2013年10月31日 星期四

[研究] Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)

[研究] Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)

2013-10-31 AM 7:35
2013-11-02 最新修訂

**********************************************************************************

這幾篇是相關的

[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/suricata-146-centos-64-x64.html

[研究] Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/suricata-146-centos-64-x64_31.html

[研究] Barnyard2 for Suricata 1.4.6 安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/11/barnyard2-for-suricata-146-centos-64-x64.html

[研究] Barnyard2 for Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/barnyard2-for-suricata-146-centos-64-x64.html

[研究] Suricata 1.4.6 + Barnyard + BASE 安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/11/suricata-146-barnyard-base-centos-64-x64.html

**********************************************************************************


詳情請看這篇

[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.tw/2013/10/suricata-146-centos-64-x64.html

請先切換成 root 後執行

[root@localhost ~]# su  root
[root@localhost ~]# vi   Suricata_Install.sh
把下面框中內容全部貼上
[root@localhost ~]# chmod +x  Suricata_Install.sh
[root@localhost ~]# ./Suricata_Install.sh

注意:請勿把下面程式直接貼到命令提示 (例如:[root@localhost ~]#  ) 下直接執行,不然 if then ... else if 這類不是單一行命令的程式會執行錯誤。

#!/bin/bash

echo -e "\033[31m"
echo -e "Program : Suricata_Install.sh "
echo -e "Suricata 1.4.6 Install Shell Script (CentOS 6.4 x86_64) "
echo -e "by Shau-Rong Lu 2013/10/31 "
echo -e "\033[0m"

cd /usr/local/src

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm

yum -y install libpcap libpcap-devel libnet libnet-devel pcre pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml libyaml-devel zlib zlib-devel file-devel libcap-ng libcap-ng-devel

rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-1.0.0-1.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-devel-1.0.0-1.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.17-2.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.17-2.x86_64.rpm

if [ ! -s suricata-1.4.6.tar.gz ]; then
  echo "Can not find /usr/local/src/suricata-1.4.6.tar.gz"
  wget http://www.openinfosecfoundation.org/download/suricata-1.4.6.tar.gz
  #exit
fi
tar -xvzf suricata-1.4.6.tar.gz
cd suricata-1.4.6
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
make install-full
ldconfig

rm -fr  /etc/init.d/suricatad

echo '#!/bin/bash'  >> /etc/init.d/suricatad

echo ""  >> /etc/init.d/suricatad
echo "# chkconfig: 345 99 01"  >> /etc/init.d/suricatad
echo "# description: Suricata Daemon startup script"  >> /etc/init.d/suricatad
echo "# 345 - levels to configure"  >> /etc/init.d/suricatad
echo "# 99 - startup order"  >> /etc/init.d/suricatad
echo "# 01 - stop order"  >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo ". /etc/rc.d/init.d/functions "  >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "case \"\$1\" in " >> /etc/init.d/suricatad
echo "start)" >> /etc/init.d/suricatad
echo "  echo -n \"Starting Suricata: \"" >> /etc/init.d/suricatad
echo "  daemon PCAP_FRAMES=max /usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0" >> /etc/init.d/suricatad
echo "  echo" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "stop)" >> /etc/init.d/suricatad
echo "  echo -n \"Stopping Suricata: \"" >> /etc/init.d/suricatad
echo "  killproc suricata" >> /etc/init.d/suricatad
echo "  echo" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "restart)" >> /etc/init.d/suricatad
echo "  \$0 stop" >> /etc/init.d/suricatad
echo "  \$0 start" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "status)" >> /etc/init.d/suricatad
echo "  status suricata" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "*)" >> /etc/init.d/suricatad
echo "  echo \"Usage: service suricatad {start|stop|restart|status}\"" >> /etc/init.d/suricatad
echo "  exit 1" >> /etc/init.d/suricatad
echo "  esac" >> /etc/init.d/suricatad
echo "  exit 0" >> /etc/init.d/suricatad

chmod +x /etc/init.d/suricatad
chkconfig  --add  suricatad
chkconfig  suricatad  on

service suricatad restart


測試

[root@localhost ~]# ps aux | grep suricata
root     10369 90.4  9.6 121940 97556 ?        Rs   22:30   0:09 /usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0
root     10371  0.0  0.0 103236   856 pts/1    S+   22:30   0:00 grep suricata

[root@localhost ~]# ls -al /var/log/suricata
total 2316
drwxr-xr-x.  3 root root    4096 Oct 31 22:30 .
drwxr-xr-x. 14 root root    4096 Oct 31 22:29 ..
-rw-r-----.  1 root root 2335626 Oct 31 22:30 fast.log
drwxr-xr-x.  2 root root    4096 Oct 31 22:29 files
-rw-r-----.  1 root root       0 Oct 31 22:30 http.log
-rw-r--r--.  1 root root    6873 Oct 31 22:30 stats.log
-rw-r-----.  1 root root   10972 Oct 31 22:30 unified2.alert.1383229829
[root@localhost ~]#

(完)

沒有留言:

張貼留言