0x01. 安装hiredis
git clone https://github.com/redis/hiredis.git
cd hiredis/
make
sudo make install
编译suricata 后,使用suricata –build-info显示:
hiredis async with libevent: no
这是因为没有安装libevent的库,使用sudo yum install libevent-devel安装就好了
通过如下命令可以看出来是否安装成功(具体的目录是根据你是32位系统,还是64为系统):
[yeruoxi@ids01 ~]$ ls -al /usr/lib | grep libevent
[yeruoxi@ids01 ~]$ls -al /usr/lib64 | grep libevent
0x02. 安装hyperscan
可能会出现如下错误:
$ cmake -DBUILD_STATIC_AND_SHARED=1 ../
– Build type RELWITHDEBINFO
CMake Error at cmake/boost.cmake:23 (message):
Boost 1.57.0 or later not found. Either install system packages if
available, extract Boost headers to /home/yeruoxi/hyperscan/include, or set
the CMake BOOST_ROOT variable.
Call Stack (most recent call first):
CMakeLists.txt:71 (include)
这是因为bost版本太低了,如果安装了boost1.6.0仍然报错,则需要指定boost位置,使用如下命令:
cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=~/tmp/boost-1.60 ../
在安装boots的时候需要,先在/home/xxx/目录下新建tmp文件,否则在使用
./bootstrap.sh –prefix=~/tmp/boost-1.60是无效的。
注意boost位置是否填写正确了
hyperscan 编译错误:
[root@h191 build]# cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=/ids/tmp/boost-1.60 ../
-- Build type RELWITHDEBINFO
-- Boost version: 1.60.0
-- Found PythonInterp: /usr/bin/python (found version "2.7.5")
-- Build date: 2018-08-30
CMake Error at CMakeLists.txt:96 (message):
Ragel state machine compiler not found
方法1:
sudo yum install cmake ragel
如果不行
方法2:
[root@hw054 kevin]# wget http://www.colm.net/files/ragel/ragel-6.9.tar.gz
[root@hw054 kevin]# tar -zxvf ragel-6.9.tar.gz
[root@hw054 kevin]# cd ragel-6.9
[root@hw054 kevin]# ./configure
[root@hw054 kevin]# make && make install
参考:
http://suricata.readthedocs.io/en/latest/performance/hyperscan.html
http://blog.csdn.net/hugh454227186/article/details/52043949
0x03. 安装suricata
编译suricata 出现如下错误
suricata: error while loading shared libraries: libhs.so.4: cannot open shared o bject file: No such file or directory
是因为使用的目录不对,如果是64位系统,应该是、usr/local/lib64
echo "/usr/local/lib64" | sudo tee --append /etc/ld.so.conf.d/usrlocal.conf
sudo ldconfig
suricata编译安装命令:
./configure –enable-lua –enable-pfring
–enable-old-barnyard2 –enable-hiredis –enable-unix-socket –enable-profiling –enable-geoip –with-libnss-libraries=/usr/lib64 –with-libnss-includes=/usr/include/nss3 –with-libnspr-libraries=/usr/lib64 –with-libnspr-includes=/usr/include/nspr4 –enable-pfring –with-libpfring-includes=/usr/local/include –with-libpfring-libraries=/usr/local/lib –with-libhs-includes=/usr/local/include/hs/ –with-libhs-libraries=/usr/local/lib/make
make install
ldconfig(不执行会提示找不到库文件)