環(huán)境準(zhǔn)備
- 基于minimal版本的CentOS7鏡像安裝虛擬機(jī)
- 安裝包:suricata-4.1.4.tar.gz图焰、LuaJIT-2.0.3.tar.gz梅割、lua-cjson-2.1.0.tar.gz
修改yum源
1.進(jìn)入/etc/yum.repo.d
2.修改CentOS-BASE.repo文件為如下內(nèi)容
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- 新建epel.repo文件霜第,內(nèi)容如下
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://mirrors.ustc.edu.cn/epel/7/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://mirrors.ustc.edu.cn/epel/7/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://mirrors.ustc.edu.cn/epel/7/SRPMS
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
- 新建epel-testing.repo文件,內(nèi)容如下
[epel-testing]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch
baseurl=http://mirrors.ustc.edu.cn/epel/testing/7/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-testing-debuginfo]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch - Debug
baseurl=http://mirrors.ustc.edu.cn/epel/testing/7/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
[epel-testing-source]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch - Source
baseurl=http://mirrors.ustc.edu.cn/epel/testing/7/SRPMS
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
安裝依賴庫(kù)
sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel libnetfilter_queue-devel lua-devel PyYAML libmaxminddb-devel rustc cargo lz4-devel libcap-ng-devel openssl-devel openssl;
cargo install cargo-vendor;
配置環(huán)境變量
echo "export PATH=$PATH:/root/.cargo/bin" >> /root/.bashrc
source /root/.bashrc
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
安裝Luajit庫(kù)户辞、cjson庫(kù)
wget http://luajit.org/download/LuaJIT-2.0.3.tar.gz</u>](http://luajit.org/download/LuaJIT-2.0.3.tar.gz)
tar -zxf LuaJIT-2.0.3.tar.gz
cd LuaJIT-2.0.3
make && make install
wget http://www.kyne.com.au/~mark/software/download/lua-cjson-2.1.0.tar.gz</u>](http://www.kyne.com.au/~mark/software/download/lua-cjson-2.1.0.tar.gz)
tar zxvf lua-cjson-2.1.0.tar.gz
make
make install
編譯安裝suricata
tar -zxvf suricata-4.1.4.tar.gz
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --enable-luajit --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr --with-libluajit-includes=/usr/local/include/luajit-2.0/ --with-libluajit-libraries=/usr/lib/ --with-libjansson-libraries=/usr/lib64/ --with-libjansson-includes=/usr/include
make
make install
ldconfig
下載開(kāi)源規(guī)則及配置文件
make install-full
cd /var/lib/suricata/update/cache/
tar -zxvf *.tar.gz
開(kāi)啟lua支持
vi /etc/suricata/suricata.yaml
# 修改enabled處為yes
mkdir /etc/suricata/lua-output
啟動(dòng)suricata顯示非法指令
- 在設(shè)備A中編譯的suricata能夠正常運(yùn)行
- 將A中的suricata移植到設(shè)備B后泌类,運(yùn)行suricata顯示“非法指令”
- 執(zhí)行 make指令編譯時(shí),默認(rèn)使用了
-march=native
選項(xiàng)
- 在執(zhí)行configure指令的時(shí)候书蚪,增加
--disable-gccmarch-native
選項(xiàng)喇澡,這樣make的時(shí)候就不會(huì)自動(dòng)添加--march=native
選項(xiàng)了。
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --enable-luajit --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr --with-libluajit-includes=/usr/local/include/luajit-2.0/ --with-libluajit-libraries=/usr/lib/ --with-libjansson-libraries=/usr/lib64/ --with-libjansson-includes=/usr/include --enable-gccmarch-native