suricata/doc/CentOS5.txt

Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS5


CentOS5


Pre-installation requirements

You will have to use the Fedora EPEL repository for some packages to enable
this repository. It is the same for i386 and x86_64:

  sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-
  5-3.noarch.rpm

Before you can build Suricata for your system, run the following command to
ensure that you have everything you need for the installation.

  sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre \
  pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml \
  libyaml-devel zlib zlib-devel

Depending on the current status of your system, it may take a while to complete
this process.

HTP

HTP is bundled with Suricata and installed automatically. If you need to
install HTP manually for other reasons, instructions can be found at HTP
library_installation.


IPS


If you plan to build Suricata with IPS capabilities via ./configure --enable-
nfqueue, there are no pre-built packages in the CentOS base or EPEL for
libnfnetlink and libnetfilter_queue. If you wish, you may use the rpms in the
Emerging Threats Cent OS 5 repository:
i386

  sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/i386/
  libnetfilter_queue-0.0.15-1.i386.rpm \
  http://rules.emergingthreatspro.com/projects/emergingrepo/i386/
  libnetfilter_queue-devel-0.0.15-1.i386.rpm \
  http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-
  0.0.30-1.i386.rpm \
  http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-
  devel-0.0.30-1.i386.rpm

x86_64

  sudo rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/
  x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm \
  http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
  libnetfilter_queue-devel-0.0.15-1.x86_64.rpm \
  http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
  libnfnetlink-0.0.30-1.x86_64.rpm \
  http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/
  libnfnetlink-devel-0.0.30-1.x86_64.rpm


libcap-ng installation

This installation is needed for dropping privileges.

  wget http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.6.4.tar.gz
  tar -xzvf libcap-ng-0.6.4.tar.gz
  cd libcap-ng-0.6.4
  ./configure
  make
  sudo make install


Suricata

To download and build Suricata, enter the following:

  wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
  tar -xvzf suricata-1.3.3.tar.gz
  cd suricata-1.3.3

If you are building from Git sources, enter all the following commands:

  bash autogen.sh

If you are not building from Git sources, enter only:

  ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
  make
  sudo make install


Auto setup

You can also use the available auto setup features of Suricata:
ex:

     ./configure && make && make install-conf

make install-conf
would do the regular "make install" and then it would automatically create/
setup all the necessary directories and suricata.yaml for you.

     ./configure && make && make install-rules

make install-rules
would do the regular "make install" and then it would automatically download
and set up the latest ruleset from Emerging Threats available for Suricata

     ./configure && make && make install-full

make install-full
would combine everything mentioned above (install-conf and install-rules) - and
will present you with a ready to run (configured and set up) Suricata
Please continue with the Basic_Setup.