2013-10-31 AM 7:35
2013-11-02 最新修訂
**********************************************************************************
這幾篇是相關的
[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/suricata-146-centos-64-x64.html
或
[研究] Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/suricata-146-centos-64-x64_31.html
[研究] Barnyard2 for Suricata 1.4.6 安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/11/barnyard2-for-suricata-146-centos-64-x64.html
或
[研究] Barnyard2 for Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/barnyard2-for-suricata-146-centos-64-x64.html
[研究] Suricata 1.4.6 + Barnyard + BASE 安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/11/suricata-146-barnyard-base-centos-64-x64.html
**********************************************************************************
[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.tw/2013/10/suricata-146-centos-64-x64.html
請先切換成 root 後執行
[root@localhost ~]# su root
[root@localhost ~]# vi Suricata_Install.sh
把下面框中內容全部貼上
[root@localhost ~]# chmod +x Suricata_Install.sh
[root@localhost ~]# ./Suricata_Install.sh
注意:請勿把下面程式直接貼到命令提示 (例如:[root@localhost ~]# ) 下直接執行,不然 if then ... else if 這類不是單一行命令的程式會執行錯誤。
| #!/bin/bash echo -e "\033[31m" echo -e "Program : Suricata_Install.sh " echo -e "Suricata 1.4.6 Install Shell Script (CentOS 6.4 x86_64) " echo -e "by Shau-Rong Lu 2013/10/31 " echo -e "\033[0m" cd /usr/local/src wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -Uvh epel-release-6-8.noarch.rpm yum -y install libpcap libpcap-devel libnet libnet-devel pcre pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml libyaml-devel zlib zlib-devel file-devel libcap-ng libcap-ng-devel rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-1.0.0-1.x86_64.rpm rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-devel-1.0.0-1.x86_64.rpm rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.17-2.x86_64.rpm rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.17-2.x86_64.rpm if [ ! -s suricata-1.4.6.tar.gz ]; then echo "Can not find /usr/local/src/suricata-1.4.6.tar.gz" wget http://www.openinfosecfoundation.org/download/suricata-1.4.6.tar.gz #exit fi tar -xvzf suricata-1.4.6.tar.gz cd suricata-1.4.6 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var make make install-full ldconfig rm -fr /etc/init.d/suricatad echo '#!/bin/bash' >> /etc/init.d/suricatad echo "" >> /etc/init.d/suricatad echo "# chkconfig: 345 99 01" >> /etc/init.d/suricatad echo "# description: Suricata Daemon startup script" >> /etc/init.d/suricatad echo "# 345 - levels to configure" >> /etc/init.d/suricatad echo "# 99 - startup order" >> /etc/init.d/suricatad echo "# 01 - stop order" >> /etc/init.d/suricatad echo "" >> /etc/init.d/suricatad echo ". /etc/rc.d/init.d/functions " >> /etc/init.d/suricatad echo "" >> /etc/init.d/suricatad echo "case \"\$1\" in " >> /etc/init.d/suricatad echo "start)" >> /etc/init.d/suricatad echo " echo -n \"Starting Suricata: \"" >> /etc/init.d/suricatad echo " daemon PCAP_FRAMES=max /usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0" >> /etc/init.d/suricatad echo " echo" >> /etc/init.d/suricatad echo " ;;" >> /etc/init.d/suricatad echo "" >> /etc/init.d/suricatad echo "stop)" >> /etc/init.d/suricatad echo " echo -n \"Stopping Suricata: \"" >> /etc/init.d/suricatad echo " killproc suricata" >> /etc/init.d/suricatad echo " echo" >> /etc/init.d/suricatad echo " ;;" >> /etc/init.d/suricatad echo "" >> /etc/init.d/suricatad echo "restart)" >> /etc/init.d/suricatad echo " \$0 stop" >> /etc/init.d/suricatad echo " \$0 start" >> /etc/init.d/suricatad echo " ;;" >> /etc/init.d/suricatad echo "status)" >> /etc/init.d/suricatad echo " status suricata" >> /etc/init.d/suricatad echo " ;;" >> /etc/init.d/suricatad echo "*)" >> /etc/init.d/suricatad echo " echo \"Usage: service suricatad {start|stop|restart|status}\"" >> /etc/init.d/suricatad echo " exit 1" >> /etc/init.d/suricatad echo " esac" >> /etc/init.d/suricatad echo " exit 0" >> /etc/init.d/suricatad chmod +x /etc/init.d/suricatad chkconfig --add suricatad chkconfig suricatad on service suricatad restart |
測試
[root@localhost ~]# ps aux | grep suricata
root 10369 90.4 9.6 121940 97556 ? Rs 22:30 0:09 /usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0
root 10371 0.0 0.0 103236 856 pts/1 S+ 22:30 0:00 grep suricata
[root@localhost ~]# ls -al /var/log/suricata
total 2316
drwxr-xr-x. 3 root root 4096 Oct 31 22:30 .
drwxr-xr-x. 14 root root 4096 Oct 31 22:29 ..
-rw-r-----. 1 root root 2335626 Oct 31 22:30 fast.log
drwxr-xr-x. 2 root root 4096 Oct 31 22:29 files
-rw-r-----. 1 root root 0 Oct 31 22:30 http.log
-rw-r--r--. 1 root root 6873 Oct 31 22:30 stats.log
-rw-r-----. 1 root root 10972 Oct 31 22:30 unified2.alert.1383229829
[root@localhost ~]#
沒有留言:
張貼留言