CentOS 6.5 (x86_64) 安裝 Suricata 2.0 (含IPS功能)

  1. 安裝相關元件
    # sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm #
    # sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre 
    pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml 
    libyaml-devel zlib zlib-devel file-devel
    
  2. 安裝 HTP 函式庫
    # yum -y install libhtp
    
  3. 安裝 IPS 相關元件
    # sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm 
    
    http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.15-1.x86_64.rpm
    
    
    http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-0.0.30-1.x86_64.rpm
    
    
    http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-devel-0.0.30-1.x86_64.rpm
    
  4. 安裝 lincap-ng 函式庫
    # cd /usr/local/src
    # sudo yum -y install python devel
    # wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.6.4.tar.gz
    # tar -xzvf libcap-ng-0.6.4.tar.gz
    # cd libcap-ng-0.6.4
    # ./configure 
    # make 
    # sudo make install
    
  5. 安裝 Suricate
    # cd /usr/local/src
    # wget http://www.openinfosecfoundation.org/download/suricata-2.0.tar.gz
    # tar -xvzf suricata-2.0.tar.gz
    # cd suricata-2.0
    # ./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
    # make
    # sudo make install
    
  6. 基本設定
    # sudo mkdir /var/log/suricata 
    # sudo mkdir /etc/suricata
    # cd /usr/loca/src/suricata-2.0
    # sudo cp classification.config /etc/suricata
    # sudo cp reference.config /etc/suricata
    # sudo cp suricata.yaml /etc/suricata
    
  7. 功能檢視
    # suricata --build-info
    
標籤: , ,

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *

*