Building Suricata

tested for suricata 6.0.0-dev and updated for suricata 8.0.0-dev

clean-up

debian/ubuntu

apt purge libhtp2 suricata suricata-update
apt autoremove --purge

requirements

apt install build-essential automake autoconf libtool

git clone https://github.com/OISF/libhtp
cd libhtp/
./autogen.sh
./configure --sysconfdir=/etc --localstatedir=/var
echo $MAKEFLAGS
make
make install
ldconfig
cd ../

slackware and out-of-bound Rust

# python3 python-pip python-setuptools

slackpkg install jansson

slackpkg install gnutls libidn2
sbopkg -i libprelude

sbopkg -i luajit

# slackpkg install rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env

debian/ubuntu

apt install libpcre3 libpcre3-dbg libpcre3-dev libpcre2-dev \
    build-essential autoconf automake libtool libpcap-dev libnet1-dev \
    libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
    libjansson-dev pkg-config
apt install libnetfilter-queue-dev

apt install python3-pip python3-setuptools python3-distutils
apt install liblz4-dev
apt install libnss3-dev
apt install libnspr4-dev
apt install rustc cargo cbindgen
apt install libluajit-5.1-dev
apt install libprelude-dev

apt install librust-bindgen-dev

shared

ls -lhF /etc/ssl/cacert.pem # no exist
wget https://curl.se/ca/cacert.pem -O - > /etc/ssl/cacert.pem

mkdir -p $HOME/.cargo/
vi $HOME/.cargo/config.toml

[http]
cainfo = "/etc/ssl/cacert.pem"

cargo install --force cbindgen

# python3 pip
pip install --upgrade suricata-update

Build

git clone https://github.com/OISF/suricata.git
cd suricata/
./autogen.sh

and proceed

export PATH=$PATH:$HOME/.cargo/bin
#export PATH=/root/.cargo/bin:$PATH
./configure \
    --enable-nfqueue \
    --enable-non-bundled-htp \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --enable-luajit \
    --enable-prelude
# --prefix=/usr
echo $MAKEFLAGS
#nice make clean
time nice make
    # 16 cores 1m53.513s
    #  4 cores 3m23.685s
nice make install
nice make install-conf

Ready to go

which suricata
/usr/local/bin/suricata -V

#This is Suricata version 6.0.0-dev (edcb784f1 2020-04-07)
This is Suricata version 8.0.0-dev (d63ad75d9 2025-01-23)

Troubleshooting

while building suricata

fatal error: rust-bindings.h: No such file or directory

==> but the cargo path BEFORE the casual PATH, and eventually make clean

Resources

from source https://www.claudiokuenzler.com/blog/511/suricata-network-intrusion-detection-nids-debian-wheezy

rustup https://rustup.rs/

Prelude support is broken in current 6.0.0 release https://redmine.openinfosecfoundation.org/issues/4065


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT