ubuntu1804 build the latest Suricata
suricata
Suricata is a free, open source, mature, fast and powerful cyber threat detection engine.
The Suricata engine is capable of real-time intrusion detection (IDS), inline intrusion prevention (IPS), [network security] (https://cloud.tencent.com/product/ns?from=10680) monitoring (NSM) and offline pcap processing.
The core of many so-called enterprise security protection products is traffic detection based on suricata, which constantly compiles, updates and improves detection rules to improve security capabilities.
Build##
Environment: ubuntu1804
suricata version: 4.1.2
- Installation dependencies
sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev pkg-config - Download and unzip the source code
wget https://www.openinfosecfoundation.org/download/suricata-4.1.2.tar.gz tar -xvf suricata-4.1.2.tar.gzcd suricata-4.1.2/- Compile and install
./configure --sysconfdir=/etc --localstatedir=/var makesudo make install
Basic configuration##
- Create log directory
sudo mkdir /var/log/suricata sudo mkdir /etc/suricata- Copy the configuration file
sudo cp classification.config /etc/suricata sudo cp reference.config /etc/suricatasudo cp suricata.yaml /etc/suricata- The configuration has been completed, you can enter
sudo suricata -c /etc/suricata/suricata.yaml -i ens33to start
Exception resolution##
suricata: error while loading shared libraries: libhtp.so.2: cannot open shared object file: No such file or directory Solution:
sudo vim /etc/ld.so.conf- Add a line
/usr/local/lib, save - Execute the
ldconfigcommand to solve
Recommended Posts