suricata源码安装

suricata源码解析

1.1 设置个人规则

自定义rules过滤规则，在etc/suricata/suricata.yaml中修改rule-files:为test_ywh.rules

sudo nano etc/suricata/suricata.yaml

1.2 文件配置

配置文件在\var\lib\rules中，日志文件\etc\suricata\中，其中fast.log为攻击检测日志

2. 源码分析

2.1 源码下载

https://www.openinfosecfoundation.org/downloads/

下载6.0.4.tar.gz版本（切勿安装下载6.0.1,在ubuntu上安装会出现大问题，问题难以解决，属于代码方面的问题，可以说是不支持ubuntu20.04版本，rust出错）

手工安装suricata

2.2 安装支撑环境

问题1：

   ERROR!  libyaml library not found, go get it
   from http://pyyaml.org/wiki/LibYAML 
   or your distribution:

   Ubuntu: apt-get install libyaml-dev
   Fedora: dnf install libyaml-devel
   CentOS/RHEL: yum install libyaml-devel

解决方案：

sudo apt-get install libyaml-dev

问题2：

    ERROR: Jansson is now required.

    Go get it from your distribution or from:
      http://www.digip.org/jansson/

    Ubuntu/Debian: apt install libjansson-dev
    CentOS: yum install jansson-devel
    Fedora: dnf install jansson-devel

解决方案：

sudo apt install libjansson-dev

问题3：

ERROR: Suricata now requires Rust to build.

    Ubuntu/Debian: apt install rustc cargo
    Fedora: dnf install rustc cargo
    CentOS: yum install rustc cargo (requires EPEL)

    Rustup works as well: https://rustup.rs/

解决方案：

sudo apt install rustc cargo

2.3 正式安装

./configure
make
sudo make install

注意，需要特权权限，否则安装失败