mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
190 lines
6.1 KiB
Plaintext
190 lines
6.1 KiB
Plaintext
Autogenerated on 2012-11-29
|
|
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows
|
|
|
|
|
|
Windows
|
|
|
|
NOTE -
|
|
A new instruction set for Suricata installation (and/or compilation from
|
|
scratch) can be found here:
|
|
https://redmine.openinfosecfoundation.org/projects/suricata/files
|
|
also a windows binary - self extracting auto install package is available here:
|
|
http://www.openinfosecfoundation.org/index.php/download-suricata
|
|
|
|
Preparing the build environment
|
|
|
|
The instructions below should be followed in the order they appear. If your
|
|
configuration requires unique actions to compile the package and/or you
|
|
significantly modify the configure shell script, please e-mail the details of
|
|
your requirements and/or solution to bugreports@openinfosecfoundation.org.
|
|
Set up MinGW environment from http://mingw.org/
|
|
Do not use the automatic installer, as it is deprecated. Instead, manually
|
|
unpack the following packages to c:\mingw (you may use newer versions if you
|
|
prefer):
|
|
|
|
|
|
* binutils
|
|
o binutils-2.20-1-mingw32-bin.tar.gz
|
|
* mingw-runtime (dev and dll)
|
|
o mingwrt-3.17-mingw32-dll.tar.gz
|
|
o mingwrt-3.17-mingw32-dev.tar.gz
|
|
* w32api
|
|
o w32api-3.14-mingw32-dev.tar.gz
|
|
* Required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads)
|
|
o gmp-4.2.4-mingw32-dll.tar.gz
|
|
o libiconv-1.13.1-1-mingw32-dll-2.tar.lzma
|
|
o mpfr-2.4.1-mingw32-dll.tar.gz
|
|
o pthreads-w32-2.8.0-mingw32-dll.tar.gz
|
|
* gcc-core (bin and dll)
|
|
o gcc-core-4.4.0-mingw32-bin.tar.gz
|
|
o gcc-core-4.4.0-mingw32-dll.tar.gz
|
|
* make
|
|
o make-3.81-20090914-mingw32-bin.tar.gz
|
|
* zlib
|
|
o libz-1.2.3-1-mingw32-dll-1.tar.gz
|
|
+ libz-1.2.3-1-mingw32-dev.tar.gz
|
|
|
|
|
|
Download MSYS
|
|
|
|
Get MSYS from http://sourceforge.net/projects/mingw/files/ and install
|
|
|
|
MSYS-1.0.11.exe (MSYS Base System)
|
|
msysDTK-1.0.1.exe (MSYS Suplementary Tools)
|
|
autoconf-2.63-1-msys-1.0.11-bin.tar.lzma
|
|
automake-1.11-1-msys-1.0.11-bin.tar.lzma
|
|
libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma
|
|
|
|
MSYS will ask the following questions during installation.
|
|
|
|
Accept Post Install: [y]
|
|
MinGW Installed? : [y]
|
|
path to MinGW: [c:/MinGW]
|
|
|
|
|
|
Download pkg-config
|
|
|
|
Install pkg-config taken from http://wiki.videolan.org/Win32CompileMSYSNew#PKG-
|
|
CONFIG
|
|
Download and extract the following into c:\Msys\1.0
|
|
|
|
http://ftp.gnome.org/pub/GNOME/binaries/win32/glib/2.18/glib_2.18.2-
|
|
1_win32.zip
|
|
ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config_0.23-
|
|
3_win32.zip
|
|
ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config-
|
|
dev_0.23-3_win32.zip
|
|
|
|
|
|
Set PKG_CONFIG_PATH=/win32/lib/pkgconfig
|
|
|
|
(e.g. by adding the Windows environment variable PKG_CONFIG_PATH in "Control
|
|
Panel"->"System"->"Advanced System Settings"->"Environment Variables" and
|
|
setting the value to /win32/lib/pkgconfig)
|
|
|
|
Download Git sources
|
|
|
|
Get Git sources from http://code.google.com/p/msysgit/
|
|
Unpack to /msys/1.0
|
|
Remember to edit ~/.gitconfig to set your username
|
|
|
|
Download libpcre
|
|
|
|
Get libpcre from http://www.pcre.org/
|
|
|
|
./configure --enable-utf8 --disable-cpp --prefix=/mingw
|
|
make
|
|
make install
|
|
|
|
|
|
Download libyaml
|
|
|
|
Download libyaml from http://pyyaml.org/wiki/LibYAML
|
|
Though libyaml does not support mingw compilation, it does work in static mode.
|
|
|
|
./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC"
|
|
make
|
|
make install
|
|
|
|
|
|
Download libpcap
|
|
|
|
Download the developer pack from http://www.winpcap.org/devel.htm
|
|
To have the driver in the system, download and install a corresponding
|
|
installer package from http://www.winpcap.org/install/default.htm
|
|
Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib
|
|
Rename libwpcap.a to libpcap.a
|
|
|
|
Get and compile Suricata
|
|
|
|
|
|
git clone git://phalanx.openinfosecfoundation.org/oisf.git
|
|
cd oisf
|
|
|
|
Because of an autotools port bug, you will need to do the following:
|
|
|
|
dos2unix.exe libhtp/configure.ac
|
|
dos2unix.exe libhtp/htp.pc.in
|
|
dos2unix.exe libhtp/Makefile.am
|
|
|
|
./autogen.sh
|
|
./configure CFLAGS="-DYAML_DECLARE_STATIC"
|
|
|
|
Add --enable-nfqueue as a configurable parameter to enable inline mode.
|
|
|
|
make
|
|
|
|
If the full installation is successful, suricata.exe will be located in
|
|
src/.lib. To test your build, you will need libpcre-0.dll, libz-1.dll, and
|
|
pthreadGC2.dll, all of which should already be installed under c:/mingw or c:/
|
|
msys.
|
|
preparing the runtime environment.
|
|
To prepare the runtime environment, you must copy the executable and DLLs to a
|
|
dedicated directory. Get the classification.config and suricata.yaml, and then
|
|
edit suricata.yaml to ensure the directories are correctly identified.
|
|
pcap mode
|
|
If you have not already done so, install winpcap runtime and its driver. Then,
|
|
determine your eth device UUID in the registry:
|
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
|
|
suricata.exe -c suricata.yaml -i \device\
|
|
|
|
In the example above, device should be replaced with your device uuid.
|
|
|
|
Inline mode
|
|
|
|
To operate in inline mode, you must download, compile and install
|
|
netfilterforwin, which is the netfilter.sys driver and Windows port of the
|
|
libnetfilter_queue library.
|
|
Download and install the Windows Driver Kit from Microsoft
|
|
http://www.microsoft.com/downloads/
|
|
details.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff
|
|
Download netfilterforwin from http://sourceforge.net/projects/netfilterforwin/
|
|
Unpack it so the netfilterforwin directory is beside the oisf directory. You
|
|
must omit the version from its name.
|
|
Compile the driver
|
|
Open the correct build environment from your Start menu
|
|
Start > All Programs > Windows Driver Kits > WDK xxxx.yyyy.z > Build
|
|
Environments > Windows Server 2003 > x86 Free Build Environment
|
|
At your command line prompt, enter the following:
|
|
|
|
cd netfilterforwin/netfilter
|
|
nmake
|
|
|
|
Install the driver
|
|
Copy inf/* files and the freshly built netfilter.sys to a separate directory,
|
|
and then open the network connections.
|
|
Right-click an interface, then select Properties
|
|
Click install...
|
|
Select Service
|
|
Click Add
|
|
Click Have disk...
|
|
Browse to the directory with the inf files and netfilter.sys, select
|
|
netfilter.inf, and then click Ok.
|
|
Confirm everything
|
|
The driver is now installed.
|
|
Run Suricata in inline mode
|
|
|
|
suricata.exe -c suricata.yaml -q 0
|
|
|