mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72 lines
2.1 KiB
Plaintext
72 lines
2.1 KiB
Plaintext
Autogenerated on 2012-01-11
|
|
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Mac_OS_X_106x
|
|
|
|
|
|
Mac OS X (10.6.x)
|
|
|
|
|
|
Pre-installation requirements
|
|
|
|
These instructions have been tested with Mac OS X (10.6.1). To begin, you will
|
|
need an essential development environment much like gcc/make. You can download
|
|
Xcode from http://developer.apple.com/technology/xcode.html.
|
|
MacPorts is required for you to fetch the depends, so you will also need to
|
|
install MacPorts, if you have not already done so. The online installation
|
|
guide is located at http://guide.macports.org/#installing.
|
|
Before you can build Suricata for your system, you must run the following
|
|
command to ensure that you have everything you need for the installation.
|
|
|
|
port install autoconf automake gcc44 make libnet11 libpcap pcre \
|
|
libyaml libtool
|
|
export AC_PROG_LIBTOOL=$( which libtool )
|
|
|
|
Depending on the current status of your system, it may take a while to complete
|
|
this process.
|
|
|
|
HTP
|
|
|
|
HTP is bundled with Suricata and installed automatically. If you need to
|
|
install HTP manually for other reasons, instructions can be found at HTP
|
|
library_installation.
|
|
|
|
IPS
|
|
|
|
If you would like to have IPS capabilities with IPFW, then you should run
|
|
configure like this:
|
|
|
|
./configure --enable-ipfw
|
|
|
|
and execute the rest of the commands the same as above.
|
|
|
|
Suricata
|
|
|
|
To download and build Suricata, enter the following:
|
|
|
|
wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
|
|
tar -xvzf suricata-1.0.5.tar.gz
|
|
cd suricata-1.0.5
|
|
|
|
You will also need to have an ipfw rule set for the engine to see the packets
|
|
from ipfw. For example:
|
|
|
|
ipfw add 100 divert 8000 ip from any to any
|
|
|
|
The 8000 above should be the same number you pass on the command line of
|
|
suricata with the option -d, that is, -d 8000:
|
|
|
|
suricata -c config_file.yaml -d 8000
|
|
|
|
You will need a Suricata rule set with IPS options (drop, reject, etc). For
|
|
this, please refer to the Emerging Threats rule sets.
|
|
If you are building from Git sources, enter the following:
|
|
|
|
bash autogen.sh
|
|
|
|
If you are not building from Git sources, enter the following:
|
|
|
|
./configure
|
|
make
|
|
sudo make install
|
|
|
|
Please continue with the Basic_Setup.
|