|
|
|
|
Autogenerated on 2012-11-29
|
|
|
|
|
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/FreeBSD_8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FreeBSD 8 & 9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Pre-installation requirements
|
|
|
|
|
|
|
|
|
|
Before you can build Suricata for your system, run the following command to
|
|
|
|
|
ensure that you have everything you need for the installation.
|
|
|
|
|
Make sure you enter all commands as root/super-user, otherwise it will not
|
|
|
|
|
work.
|
|
|
|
|
For FreeBSD 8:
|
|
|
|
|
|
|
|
|
|
pkg_add -r autoconf262 automake19 gcc45 libyaml pcre libtool \
|
|
|
|
|
libnet11 libpcap gmake
|
|
|
|
|
|
|
|
|
|
For FreeBSD 9.0:
|
|
|
|
|
|
|
|
|
|
pkg_add -r autoconf268 automake111 gcc libyaml pcre libtool \
|
|
|
|
|
libnet11 libpcap gmake
|
|
|
|
|
|
|
|
|
|
Depending on the current status of your system, it may take a while to complete
|
|
|
|
|
this process.
|
|
|
|
|
|
|
|
|
|
HTP
|
|
|
|
|
|
|
|
|
|
HTP is bundled with Suricata and installed automatically. If you need to
|
|
|
|
|
install HTP manually for other reasons, instructions can be found at HTP
|
|
|
|
|
library_installation.
|
|
|
|
|
|
|
|
|
|
IPS
|
|
|
|
|
|
|
|
|
|
If you would like to build suricata on FreeBSD with IPS capabilities with IPFW
|
|
|
|
|
via --enable-ipfw, enter the following to enable ipfw and divert socket support
|
|
|
|
|
before starting the engine with -d:
|
|
|
|
|
Edit /etc/rc.conf and add or modify the following lines:
|
|
|
|
|
|
|
|
|
|
firewall_enable="YES"
|
|
|
|
|
firewall_type="open"
|
|
|
|
|
|
|
|
|
|
Edit /boot/loader.conf and add or modify the following lines:
|
|
|
|
|
|
|
|
|
|
ipfw_load="YES"
|
|
|
|
|
ipfw_nat_load="YES"
|
|
|
|
|
ipdivert_load="YES"
|
|
|
|
|
dummynet_load="YES"
|
|
|
|
|
libalias_load="YES"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Suricata
|
|
|
|
|
|
|
|
|
|
To download and build Suricata, enter the following:
|
|
|
|
|
|
|
|
|
|
wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
|
|
|
|
|
tar -xvzf suricata-1.3.3.tar.gz
|
|
|
|
|
cd suricata-1.3.3
|
|
|
|
|
|
|
|
|
|
If you are building from Git sources, enter all the following commands until
|
|
|
|
|
the end of this file:
|
|
|
|
|
|
|
|
|
|
bash autogen.sh
|
|
|
|
|
|
|
|
|
|
If you are not building from Git sources, do not enter the above mentioned
|
|
|
|
|
commands. Continue enter the following:
|
|
|
|
|
|
|
|
|
|
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
|
|
|
|
|
make
|
|
|
|
|
make install
|
|
|
|
|
zerocopy bpf
|
|
|
|
|
mkdir /var/log/suricata/
|
|
|
|
|
|
|
|
|
|
FreeBSD 8 has support for zerocopy bpf in libpcap. To test this functionality,
|
|
|
|
|
issue the following command and then start/restart the engine:
|
|
|
|
|
|
|
|
|
|
sysctl net.bpf.zerocopy_enable=1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Auto setup
|
|
|
|
|
|
|
|
|
|
You can also use the available auto setup features of Suricata:
|
|
|
|
|
ex:
|
|
|
|
|
|
|
|
|
|
./configure && make && make install-conf
|
|
|
|
|
|
|
|
|
|
make install-conf
|
|
|
|
|
would do the regular "make install" and then it would automatically create/
|
|
|
|
|
setup all the necessary directories and suricata.yaml for you.
|
|
|
|
|
|
|
|
|
|
./configure && make && make install-rules
|
|
|
|
|
|
|
|
|
|
make install-rules
|
|
|
|
|
would do the regular "make install" and then it would automatically download
|
|
|
|
|
and set up the latest ruleset from Emerging Threats available for Suricata
|
|
|
|
|
|
|
|
|
|
./configure && make && make install-full
|
|
|
|
|
|
|
|
|
|
make install-full
|
|
|
|
|
would combine everything mentioned above (install-conf and install-rules) - and
|
|
|
|
|
will present you with a ready to run (configured and set up) Suricata
|
|
|
|
|
Please continue with the Basic_Setup.
|
