安装篇

suricata 官方安装文档 https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation

本人选用 Debian 操作系统 官方安装文档 https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation

1. Pre-installation requirements

apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
libjansson-dev pkg-config liblua5.1-dev

2. IPS

By default, Suricata works as an IDS. If you want to use it as a IDS and IPS program, enter:

apt-get -y install libnetfilter-queue-dev

3. Suricata

To download and build Suricata, enter the following:

wget http://www.openinfosecfoundation.org/download/suricata-4.0.3.tar.gz
tar -xvzf suricata-4.0.3.tar.gz
cd suricata-4.0.3

4. Compile and install the program

If you plan to build Suricata with IPS capabilities, enter:

./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-lua
make
make install-full
ldconfig

5. Start suricata

suricata -i eth0     (默认加载/etc/suricata/suricata.yaml配置)

自此 suricata 已安装完毕

PS: 按照官网的方法进行安装后，不支持执行 lua 脚本。所以在上面的命令中追加了 apt-get install -y liblua5.1-dev 及 ./configure --enable-lua

PS: suricata 不支持 lua 和 luajit 同时使用，因此 ./configure --enable-lua --enable-luajit 会报错