ubuntu1804 build the latest Suricata

suricata

Suricata is a free, open source, mature, fast and powerful cyber threat detection engine.

The Suricata engine is capable of real-time intrusion detection (IDS), inline intrusion prevention (IPS), [network security] (https://cloud.tencent.com/product/ns?from=10680) monitoring (NSM) and offline pcap processing.

The core of many so-called enterprise security protection products is traffic detection based on suricata, which constantly compiles, updates and improves detection rules to improve security capabilities.

Build##

Environment: ubuntu1804

suricata version: 4.1.2

1. Installation dependencies sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev pkg-config
2. Download and unzip the source code wget https://www.openinfosecfoundation.org/download/suricata-4.1.2.tar.gz
3. tar -xvf suricata-4.1.2.tar.gz
4. cd suricata-4.1.2/
5. Compile and install ./configure --sysconfdir=/etc --localstatedir=/var
6. make
7. sudo make install

Basic configuration##

1. Create log directory sudo mkdir /var/log/suricata
2. sudo mkdir /etc/suricata
3. Copy the configuration file sudo cp classification.config /etc/suricata
4. sudo cp reference.config /etc/suricata
5. sudo cp suricata.yaml /etc/suricata
6. The configuration has been completed, you can enter sudo suricata -c /etc/suricata/suricata.yaml -i ens33 to start

Exception resolution##

suricata: error while loading shared libraries: libhtp.so.2: cannot open shared object file: No such file or directory Solution:

1. sudo vim /etc/ld.so.conf
2. Add a line /usr/local/lib, save
3. Execute the ldconfig command to solve