Installing Snorby on Rasberry Pi 2: Suricata Installation Guide for OS X

Suricata Installation Guide for OS X

Contents

1 Pre-Installation Requirements
1.1 HTP
1.2 IPS
2 Installation
3 External Links
4 Community Support from Tactical FLEX, Inc.
Pre-Installation Requirements

These instructions have been tested with Mac OS X (10.6.1). To begin, you will need an essential development environment much like gcc/make. You can download Xcode from http://developer\.apple.com/technology/xcode.html.
MacPorts is required for you to fetch the depends, so you will also need to install MacPorts,

if you have not already done so. The online installation guide is located at

http://guide.macports.org/#installing.

Before you can build Suricata for your system, you must run the following command to ensure that you have everything you need for the installation:

port install autoconf automake gcc44 make libnet11 libpcap pcre libyaml libtool
export AC_PROG_LIBTOOL=$( which libtool )

Depending on the current status of your system, it may take a while to complete this process.

HTP

HTP is bundled with Suricata and installed automatically. If you need to install HTP manually
for other reasons, instructions can be found at HTP library installation.

IPS
If you would like to have IPS capabilities with IPFW, then you should run configure like this:

./configure --enable-ipfw --prefix=/usr --sysconfdir=/etc --localstatedir=/var
and execute the rest of the commands the same as above.

Installation

To download and build Suricata, enter the following:

wget http://www.openinfosecfoundation.org/download/suricata-1.3.1.tar.gz
tar -xvzf suricata-1.3.1.tar.gz
cd suricata-1.3.1

You will also need to have an ipfw rule set for the engine to see the packets from ipfw.
For example:

ipfw add 100 divert 8000 ip from any to any

The 8000 above should be the same number you pass on the command line of suricata with the option -d, that is, -d 8000:

suricata -c config_file.yaml -d 8000

You will need a Suricata rule set with IPS options (drop, reject, etc). For this, please refer to the Emerging Threats rule sets.
If you are building from Git sources, enter the following:

bash autogen.sh

If you are not building from Git sources, enter the following:

Installing Snorby on Rasberry Pi 2

Suricata Installation Guide for OS X

Suricata Installation Guide for OS X

Contents

1 Pre-Installation Requirements
1.1 HTP
1.2 IPS
2 Installation
3 External Links
4 Community Support from Tactical FLEX, Inc.
Pre-Installation Requirements

if you have not already done so. The online installation guide is located at

http://guide.macports.org/#installing.

Before you can build Suricata for your system, you must run the following command to ensure that you have everything you need for the installation:

Depending on the current status of your system, it may take a while to complete this process.

HTP

HTP is bundled with Suricata and installed automatically. If you need to install HTP manually
for other reasons, instructions can be found at HTP library installation.

IPS
If you would like to have IPS capabilities with IPFW, then you should run configure like this:

Installation

To download and build Suricata, enter the following:

wget http://www.openinfosecfoundation.org/download/suricata-1.3.1.tar.gz
tar -xvzf suricata-1.3.1.tar.gz
cd suricata-1.3.1

You will also need to have an ipfw rule set for the engine to see the packets from ipfw.
For example:

ipfw add 100 divert 8000 ip from any to any

suricata -c config_file.yaml -d 8000

bash autogen.sh

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install

No comments:

Post a Comment

Suricata Installation Guide for OS X

Suricata Installation Guide for OS X

Contents 1 Pre-Installation Requirements 1.1 HTP 1.2 IPS 2 Installation 3 External Links 4 Community Support from Tactical FLEX, Inc. Pre-Installation Requirements

if you have not already done so. The online installation guide is located at

http://guide.macports.org/#installing.

Before you can build Suricata for your system, you must run the following command to ensure that you have everything you need for the installation:

Depending on the current status of your system, it may take a while to complete this process.

HTP

HTP is bundled with Suricata and installed automatically. If you need to install HTP manuallyfor other reasons, instructions can be found at HTP library installation.

IPSIf you would like to have IPS capabilities with IPFW, then you should run configure like this:

Installation

To download and build Suricata, enter the following:

wget http://www.openinfosecfoundation.org/download/suricata-1.3.1.tar.gztar -xvzf suricata-1.3.1.tar.gzcd suricata-1.3.1

You will also need to have an ipfw rule set for the engine to see the packets from ipfw.For example:

ipfw add 100 divert 8000 ip from any to any

suricata -c config_file.yaml -d 8000

bash autogen.sh

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/varmakesudo make install

No comments:

Post a Comment

Contents

1 Pre-Installation Requirements
1.1 HTP
1.2 IPS
2 Installation
3 External Links
4 Community Support from Tactical FLEX, Inc.
Pre-Installation Requirements

HTP is bundled with Suricata and installed automatically. If you need to install HTP manually
for other reasons, instructions can be found at HTP library installation.

IPS
If you would like to have IPS capabilities with IPFW, then you should run configure like this:

wget http://www.openinfosecfoundation.org/download/suricata-1.3.1.tar.gz
tar -xvzf suricata-1.3.1.tar.gz
cd suricata-1.3.1

You will also need to have an ipfw rule set for the engine to see the packets from ipfw.
For example:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install