安装篇
suricata 官方安装文档 https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation
本人选用 Debian 操作系统 官方安装文档 https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation
1. Pre-installation requirements
apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
libjansson-dev pkg-config liblua5.1-dev
2. IPS
By default, Suricata works as an IDS. If you want to use it as a IDS and IPS program, enter:
apt-get -y install libnetfilter-queue-dev
3. Suricata
To download and build Suricata, enter the following:
wget http://www.openinfosecfoundation.org/download/suricata-4.0.3.tar.gz tar -xvzf suricata-4.0.3.tar.gz
cd suricata-4.0.3
4. Compile and install the program
If you plan to build Suricata with IPS capabilities, enter:
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-lua
make
make install-full
ldconfig
5. Start suricata
suricata -i eth0 (默认加载/etc/suricata/suricata.yaml配置)
自此 suricata 已安装完毕
PS: 按照官网的方法进行安装后,不支持执行 lua 脚本。所以在上面的命令中追加了 apt-get install -y liblua5.1-dev 及 ./configure --enable-lua
PS: suricata 不支持 lua 和 luajit 同时使用,因此 ./configure --enable-lua --enable-luajit 会报错