Installation with CUDA and PFRING on Scientific Linux 6¶
For setup and install you need to be root:
mkdir /root/src
cd /root/src
Pre installation requirements¶
Install the following packages, to make sure you have everything needed for the installation:
yum install mpfr-2.4.1-6.el6.x86_64 cpp-4.4.4-13.el6.x86_64 ppl-0.10.2-11.el6.x86_64 \ cloog-ppl-0.15.7-1.2.el6.x86_64 gcc-4.4.4-13.el6.x86_64 kernel-devel-2.6.32-131.2.1.el6.x86_64 \ pcre-devel-7.8-3.1.el6.x86_64 libpcap-devel-1.0.0-6.20091201git117cb5.el6.x86_64 \ yum-plugin-priorities-1.1.26-11.el6.noarch yum-conf-sl6x-1-1.noarch libyaml-0.1.3-1.el6.rf.x86_64 \ libyaml-devel-0.1.3-1.el6.rf.x86_64 libnet-1.1.2.1-2.2.el6.rf.x86_64 flex-2.5.35-8.el6.x86_64 \ bison-2.4.1-5.el6.x86_64 gcc-c++-4.4.4-13.el6.x86_64
CUDA¶
Download and install NVIDIA CUDA drivers:
wget http://us.download.nvidia.com/XFree86/Linux-x86_64/270.41.19/NVIDIA-Linux-x86_64-270.41.19.run chmod +x NVIDIA-Linux-x86_64-270.41.19.run ./NVIDIA-Linux-x86_64-270.41.19.run
You also need to download and install the CUDA toolkit for RHEL6 :
wget http://developer.download.nvidia.com/compute/cuda/4_0/toolkit/cudatoolkit_4.0.17_linux_64_rhel6.0.run chmod +x cudatoolkit_4.0.17_linux_64_rhel6.0.run ./cudatoolkit_4.0.17_linux_64_rhel6.0.run
Make sure the kernel modules are loaded:
/sbin/modprobe -r nouveau && /sbin/modprobe nvidia
To ensure the proper NVIDIA CUDA modules get loaded on reboot, add the above line to your /etc/rc.local file.
PF_RING¶
Go to your download directory and get the latest PF_RING:
svn export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ pfring-svn-latest
Compile and install
Next, enter the following commands for configuration and installation:
cd pfring-svn-latest/kernel
make && sudo make install
cd ../userland/lib
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../libpcap-1.1.1-ring
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../tcpdump-4.1.1
./configure --prefix=/usr/local/pfring && make && sudo make install
Load the pf_ring kernel module:
/sbin/modprobe pf_ring
To ensure the pf_ring module gets loaded on reboot, add the above line to your /etc/rc.local file.
Suricata¶
Download and install Suricata:
wget http://www.openinfosecfoundation.org/download/suricata-1.4.4.tar.gz
And unpack it:
tar -xvzf suricata-1.4.4.tar.gz
Change to the unpacked directory:
cd suricata-1.4.4
NOTE: If you want to install Suricata from the git master you need to do:
git clone git://phalanx.openinfosecfoundation.org/oisf.git cd oisf git clone https://github.com/OISF/libhtp.git -b 0.5.x
Instead of the wget download.
Now compile and install Suricata with PF_RING and CUDA support:
./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda-includes=/usr/local/cuda/include \ --with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring --with-libpfring-libraries=/usr/local/lib \ --with-libpfring-includes=/usr/local/include make make install
Continue with the Basic Setup
Next, you need to edit max-pending-packets in your /etc/suricata/suricata.yaml. If you don't have one, download a generic one to get started:
cd /etc/suricata wget https://rules.emergingthreatspro.com/open-nogpl/suricata/suricata-open.yaml
Edit your suricata-open.yaml file accordingly.
The number of packets allowed to be processed simultaneously can be whatever you want but it is recommended that it be 4000 or more.
For example:
max-pending-packets: 12288
Next make sure the following line is present in the multi pattern algorithm section:
mpm-algo: b2g_cuda
Rules¶
Read the information in Rule Management with Oinkmaster
Add rules to suricata:
cd /etc/suricata wget https://rules.emergingthreatspro.com/open-nogpl/suricata/emerging.rules.tar.gz tar -xvzf emerging.rules.tar.gz
Make sure your .yaml file includes the /etc/suricata/rules/emerging-*.rules files (they may need to be uncommented).
Run Suricata as followed:
cd /etc/suricata /usr/local/bin/suricata -c /etc/suricata/suricata.yaml\ --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow
touch /var/lock/subsys/local
References¶