diff --git a/Makefile.am b/Makefile.am index 1631fe6723..80856007f8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ # have all needed files, that a GNU package needs AUTOMAKE_OPTIONS = foreign 1.4 ACLOCAL_AMFLAGS = -I m4 -EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml \ +EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \ classification.config \ reference.config if BUILD_LIBHTP @@ -10,3 +10,23 @@ if BUILD_LIBHTP endif SUBDIRS = $(HTP_DIR) src qa rules doc +install-data-am: + @echo "Run 'make install-conf' if you want to install initial configuration files. Or 'make install-full' to install configuration and rules"; + +install-full: install-conf install-rules + +install-conf: + install -d $(sysconfdir) + test -e $(sysconfdir)/suricata.yaml || install -m 600 $(top_srcdir)/suricata.yaml $(sysconfdir) + test -e $(sysconfdir)/classification.config || install -m 600 $(top_srcdir)/classification.config $(sysconfdir) + test -e $(sysconfdir)/reference.config || install -m 600 $(top_srcdir)/reference.config $(sysconfdir) + install -d $(localstatedir)/log/suricata + +install-rules: + install -d $(sysconfdir)/rules + wget -qO - http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz | tar zkxv -C $(sysconfdir) + test -e $(sysconfdir)/rules/decoder-events.rules || install -m 600 $(top_srcdir)/rules/decoder-events.rules $(sysconfdir)/rules/ + test -e $(sysconfdir)/rules/stream-events.rules || install -m 600 $(top_srcdir)/rules/stream-events.rules $(sysconfdir)/rules/ + test -e $(sysconfdir)/rules/smtp-events.rules || install -m 600 $(top_srcdir)/rules/smtp-events.rules $(sysconfdir)/rules/ + test -e $(sysconfdir)/rules/http-events.rules || install -m 600 $(top_srcdir)/rules/http-events.rules $(sysconfdir)/rules/ + @echo "You can now start suricata by running as root something like '$(bindir)/suricata -c $(sysconfdir)/suricata.yaml -i eth0'" diff --git a/configure.in b/configure.in index 9c08f20ce6..5750edce76 100644 --- a/configure.in +++ b/configure.in @@ -121,7 +121,7 @@ AC_INIT(configure.in) AC_MSG_CHECKING([host os]) # If no host os was detected, try with uname - if test -z "$host" ; then + if test -z "$host" ; then host="`uname`" fi echo -n "installation for $host OS... \c" @@ -148,6 +148,10 @@ AC_INIT(configure.in) *-*-mingw32*) CFLAGS="${CFLAGS} -DOS_WIN32" LDFLAGS="${LDFLAGS} -lws2_32" + WINDOWS_PATH="yes" + ;; + *-*-cygwin) + WINDOWS_PATH="yes" ;; *) AC_MSG_WARN([unsupported OS this may or may not work]) @@ -1166,7 +1170,45 @@ AC_SUBST(CFLAGS) AC_SUBST(LDFLAGS) AC_SUBST(CPPFLAGS) -AC_OUTPUT(Makefile src/Makefile qa/Makefile qa/coccinelle/Makefile rules/Makefile doc/Makefile) +define([EXPAND_VARIABLE], +[$2=[$]$1 +if test $prefix = 'NONE'; then + prefix="/usr/local" +fi +while true; do + case "[$]$2" in + *\[$]* ) eval "$2=[$]$2" ;; + *) break ;; + esac +done +eval "$2=[$]$2$3" +])dnl EXPAND_VARIABLE + +# suricata log dir +if test "$WINDOWS_PATH" = "yes"; then + systemtype="`systeminfo | grep \"System Type\"`" + case $systemtype in + *x64*) + e_logdir="C:\\Program Files (x86)\\Suricata\\log\\" + e_sysconfdir="C:\\Program Files (x86)\\Suricata\\" + e_magic_file="C:\\Program Files (x86)\\Suricata\\magic.mgc" + ;; + *) + e_logdir="C:\\Program Files\\Suricata\\log\\" + e_sysconfdir="C:\\Program Files\\Suricata\\" + e_magic_file="C:\\Program Files\\Suricata\\magic.mgc" + ;; + esac +else + EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata") + EXPAND_VARIABLE(sysconfdir, e_sysconfdir, "/") + e_magic_file="/usr/share/file/magic" +fi +AC_SUBST(e_logdir) +AC_SUBST(e_sysconfdir) +AC_SUBST(e_magic_file) + +AC_OUTPUT(Makefile src/Makefile qa/Makefile qa/coccinelle/Makefile rules/Makefile doc/Makefile suricata.yaml) echo " Suricata Configuration: @@ -1187,5 +1229,9 @@ Suricata Configuration: GCC Profile enabled: ${enable_gccprofile} Old barnyard2 support: ${enable_old_barnyard2} Non-bundled htp: ${enable_non_bundled_htp} - PCRE jit: ${pcre_jit_available} -" + PCRE jit: ${pcre_jit_available}" + +echo " +To build and install run 'make' and 'make install'. +You can run 'make install-conf' if you want to install initial configuration files. +Running 'make install-full' will install configuration and rules and provide you a ready-to-run suricata." diff --git a/suricata.yaml b/suricata.yaml.in similarity index 96% rename from suricata.yaml rename to suricata.yaml.in index 055576e7ca..5c59720a40 100644 --- a/suricata.yaml +++ b/suricata.yaml.in @@ -40,7 +40,7 @@ action-order: # The default logging directory. Any log or output file will be # placed here if its not specified with a full path name. This can be # overridden with the -l command line parameter. -default-log-dir: /var/log/suricata +default-log-dir: @e_logdir@ # Configure the type of alert (and other) logging you would like. outputs: @@ -164,6 +164,7 @@ outputs: # Magic file. The extension .mgc is added to the value here. #magic-file: /usr/share/file/magic +magic-file: @e_magic_file@ # When running in NFQ inline mode, it is possible to use a simulated # non-terminal NFQUEUE verdict. @@ -651,85 +652,61 @@ ipfw: # Set the default rule path here to search for the files. # if not set, it will look at the current working dir -default-rule-path: /etc/suricata/rules/ +default-rule-path: @e_sysconfdir@rules rule-files: - - attack-responses.rules - - backdoor.rules - - bad-traffic.rules - - chat.rules - - ddos.rules - - deleted.rules - - dns.rules - - dos.rules - - experimental.rules - - exploit.rules - - finger.rules - - ftp.rules - - icmp-info.rules - - icmp.rules - - imap.rules - - info.rules - - local.rules - - misc.rules - - multimedia.rules - - mysql.rules - - netbios.rules - - nntp.rules - - oracle.rules - - other-ids.rules - - p2p.rules - - policy.rules - - pop2.rules - - pop3.rules - - porn.rules - - rpc.rules - - rservices.rules - - scada.rules - - scan.rules - - shellcode.rules - - smtp.rules - - snmp.rules - - specific-threats.rules - - spyware-put.rules - - sql.rules - - telnet.rules - - tftp.rules - - virus.rules - - voip.rules - - web-activex.rules - - web-attacks.rules - - web-cgi.rules - - web-client.rules - - web-coldfusion.rules - - web-frontpage.rules - - web-iis.rules - - web-misc.rules - - web-php.rules - - x11.rules + - botcc.rules + - ciarmy.rules + - compromised.rules + - drop.rules + - dshield.rules + - emerging-activex.rules - emerging-attack_response.rules + - emerging-chat.rules + - emerging-current_events.rules + - emerging-deleted.rules + - emerging-dns.rules - emerging-dos.rules - emerging-exploit.rules - - emerging-game.rules + - emerging-ftp.rules + - emerging-games.rules + - emerging-icmp_info.rules + - emerging-icmp.rules + - emerging-imap.rules - emerging-inappropriate.rules - emerging-malware.rules + - emerging-misc.rules + - emerging-mobile_malware.rules + - emerging-netbios.rules - emerging-p2p.rules - emerging-policy.rules + - emerging-pop3.rules + - emerging-rpc.rules + - emerging-scada.rules - emerging-scan.rules + - emerging-shellcode.rules + - emerging-smtp.rules + - emerging-snmp.rules + - emerging-sql.rules + - emerging-telnet.rules + - emerging-tftp.rules + - emerging-trojan.rules + - emerging-user_agents.rules - emerging-virus.rules - emerging-voip.rules - - emerging-web.rules - emerging-web_client.rules - emerging-web_server.rules - emerging-web_specific_apps.rules - - emerging-user_agents.rules - - emerging-current_events.rules + - emerging-worm.rules + - rbn-malvertisers.rules + - rbn.rules + - tor.rules - decoder-events.rules # available in suricata sources under rules dir - stream-events.rules # available in suricata sources under rules dir - http-events.rules # available in suricata sources under rules dir - smtp-events.rules # available in suricata sources under rules dir -classification-file: /etc/suricata/classification.config -reference-config-file: /etc/suricata/reference.config +classification-file: @e_sysconfdir@classification.config +reference-config-file: @e_sysconfdir@reference.config # Holds variables that would be used by the engine. vars: