安裝篇

suricata 官方安裝文檔 https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation

本人選用 Debian 操作系統(tǒng) 官方安裝文檔 https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation

1. Pre-installation requirements

apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
libjansson-dev pkg-config liblua5.1-dev

2. IPS

By default, Suricata works as an IDS. If you want to use it as a IDS and IPS program, enter:

apt-get -y install libnetfilter-queue-dev

3. Suricata

To download and build Suricata, enter the following:

wget http://www.openinfosecfoundation.org/download/suricata-4.0.3.tar.gz
tar -xvzf suricata-4.0.3.tar.gz
cd suricata-4.0.3

4. Compile and install the program

If you plan to build Suricata with IPS capabilities, enter:

./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-lua
make
make install-full
ldconfig

5. Start suricata

suricata -i eth0     (默認(rèn)加載/etc/suricata/suricata.yaml配置)

自此 suricata 已安裝完畢

PS: 按照官網(wǎng)的方法進(jìn)行安裝后，不支持執(zhí)行 lua 腳本。所以在上面的命令中追加了 apt-get install -y liblua5.1-dev 及 ./configure --enable-lua

PS: suricata 不支持 lua 和 luajit 同時(shí)使用，因此 ./configure --enable-lua --enable-luajit 會(huì)報(bào)錯(cuò)