Scribd Logo
Upload

Welcome to Scribd!

  • 167 views

    CENTOS 6 Getting Started With Suricata

    Uploaded by

    mingsetao
    This document provides instructions for installing Suricata with PF_RING on CentOS 6. It describes downloading required packages, building and configuring Suricata and PF_RING, and running Suricata to enable intrusion detection and prevention.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd

    CENTOS 6 Getting Started With Suricata

    Uploaded by

    mingsetao
    167 views4 pages
    This document provides instructions for installing Suricata with PF_RING on CentOS 6. It describes downloading required packages, building and configuring Suricata and PF_RING, and running Suricata to enable intrusion detection and prevention.

    Original Description:

    CENTOS 6 Getting Started With Suricata

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for installing Suricata with PF_RING on CentOS 6. It describes downloading required packages, building and configuring Suricata and PF_RING, and running Suricata to enable intrusion detection and prevention.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    167 views4 pages

    CENTOS 6 Getting Started With Suricata

    Uploaded by

    mingsetao
    This document provides instructions for installing Suricata with PF_RING on CentOS 6. It describes downloading required packages, building and configuring Suricata and PF_RING, and running Suricata to enable intrusion detection and prevention.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4

    CENTOS 6 Getting Started with Suricata

    INTRO:
    This is a guide to install Suricata with PF_RING. This installation was completed using Virtualbox version 4.0.6 and CentOS 6.0-i386.

    Sections:
    1. Basic Suricata installation and how to enable some features 2. PF_RING (capture accelerator) Suricata installation with features from Section 1 3. Suricata Configuration

    Required Packages To Build Suricata:


    sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml libyaml-devel zlib zlib-devel

    Install Suricata as and IDS and IPS system Xi386


    sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnetfilter_q ueue-0.0.15-1.i386.rpm \ http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnetfilter_q ueue-devel-0.0.15-1.i386.rpm \ http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink0.0.30-1.i386.rpm \ http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlinkdevel-0.0.30-1.i386.rpm

    X86_64:
    sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter _queue-0.0.15-1.x86_64.rpm \ http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter _queue-devel-0.0.15-1.x86_64.rpm \ http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink -0.0.30-1.x86_64.rpm \

    http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink -devel-0.0.30-1.x86_64.rpm # cd /opt # wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz # tar -xvfz suricata-1.0.5.tar.gz # cd suricata-1.0.5 #sudo ./configure #sudo make #sudo make install --enable-nfqueue

    To install enable additional features of Suricata , install the following packages and append the ./configure line as stated: To Enable HTP Library(HTML pre-processor) feature:
    #wget http://www.openinfosecfoundation.org/download/libhtp-0.2.3.tar.gz #tar -xzvf libhtp-0.2.3.tar.gz #cd libhtp-0.2.3 #./configure #make #make install

    To enable libcap_ng (dropping privileges) feature:


    #wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.6.4.tar.gz #tar -xzvf libcap-ng-0.6.4.tar.gz #cd libcap-ng-0.6.4 #./configure #make #sudo make install

    2.PF_RING installation This installation will install PF_RING as well as enable the above features. 2.1 Download the required packages:
    #apt-get install build-essential libpcre3-dev libpcap-dev libnet1-dev libyamldev libnetfilter-queue-dev zlib1g-dev htp subversion flex bison kernel-devel dkms nano

    *Note* Please you will need to download the correct kernel headers for your specific system

    2.2 Download PF_RING


    # cd /usr/src # svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING_CURRENT_SVN # mkdir /usr/src/pf_ring-4 # cp -Rf /usr/src/PF_RING_CURRENT_SVN/kernel/* /usr/src/pf_ring-4/

    2.3 Configure PF_RING Driver


    # cd /usr/src/pf_ring-4/ # nano dkms.conf

    PACKAGE_NAME="pf_ring" PACKAGE_VERSION="4" BUILT_MODULE_NAME[0]="pf_ring" DEST_MODULE_LOCATION[0]="/kernel/net/pf_ring/" AUTOINSTALL="yes" Then press CRTL+X, Y, Enter


    # dkms add -m pf_ring -v 4 # dkms build -m pf_ring -v 4 kernelsourcedir /usr/src/kernels/(Insert kernel header) # dkms install -m pf_ring -v 4

    At the end the install command you should get DKMS: INSTALL Completed *NOTE* To remove the pf_ring driver type the following command:
    #sudo dkms remove m pf_ring v 4 --all

    2.4 Install PF_RING


    #sudo cp -f /usr/src/PF_RING_CURRENT_SVN/kernel/linux/pf_ring.h /opt/PF_RING/include/linux/ #cd /usr/src/PF_RING_CURRENT_SVN/userland/lib #sudo ./configure --prefix=/opt/PF_RING/

    #sudo cp -f pfring_e1000e_dna.h /opt/PF_RING/include

    #sudo make #sudo make install

    3. Download and configure Suricata with pf_ring


    3.1 A Stable version:
    # cd /opt # wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz # tar xvfz suricata-1.0.5.tar.gz # cd suricata-1.0.5 #Sudo ./configure --enable-pfring --with-libpfring-libraries=/opt/PF_RING/lib --with-libpfring-includes=/opt/PF_RING/include -with-libpcaplibraries=/opt/PF_RING/lib -with-libpcap-includes=/opt/PF_RING/include LD_RUN_PATH="/opt/PF_RING/lib:/usr/lib:/usr/local/lib" -prefix=/opt/PF_RING/ # sudo make

    # sudo make install

    3.2 Configure Suricata


    #mkdir #mkdir /etc/suricata /var/log/suricata

    3.2A Stable Version:


    #sudo cp /opt/suricata/suricata.yaml classification.conf /etc/suricata

    3.3 Adding Rules to Suricata See Suricata Wiki: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oink master 3.4.Run Suricata:
    #sudo /opt/PF_RING/bin/suricata c /etc/suricata/suricata.yaml i eth0

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy