Instalasi Suricata

From OnnoWiki
Jump to navigation Jump to search

pre-installation requirements

Before you can build Suricata for your system, run the following command to ensure that you have everything you need for the installation.

sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-1 libyaml-dev zliblg zliblg-dev libcap-ng-dev libcap-ng0

Depending on the current status of your system, it may take a while to complete this process. htp

HTP is bundled with Suricata and installed automatically. If you need to install htp manually for other reasons, instructions can be found here. ips

If you want to use ubuntu-8.04 to use pre-built YAML packages, you must uncomment the following two lines in your /etc/apt/sources.list file so that you can enable hardy-backports:

#deb http://us.archive.ubuntu.com/ubuntu/ hardy-backports main restricted universe multiverse
#deb-src http://us.archive.ubuntu.com/ubuntu/ hardy-backports main restricted universe multiverse

If you plan to build Suricata with IPS capabilities via ./configure --enable-nfqueue, enter the following:

sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0

libcap-ng installation

This installation is needed for dropping privileges.

wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.6.4.tar.gz
tar -xzvf libcap-ng-0.6.4.tar.gz
cd libcap-ng-0.6.4
./configure && make && sudo make install
suricata

To download and build Suricata, enter the following:

wget http://www.openinfosecfoundation.org/download/suricata-current.tar.gz
tar -xvzf suricata-current.tar.gz
cd suricata.version

If you are building from Git sources, enter the following:

bash autojunk.sh

If you are not building from Git sources, enter the following:

./configure
sudo mkdir /var/log/suricata/
make
make install


Referensi

Pranala Menarik