Suricata 是一个网络入侵检测和阻止引擎,由开放信息安全基金会以及它所支持的提供商说开发。该引擎是多线程的,内置 IPv6 的支持,可加载预设规则,支持 Barnyard 和 Barnyard2 工具。
This installation guide has been tested with:
- Suricata 3.0, 2.0.11 on CentOS 7
- Suricata 3.0, 2.0.11 on Scientific Linux 7
- Suricata 3.0, 2.0.11 on Fedora 23, Fedora 22
- Suricata 3.0 on CentOS 6
Pre-Installation Requirements
CentOS 6 Only: CentOS 6 requires the EPEL package repository:
yum install epel-release
Before you can build Suricata, run the following command to ensure that all dependencies are installed:
sudo yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-devel \ zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make \ libnetfilter_queue-devel lua-devel
Suricata
To download and build Suricata, enter the following:
wget http://www.openinfosecfoundation.org/download/suricata-3.0.tar.gz tar -xvzf suricata-3.0.tar.gz cd suricata-3.0 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-nfqueue --enable-lua
then
make sudo make install sudo ldconfig
Auto setup
You can also use the available auto setup features of Suricata:
ex:
make install-conf
make install-conf
will do the regular "make install" and then it will automatically create/setup all the necessary directories and suricata.yaml for you.
make install-rules
make install-rules
will do the regular "make install" and then it will automatically download and set up the latest ruleset from Emerging Threats available for Suricata
make install-full
make install-full
will combine everything mentioned above (install-conf and install-rules) - and will present you with a ready to run (configured and set up) Suricata
Then continue on to Basic Setup.