]# diff old new
80a81,
> /suricata/etc/suricata/rules
> /suricata/etc/suricata/rules/emerging-ftp.rules
> /suricata/etc/suricata/rules/emerging-activex.rules
> /suricata/etc/suricata/rules/dshield.rules
> /suricata/etc/suricata/rules/emerging-pop3.rules
> /suricata/etc/suricata/rules/emerging-web_specific_apps.rules
> /suricata/etc/suricata/rules/emerging-icmp.rules
> /suricata/etc/suricata/rules/suricata-1.3-etpro-etnamed.yaml
> /suricata/etc/suricata/rules/emerging-scan.rules
> /suricata/etc/suricata/rules/emerging-current_events.rules
> /suricata/etc/suricata/rules/emerging-imap.rules
> /suricata/etc/suricata/rules/emerging-sql.rules
> /suricata/etc/suricata/rules/emerging-p2p.rules
> /suricata/etc/suricata/rules/drop.rules
> /suricata/etc/suricata/rules/emerging-worm.rules
> /suricata/etc/suricata/rules/suricata-1.3-open.yaml
> /suricata/etc/suricata/rules/emerging-snmp.rules
> /suricata/etc/suricata/rules/emerging-scada.rules
> /suricata/etc/suricata/rules/emerging-malware.rules
> /suricata/etc/suricata/rules/emerging-trojan.rules
> /suricata/etc/suricata/rules/emerging-inappropriate.rules
> /suricata/etc/suricata/rules/emerging-shellcode.rules
> /suricata/etc/suricata/rules/BSD-License.txt
> /suricata/etc/suricata/rules/botcc.portgrouped.rules
> /suricata/etc/suricata/rules/emerging-smtp.rules
> /suricata/etc/suricata/rules/emerging-web_server.rules
> /suricata/etc/suricata/rules/emerging-web_client.rules
> /suricata/etc/suricata/rules/compromised.rules
> /suricata/etc/suricata/rules/emerging-netbios.rules
> /suricata/etc/suricata/rules/botcc.rules
> /suricata/etc/suricata/rules/ciarmy.rules
> /suricata/etc/suricata/rules/emerging-tftp.rules
> /suricata/etc/suricata/rules/classification.config
> /suricata/etc/suricata/rules/rbn.rules
> /suricata/etc/suricata/rules/emerging.conf
> /suricata/etc/suricata/rules/emerging-attack_response.rules
> /suricata/etc/suricata/rules/emerging-deleted.rules
> /suricata/etc/suricata/rules/emerging-mobile_malware.rules
> /suricata/etc/suricata/rules/emerging-rpc.rules
> /suricata/etc/suricata/rules/tor.rules
> /suricata/etc/suricata/rules/rbn-malvertisers.rules
> /suricata/etc/suricata/rules/emerging-icmp_info.rules
> /suricata/etc/suricata/rules/emerging-exploit.rules
> /suricata/etc/suricata/rules/emerging-telnet.rules
> /suricata/etc/suricata/rules/emerging-user_agents.rules
> /suricata/etc/suricata/rules/gpl-2.0.txt
> /suricata/etc/suricata/rules/decoder-events.rules
> /suricata/etc/suricata/rules/stream-events.rules
> /suricata/etc/suricata/rules/smtp-events.rules
> /suricata/etc/suricata/rules/http-events.rules
> /suricata/etc/suricata/rules/dns-events.rules
> /suricata/etc/suricata/rules/tls-events.rules
> /suricata/etc/suricata/rules/modbus-events.rules
> /suricata/etc/suricata/rules/app-layer-events.rules
> /suricata/etc/suricata/rules/dnp3-events.rules
> /suricata/etc/suricata/rules/emerging-info.rules
> /suricata/etc/suricata/rules/emerging-chat.rules
> /suricata/etc/suricata/rules/LICENSE
> /suricata/etc/suricata/rules/emerging-misc.rules
> /suricata/etc/suricata/rules/suricata-4.0-enhanced-open.txt
> /suricata/etc/suricata/rules/reference.config
> /suricata/etc/suricata/rules/gen-msg.map
> /suricata/etc/suricata/rules/emerging-policy.rules
> /suricata/etc/suricata/rules/emerging-dns.rules
> /suricata/etc/suricata/rules/unicode.map
> /suricata/etc/suricata/rules/compromised-ips.txt
> /suricata/etc/suricata/rules/emerging-voip.rules
> /suricata/etc/suricata/rules/suricata-1.2-prior-open.yaml
> /suricata/etc/suricata/rules/emerging-games.rules
> /suricata/etc/suricata/rules/emerging-dos.rules
> /suricata/etc/suricata/rules/sid-msg.map
[root@suricata ~]#
再次启动:
[root@suricata ~]# /suricata/usr/bin/suricata -c /suricata/etc/suricata/suricata.yaml -i eth0
// -- :: - <Notice> - This is Suricata version 4.0. RELEASE
// -- :: - <Notice> - all packet processing threads, management threads initialized, engine started.
至此, 安装部署启动已完成.
下一篇:
一篇参考文章,还不错 : 构建基于Suricata+Splunk的IDS入侵检测系统
http://www.cnblogs.com/ssooking/p/IDS.html
[DPI][suricata] suricata-4.0.3 安装部署的更多相关文章
- Storm-0.9.0.1安装部署 指导
可以带着下面问题来阅读本文章: 1.Storm只支持什么传输 2.通过什么配置,可以更改Zookeeper默认端口 3.Storm UI必须和Storm Nimbus部署在同一台机器上,UI无法正常工 ...
- kafka_2.11-2.0.0_安装部署
参考博文:kafka 配置文件参数详解 参考博文:Kafka[第一篇]Kafka集群搭建 参考博文:如何为Kafka集群选择合适的Partitions数量 参考博文:Kafka Server.prop ...
- 大数据篇:DolphinScheduler-1.2.0.release安装部署
大数据篇:DolphinScheduler-1.2.0.release安装部署 1 配置jdk #查看命令 rpm -qa | grep java #删除命令 rpm -e --nodeps xxx ...
- zabbix4.0.1 安装部署
zabbix安装部署 目录 一.环境准备... 3 1.1.版本:... 3 1.2.部署环境... 3 二.安装部署... 3 2.1.zabbix安装... 3 2.1.1.下载zabbix的rp ...
- presto 0.166安装部署
系统:linux java:jdk 8,64-bit Connector:hive 分布式,node1-3 node1:Coordinator . Discovery service node2-3: ...
- Hbase-2.0.0_01_安装部署
该文章是基于 Hadoop2.7.6_01_部署 进行的 1. 主机规划 主机名称 IP信息 内网IP 操作系统 安装软件 备注:运行程序 mini01 10.0.0.11 172.16.1.11 C ...
- Hadoop1.0.3安装部署
0x00 大数据平台相关链接 官网:http://hadoop.apache.org/ 主要参考教程:http://www.cnblogs.com/xia520pi/archive/2012/05/1 ...
- jumperserver3.0的安装部署
适用于jumperserver版本:v0.3.1-2 官网:http://www.jumpserver.org/ 系统:centos7.2 基本安装 备注:如果是centos系统最好使用基本安装,否 ...
- zabbix3.0.4安装部署与SendEmail报警配置
MySQL:5.6.21 nginx:1.62 PHP:5.7 pcre:8.32 zabbix:3.0.4 LNMP安装步骤略过 # tar xvf zabbix-3.0.4.tar.gz # cd ...
随机推荐
- MySql实现sequence功能的代码
使用函数创建自增序列管理表(批量使用自增表,设置初始值,自增幅度) 第一步:创建Sequence管理表 sequence DROP TABLE IF EXISTS sequence; CREATE T ...
- 【转】python实战——教你用微信每天给女朋友说晚安
但凡一件事,稍微有些重复.我就考虑怎么样用程序来实现它. 这里给各位程序员朋友分享如何每天给朋友定时微信发送”晚安“,故事,新闻,等等··· ··· 最好运行在服务器上,这样后台挂起来更方便. #!/ ...
- ORA-03297: 文件包含在请求的 RESIZE 值以外使用的数据
本文中的45,对应 修改数据文件大小 里面的45 1.移动表前先对表空间做整理 alter tablespace data_cis_test coalesce; 2.在dba_extents找到与ID ...
- 【iCore1S 双核心板_FPGA】例程九:锁相环实验——锁相环的使用
实验现象: 利用Quartus内部组件生成锁相环,用SignalTap II进行校验. 核心代码: //--------------------Module_PLL------------------ ...
- C#获取文件版本信息
使用FileVersionInfo获取版本信息 FileVersionInfo info = FileVersionInfo.GetVersionInfo(Application.Current.St ...
- 创建shell脚本
1.写一个脚本 a) 用touch命令创建一个文件:touch my_script b) 用vim编辑器打开my_script文件:vi my_script c) 用vim编辑器编辑my_script ...
- Java知多少(12)运算符
Java中的运算符和C/C++相差无几. 数学运算符 数学运算,结果为一个数值.见下表: 运算符 说明 举例 + 加法 1 + 2 - 减法 4 - 3.4 * 乘法 7 * 1.5 / 除法 3.5 ...
- idea java 非web程序打包
以下打包非常暴力.O(∩_∩)O哈哈~ 方法一: 第一步:选择需要打包的程序 第二步:选择需要打包的文件 第三步:artifacts->jar->from modules with... ...
- linux下通过curl访问web服务器
在通过xshell或者其他远程连接工具连接linux服务器,没安装浏览器,却要测试web服务的请求: 可以使用curl 访问web服务器 例如返回百度的主页内容 #curl www.baidu.com ...
- 返回一个数组升序排列后的位置信息--C#程序举例
返回一个数组升序排列后的位置信息--C#程序举例 返回某一个数组升序排序后的位置 比如:{8,10,9,11}排序后应该是{8,9,10,11},但是需要返回{1,3,2,4} 大概记忆里是这么 ...