|  |  |  | Autogenerated on 2012-11-29 | 
					
						
							|  |  |  | from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/FreeBSD_8 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | FreeBSD 8 & 9 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Pre-installation requirements | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Before you can build Suricata for your system, run the following command to | 
					
						
							|  |  |  | ensure that you have everything you need for the installation. | 
					
						
							|  |  |  | Make sure you enter all commands as root/super-user, otherwise it will not | 
					
						
							|  |  |  | work. | 
					
						
							|  |  |  | For FreeBSD 8: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   pkg_add -r autoconf262 automake19 gcc45 libyaml pcre libtool \ | 
					
						
							|  |  |  |   libnet11 libpcap gmake | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | For FreeBSD 9.0: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   pkg_add -r autoconf268 automake111 gcc libyaml pcre libtool \ | 
					
						
							|  |  |  |   libnet11 libpcap gmake | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Depending on the current status of your system, it may take a while to complete | 
					
						
							|  |  |  | this process. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | HTP | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | HTP is bundled with Suricata and installed automatically. If you need to | 
					
						
							|  |  |  | install HTP manually for other reasons, instructions can be found at HTP | 
					
						
							|  |  |  | library_installation. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | IPS | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | If you would like to build suricata on FreeBSD with IPS capabilities with IPFW | 
					
						
							|  |  |  | via --enable-ipfw, enter the following to enable ipfw and divert socket support | 
					
						
							|  |  |  | before starting the engine with -d: | 
					
						
							|  |  |  | Edit /etc/rc.conf and add or modify the following lines: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   firewall_enable="YES" | 
					
						
							|  |  |  |   firewall_type="open" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Edit /boot/loader.conf and add or modify the following lines: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   ipfw_load="YES" | 
					
						
							|  |  |  |   ipfw_nat_load="YES" | 
					
						
							|  |  |  |   ipdivert_load="YES" | 
					
						
							|  |  |  |   dummynet_load="YES" | 
					
						
							|  |  |  |   libalias_load="YES" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Suricata | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | To download and build Suricata, enter the following: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz | 
					
						
							|  |  |  |   tar -xvzf suricata-1.3.3.tar.gz | 
					
						
							|  |  |  |   cd suricata-1.3.3 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | If you are building from Git sources, enter all the following commands until | 
					
						
							|  |  |  | the end of this file: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   bash autogen.sh | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | If you are not building from Git sources, do not enter the above mentioned | 
					
						
							|  |  |  | commands. Continue enter the following: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var | 
					
						
							|  |  |  |   make | 
					
						
							|  |  |  |   make install | 
					
						
							|  |  |  |   zerocopy bpf | 
					
						
							|  |  |  |   mkdir /var/log/suricata/ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | FreeBSD 8 has support for zerocopy bpf in libpcap. To test this functionality, | 
					
						
							|  |  |  | issue the following command and then start/restart the engine: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   sysctl net.bpf.zerocopy_enable=1 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Auto setup | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | You can also use the available auto setup features of Suricata: | 
					
						
							|  |  |  | ex: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |      ./configure && make && make install-conf | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | make install-conf | 
					
						
							|  |  |  | would do the regular "make install" and then it would automatically create/ | 
					
						
							|  |  |  | setup all the necessary directories and suricata.yaml for you. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |      ./configure && make && make install-rules | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | make install-rules | 
					
						
							|  |  |  | would do the regular "make install" and then it would automatically download | 
					
						
							|  |  |  | and set up the latest ruleset from Emerging Threats available for Suricata | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |      ./configure && make && make install-full | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | make install-full | 
					
						
							|  |  |  | would combine everything mentioned above (install-conf and install-rules) - and | 
					
						
							|  |  |  | will present you with a ready to run (configured and set up) Suricata | 
					
						
							|  |  |  | Please continue with the Basic_Setup. |