codecamp

安装篇

suricata 官方安装文档 https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation

本人选用 Debian 操作系统 官方安装文档 https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation

1. Pre-installation requirements

apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
libjansson-dev pkg-config liblua5.1-dev

2. IPS

By default, Suricata works as an IDS. If you want to use it as a IDS and IPS program, enter:

apt-get -y install libnetfilter-queue-dev

3. Suricata

To download and build Suricata, enter the following:

wget http://www.openinfosecfoundation.org/download/suricata-4.0.3.tar.gz
tar -xvzf suricata-4.0.3.tar.gz
cd suricata-4.0.3

4. Compile and install the program

If you plan to build Suricata with IPS capabilities, enter:

./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-lua
make
make install-full
ldconfig

5. Start suricata

suricata -i eth0     (默认加载/etc/suricata/suricata.yaml配置)

自此 suricata 已安装完毕

PS: 按照官网的方法进行安装后,不支持执行 lua 脚本。所以在上面的命令中追加了 apt-get install -y liblua5.1-dev 及 ./configure --enable-lua

PS: suricata 不支持 lua 和 luajit 同时使用,因此 ./configure --enable-lua --enable-luajit 会报错




背景及简介
配置篇-suricata.yaml-1
温馨提示
下载编程狮App,免费阅读超1000+编程语言教程
取消
确定
目录

关闭

MIP.setData({ 'pageTheme' : getCookie('pageTheme') || {'day':true, 'night':false}, 'pageFontSize' : getCookie('pageFontSize') || 20 }); MIP.watch('pageTheme', function(newValue){ setCookie('pageTheme', JSON.stringify(newValue)) }); MIP.watch('pageFontSize', function(newValue){ setCookie('pageFontSize', newValue) }); function setCookie(name, value){ var days = 1; var exp = new Date(); exp.setTime(exp.getTime() + days*24*60*60*1000); document.cookie = name + '=' + value + ';expires=' + exp.toUTCString(); } function getCookie(name){ var reg = new RegExp('(^| )' + name + '=([^;]*)(;|$)'); return document.cookie.match(reg) ? JSON.parse(document.cookie.match(reg)[2]) : null; }