一 準(zhǔn)備

準(zhǔn)備安裝的版本是6.0.2 安裝的系統(tǒng)是CentOS Linux release 7.9.2009 (Core)。

yum -y install epel-release yum-plugin-copr
yum -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev                   libnet1-dev libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev                 libcap-ng-dev libcap-ng0 make libmagic-dev                         libnss3-dev libgeoip-dev liblua5.1-dev libhiredis-dev libevent-dev                 python-yaml rustc carg
yum -y install pkg-config
yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-devel   zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make  libnetfilter_queue-devel lua-devel
yum -y install libtools

二 安裝

export RUSTUP_DIST_SERVER=https://mirrors.ustc.edu.cn/rust-static
export RUSTUP_UPDATE_ROOT=https://mirrors.ustc.edu.cn/rust-static/rustup
準(zhǔn)備安裝 rust

執(zhí)行 wget https://cdn.jsdelivr.net/gh/rust-lang-nursery/rustup.rs/rustup-init.sh
執(zhí)行環(huán)境變量的配置source $HOME/.cargo/env

至此，rust安裝結(jié)束

   可以執(zhí)行suricata 目錄下的./augentsh

   會(huì)產(chǎn)生 configure

./configure --prefix=/opt/suricata  --enable-unix-socket --with-libnss-libraries=/usr/lib64 --with-libnss-includes=/usr/include/nss3 --with-libnspr-libraries=/usr/lib64 --with-libnspr-includes=/usr/include/nspr4 --enable-non-bundled-htp --with-libhtp-includes=/usr/local/include/htp --with-libhtp-libraries=/usr/local/lib

發(fā)現(xiàn)個(gè)錯(cuò)誤：

   ERROR! libhtp was found but it is neither >= 0.5.37, nor the dev 0.5.X

下載：

https://codeload.github.com/OISF/libhtp/zip/refs/tags/0.5.41
sh ./autogen.sh && make && make install

export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig

繼續(xù)執(zhí)行報(bào)錯(cuò)：

checking for cargo vendor support... yes
checking for ./rust/dist/rust-bindings.h... no
checking for ./rust/gen/rust-bindings.h... no
checking for cbindgen... no
  Warning: cbindgen too old or not found, it is required to 
      generate header files.
  To install: cargo install --force cbindgen
configure: error: cbindgen required

在執(zhí)行安裝cargo install –force cbindgen

在執(zhí)行安裝之前疹蛉，先配置好cargo的源

執(zhí)行vi ~/.cargo/config

添加如下內(nèi)容

image.png

安裝好后可款，繼續(xù)configure
然后執(zhí)行：

make && make install && make install conf 

但是執(zhí)行：

make install full 

報(bào)錯(cuò)：

make[1]: Leaving directory `/home/suricata/suricata-suricata-6.0.2'
make install-rules
make[1]: Entering directory `/home/suricata/suricata-suricata-6.0.2'
error: rules not installed as suricata-update not available
make[1]: *** [install-rules] Error 1
make[1]: Leaving directory `/home/suricata/suricata-suricata-6.0.2'
make: *** [install-full] Error 2

執(zhí)行：

yum install python3-pip
 yum install python-yaml 
 pip3 install suricata-update 

執(zhí)行：

python3 /usr/local/bin/suricata-update

下載失敗闺鲸，直接手工下載：

https://rules.emergingthreats.net/open/suricata-6.0.2/emerging.rules.tar.gz

三 參考：

[https://blog.csdn.net/qq_38601892/article/details/123944112](https://blog.csdn.net/qq_38601892/article/details/123944112)
[https://blog.csdn.net/isxiaole/article/details/123282267](https://blog.csdn.net/isxiaole/article/details/123282267)
[https://blog.csdn.net/weixin_42785632/article/details/125638748](https://blog.csdn.net/weixin_42785632/article/details/125638748)