Building Suricata

Clean-up

Debian/buster

apt purge libhtp2 suricata suricata-update
apt autoremove --purge

Deps

git clone https://github.com/OISF/libhtp
cd libhtp/
./autogen.sh
./configure
echo $MAKEFLAGS
make
make install
ldconfig
cd ../

Slackware and out-of-bound Rust

# python3 python-pip python-setuptools

slackpkg install jansson

slackpkg install gnutls libidn2
sbopkg -i libprelude

sbopkg -i luajit

# slackpkg install rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env

Debian/buster

apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev \
libjansson-dev pkg-config
apt-get -y install libnetfilter-queue-dev

apt install python3-pip python3-setuptools python3-distutils
apt-get install liblz4-dev
apt-get install libnss3-dev
apt-get install libnspr4-dev
apt install rustc cargo cbindgen
apt install libluajit-5.1-dev
apt install libprelude-dev

shared

vi $HOME/.cargo/config.toml

[http]
cainfo = "/etc/ssl/cacert.pem"

cargo install --force cbindgen
pip install --upgrade suricata-update # python3

Build

either current

#git clone https://github.com/OISF/suricata.git
#cd suricata/
#./autogen.sh

or grab the latest release (preferred)

wget https://www.openinfosecfoundation.org/download/suricata-6.0.2.tar.gz
tar xzf suricata-6.0.2.tar.gz
cd suricata-6.0.2/

and proceed

export PATH=/root/.cargo/bin:$PATH
./configure --enable-nfqueue --enable-non-bundled-htp --sysconfdir=/etc --localstatedir=/var --enable-luajit --enable-prelude
# --prefix=/usr
echo $MAKEFLAGS
#nice make clean
time nice make # 16cores/1m53.513s
nice make install
nice make install-conf

Ready to go

which suricata
/usr/local/bin/suricata -V

This is Suricata version 6.0.0-dev (edcb784f1 2020-04-07)

Resources

from source https://www.claudiokuenzler.com/blog/511/suricata-network-intrusion-detection-nids-debian-wheezy

rustup https://rustup.rs/

Prelude support is broken in current 6.0.0 release https://redmine.openinfosecfoundation.org/issues/4065


GUIDES | LECTURES | BENCHMARKS | SMTP HEALTH