|  |  |  | Autogenerated on 2012-11-29 | 
					
						
							|  |  |  | from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS5 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | CentOS5 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Pre-installation requirements | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | You will have to use the Fedora EPEL repository for some packages to enable | 
					
						
							|  |  |  | this repository. It is the same for i386 and x86_64: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- | 
					
						
							|  |  |  |   5-3.noarch.rpm | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Before you can build Suricata for your system, run the following command to | 
					
						
							|  |  |  | ensure that you have everything you need for the installation. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre \ | 
					
						
							|  |  |  |   pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml \ | 
					
						
							|  |  |  |   libyaml-devel zlib zlib-devel | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Depending on the current status of your system, it may take a while to complete | 
					
						
							|  |  |  | this process. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | HTP | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | HTP is bundled with Suricata and installed automatically. If you need to | 
					
						
							|  |  |  | install HTP manually for other reasons, instructions can be found at HTP | 
					
						
							|  |  |  | library_installation. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | IPS | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | If you plan to build Suricata with IPS capabilities via ./configure --enable- | 
					
						
							|  |  |  | nfqueue, there are no pre-built packages in the CentOS base or EPEL for | 
					
						
							|  |  |  | libnfnetlink and libnetfilter_queue. If you wish, you may use the rpms in the | 
					
						
							|  |  |  | Emerging Threats Cent OS 5 repository: | 
					
						
							|  |  |  | i386 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/i386/ | 
					
						
							|  |  |  |   libnetfilter_queue-0.0.15-1.i386.rpm \ | 
					
						
							|  |  |  |   http://rules.emergingthreatspro.com/projects/emergingrepo/i386/ | 
					
						
							|  |  |  |   libnetfilter_queue-devel-0.0.15-1.i386.rpm \ | 
					
						
							|  |  |  |   http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink- | 
					
						
							|  |  |  |   0.0.30-1.i386.rpm \ | 
					
						
							|  |  |  |   http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink- | 
					
						
							|  |  |  |   devel-0.0.30-1.i386.rpm | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | x86_64 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/ | 
					
						
							|  |  |  |   x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm \ | 
					
						
							|  |  |  |   http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/ | 
					
						
							|  |  |  |   libnetfilter_queue-devel-0.0.15-1.x86_64.rpm \ | 
					
						
							|  |  |  |   http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/ | 
					
						
							|  |  |  |   libnfnetlink-0.0.30-1.x86_64.rpm \ | 
					
						
							|  |  |  |   http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/ | 
					
						
							|  |  |  |   libnfnetlink-devel-0.0.30-1.x86_64.rpm | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | libcap-ng installation | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | This installation is needed for dropping privileges. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.6.4.tar.gz | 
					
						
							|  |  |  |   tar -xzvf libcap-ng-0.6.4.tar.gz | 
					
						
							|  |  |  |   cd libcap-ng-0.6.4 | 
					
						
							|  |  |  |   ./configure | 
					
						
							|  |  |  |   make | 
					
						
							|  |  |  |   sudo make install | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Suricata | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | To download and build Suricata, enter the following: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz | 
					
						
							|  |  |  |   tar -xvzf suricata-1.3.3.tar.gz | 
					
						
							|  |  |  |   cd suricata-1.3.3 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | If you are building from Git sources, enter all the following commands: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   bash autogen.sh | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | If you are not building from Git sources, enter only: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var | 
					
						
							|  |  |  |   make | 
					
						
							|  |  |  |   sudo make install | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Auto setup | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | You can also use the available auto setup features of Suricata: | 
					
						
							|  |  |  | ex: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |      ./configure && make && make install-conf | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | make install-conf | 
					
						
							|  |  |  | would do the regular "make install" and then it would automatically create/ | 
					
						
							|  |  |  | setup all the necessary directories and suricata.yaml for you. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |      ./configure && make && make install-rules | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | make install-rules | 
					
						
							|  |  |  | would do the regular "make install" and then it would automatically download | 
					
						
							|  |  |  | and set up the latest ruleset from Emerging Threats available for Suricata | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |      ./configure && make && make install-full | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | make install-full | 
					
						
							|  |  |  | would combine everything mentioned above (install-conf and install-rules) - and | 
					
						
							|  |  |  | will present you with a ready to run (configured and set up) Suricata | 
					
						
							|  |  |  | Please continue with the Basic_Setup. |