由于通过源码编译依赖开源库比较多,而官方又没有指定开源库的版本范围,导致编译过程遇到的问题较多,因此这里把编译过程中遇到的问题整理汇总。
1.安装依赖环境
yum install -y libpcap zlib libyaml libpcap-devel jansson-devel pcre-devel lua-devel libmaxminddb-devel epel-release libnetfilter_queue-devel nss-devel libyaml-devel zlib-devel luajit-devel
yum install -y rustc cargo
2.安装PIP
yum -y install epel-release
yum -y install python-pip
pip install --upgrade pip
3.下载suricata源码
wget https://www.openinfosecfoundation.org/download/suricata-6.0.4.tar.gz
tar -xvf suricata-6.0.4.tar.gz
4.开始安装
./configure --disable-gccmarch-native --localstatedir=/var --prefix=/usr/ --sysconfdir=/etc --enable-lua --enable-geoip
注意检查依赖库的版本号,我这里rustc版本为 1.58.1
Suricata Configuration:
AF_PACKET support: yes
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: no
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: yes
libluajit: no
GeoIP2 support: yes
Non-bundled htp: no
Old barnyard2 support:
Hyperscan support: no
Libnet support: no
liblz4 support: no
Rust support: yes
Rust strict mode: no
Rust compiler path: /root/.cargo/bin/rustc
Rust compiler version: rustc 1.58.1 (db9d1b20b 2022-01-20)
Cargo path: /root/.cargo/bin/cargo
Cargo version: cargo 1.58.0 (f01b232bc 2022-01-19)
Cargo vendor: yes
Python support: yes
Python path: /usr/bin/python2.7
Python distutils yes
Python yaml yes
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: yes
Profiling enabled: no
Profiling locks enabled: no
Plugin support (experimental): yes
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: no
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -std=gnu99 -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist
PCAP_CFLAGS
SECCFLAGS
To build and install run 'make' and 'make install'.
标准的make、make install步骤
make
make install
make install-conf
make install-rules
5.遇到的问题
找不到libhtp.so.2库,复制一份到/lib64/libhtp.so.2后解决
ldd /usr/bin/suricata
linux-vdso.so.1 => (0x00007fffd93ec000)
liblua-5.1.so => /lib64/liblua-5.1.so (0x00007f21f1e66000)
libhtp.so.2 =>
librt.so.1 => /lib64/librt.so.1 (0x00007f21f1a36000)
libm.so.6 => /lib64/libm.so.6 (0x00007f21f1734000)
参考资料
suricata官方安装步骤介绍:Suricata User Guide — Suricata 6.0.4 documentation
https://suricata.readthedocs.io/en/suricata-6.0.4/依赖库详细日志:
34万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
