环境准备
- 基于minimal版本的CentOS7镜像安装虚拟机
- 安装包:suricata-4.1.4.tar.gz、LuaJIT-2.0.3.tar.gz、lua-cjson-2.1.0.tar.gz
修改yum源
1.进入/etc/yum.repo.d
2.修改CentOS-BASE.repo文件为如下内容
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- 新建epel.repo文件,内容如下
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://mirrors.ustc.edu.cn/epel/7/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://mirrors.ustc.edu.cn/epel/7/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://mirrors.ustc.edu.cn/epel/7/SRPMS
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
- 新建epel-testing.repo文件,内容如下
[epel-testing]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch
baseurl=http://mirrors.ustc.edu.cn/epel/testing/7/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-testing-debuginfo]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch - Debug
baseurl=http://mirrors.ustc.edu.cn/epel/testing/7/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
[epel-testing-source]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch - Source
baseurl=http://mirrors.ustc.edu.cn/epel/testing/7/SRPMS
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
安装依赖库
sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel libnetfilter_queue-devel lua-devel PyYAML libmaxminddb-devel rustc cargo lz4-devel libcap-ng-devel openssl-devel openssl;
cargo install cargo-vendor;
配置环境变量
echo "export PATH=$PATH:/root/.cargo/bin" >> /root/.bashrc
source /root/.bashrc
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
安装Luajit库、cjson库
wget http://luajit.org/download/LuaJIT-2.0.3.tar.gz</u>](http://luajit.org/download/LuaJIT-2.0.3.tar.gz)
tar -zxf LuaJIT-2.0.3.tar.gz
cd LuaJIT-2.0.3
make && make install
wget http://www.kyne.com.au/~mark/software/download/lua-cjson-2.1.0.tar.gz</u>](http://www.kyne.com.au/~mark/software/download/lua-cjson-2.1.0.tar.gz)
tar zxvf lua-cjson-2.1.0.tar.gz
make
make install
编译安装suricata
tar -zxvf suricata-4.1.4.tar.gz
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --enable-luajit --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr --with-libluajit-includes=/usr/local/include/luajit-2.0/ --with-libluajit-libraries=/usr/lib/ --with-libjansson-libraries=/usr/lib64/ --with-libjansson-includes=/usr/include
make
make install
ldconfig
下载开源规则及配置文件
make install-full
cd /var/lib/suricata/update/cache/
tar -zxvf *.tar.gz
开启lua支持
image.png
vi /etc/suricata/suricata.yaml
# 修改enabled处为yes
mkdir /etc/suricata/lua-output
启动suricata显示非法指令
- 在设备A中编译的suricata能够正常运行
- 将A中的suricata移植到设备B后,运行suricata显示“非法指令”
- 执行 make指令编译时,默认使用了
-march=native选项
image.png
该选项会产生专用于local machine的代码,使之能够支持所有的指令集,因此可能导致在不同的机器上不能运行。 - 在执行configure指令的时候,增加
--disable-gccmarch-native选项,这样make的时候就不会自动添加--march=native选项了。
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --enable-luajit --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr --with-libluajit-includes=/usr/local/include/luajit-2.0/ --with-libluajit-libraries=/usr/lib/ --with-libjansson-libraries=/usr/lib64/ --with-libjansson-includes=/usr/include --enable-gccmarch-native
网友评论