CentOS 6.4 Installation (with unix socket, geoip, profiling and MD5 features)¶
This is a guide for installation of Suricata from git (latest) on a CentOS 6.4, 64 bit.
The server OS and kernel level used for this guide is:
[root@localhost PTP]# uname -a Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [root@localhost PTP]# cat /etc/redhat-release CentOS release 6.4 (Final)
General packages needed.¶
Add a repo for some packages that we need:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Install the packages:
yum -y install libpcap libpcap-devel libnet libnet-devel pcre pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml libyaml-devel zlib zlib-devel file-devel
In order to be able to get the latest git:
yum install wget git-core
We also need libcap-ng:
wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.7.3.tar.gz tar -zxf libcap-ng-0.7.3.tar.gz cd libcap-ng-0.7.3 ./configure && make clean && make && make install
For MD5 functionality and availabilty.¶
yum install nss-util nss-util-devel nss-devel nspr-devel nspr
For the GeoIP functionality.¶
yum install GeoIP-devel GeoIP
For the unix socket functionality.¶
Unix socket usage guide - Interacting via Unix Socket
yum install python-simplejson python-setuptools python-instant python-distutils-extra
http://www.digip.org/jansson/releases/jansson-2.4.tar.gz tar -zxf jansson-2.4.tar.gz cd jansson-2.4/ ./configure --prefix=/usr/ && make clean && make && make install
CentOS 6.4 comes with python 2.6.6:
[root@localhost ~]# rpm -qa python python-2.6.6-36.el6.x86_64 [root@localhost ~]#
This could the following drawback when you run suricatasc :
[root@localhost ~]# suricatasc Traceback (most recent call last): File "/usr/bin/suricatasc", line 18, in <module> import argparse ImportError: No module named argparse [root@localhost ~]#
In order to solve this we need to:
Download argparse from here - https://pypi.python.org/pypi/argparse
tar -zxf argparse-1.2.1.tar.gz cd argparse-1.2.1 python setup.py install
Configure,compile and install.¶
We get the latest Suricata:
git clone git://phalanx.openinfosecfoundation.org/oisf.git && cd oisf/ git clone https://github.com/OISF/libhtp.git -b 0.5.x
Then we configure , compile and install:
./autogen.sh && \ ./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ \ --enable-unix-socket --enable-profiling --enable-geoip \ --with-libnss-libraries=/usr/lib64 --with-libnss-includes=/usr/include/nss3 \ --with-libnspr-libraries=/usr/lib64 --with-libnspr-includes=/usr/include/nspr4 \ && make clean && make && make install && ldconfig
NOTE:
If this is your first installation on that particular server , you might want to consider "make install-full" instead of "make install".
Please read Basic Setup.
Now you have installed Suricata with the following features enabled - unix socket, GeoIP, MD5, profiling:
NOTE: version 2.0dev (rev 40a5ce8) - at the moment of this writing
[root@localhost oisf]# suricata --build-info This is Suricata version 2.0dev (rev 40a5ce8) Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW HAVE_NSS HAVE_LIBJANSSON PROFILING 64-bits, Little-endian architecture GCC version 4.4.7 20120313 (Red Hat 4.4.7-3), C version 199901 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 compiled with libhtp 0.2.12, linked against 0.2.12 Suricata Configuration: AF_PACKET support: yes PF_RING support: no NFQueue support: no IPFW support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes libnss support: yes libnspr support: yes libjansson support: yes Prelude support: no PCRE jit: no libluajit: no libgeoip: yes Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Suricatasc install: yes Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Profiling enabled: yes Profiling locks enabled: no Generic build parameters: Installation prefix (--prefix): /usr Configuration directory (--sysconfdir): /etc/suricata/ Log directory (--localstatedir) : /var/log/suricata/ Host: x86_64-unknown-linux-gnu GCC binary: gcc GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no [root@localhost oisf]#
[root@localhost oisf]# which suricata /usr/bin/suricata
Peter Manev