Instalasi Suricata
pre-installation requirements
Before you can build Suricata for your system, run the following command to ensure that you have everything you need for the installation.
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \ build-essential autoconf automake libtool libpcap-dev libnet1-dev \ libyaml-0-1 libyaml-dev zliblg zliblg-dev libcap-ng-dev libcap-ng0
Depending on the current status of your system, it may take a while to complete this process. htp
HTP is bundled with Suricata and installed automatically. If you need to install htp manually for other reasons, instructions can be found here. ips
If you want to use ubuntu-8.04 to use pre-built YAML packages, you must uncomment the following two lines in your /etc/apt/sources.list file so that you can enable hardy-backports:
#deb http://us.archive.ubuntu.com/ubuntu/ hardy-backports main restricted universe multiverse #deb-src http://us.archive.ubuntu.com/ubuntu/ hardy-backports main restricted universe multiverse
If you plan to build Suricata with IPS capabilities via ./configure --enable-nfqueue, enter the following:
sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0
libcap-ng installation
This installation is needed for dropping privileges.
wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.6.4.tar.gz tar -xzvf libcap-ng-0.6.4.tar.gz cd libcap-ng-0.6.4 ./configure && make && sudo make install suricata
To download and build Suricata, enter the following:
wget http://www.openinfosecfoundation.org/download/suricata-current.tar.gz tar -xvzf suricata-current.tar.gz cd suricata.version
If you are building from Git sources, enter the following:
bash autojunk.sh
If you are not building from Git sources, enter the following:
./configure sudo mkdir /var/log/suricata/ make make install