2013年10月31日 星期四

[研究] Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)

[研究] Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)

2013-10-31 AM 7:35
2013-11-02 最新修訂

**********************************************************************************

這幾篇是相關的

[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/suricata-146-centos-64-x64.html

[研究] Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/suricata-146-centos-64-x64_31.html

[研究] Barnyard2 for Suricata 1.4.6 安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/11/barnyard2-for-suricata-146-centos-64-x64.html

[研究] Barnyard2 for Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/barnyard2-for-suricata-146-centos-64-x64.html

[研究] Suricata 1.4.6 + Barnyard + BASE 安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/11/suricata-146-barnyard-base-centos-64-x64.html

**********************************************************************************


詳情請看這篇

[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.tw/2013/10/suricata-146-centos-64-x64.html

請先切換成 root 後執行

[root@localhost ~]# su  root
[root@localhost ~]# vi   Suricata_Install.sh
把下面框中內容全部貼上
[root@localhost ~]# chmod +x  Suricata_Install.sh
[root@localhost ~]# ./Suricata_Install.sh

注意:請勿把下面程式直接貼到命令提示 (例如:[root@localhost ~]#  ) 下直接執行,不然 if then ... else if 這類不是單一行命令的程式會執行錯誤。

#!/bin/bash

echo -e "\033[31m"
echo -e "Program : Suricata_Install.sh "
echo -e "Suricata 1.4.6 Install Shell Script (CentOS 6.4 x86_64) "
echo -e "by Shau-Rong Lu 2013/10/31 "
echo -e "\033[0m"

cd /usr/local/src

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm

yum -y install libpcap libpcap-devel libnet libnet-devel pcre pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml libyaml-devel zlib zlib-devel file-devel libcap-ng libcap-ng-devel

rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-1.0.0-1.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-devel-1.0.0-1.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.17-2.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.17-2.x86_64.rpm

if [ ! -s suricata-1.4.6.tar.gz ]; then
  echo "Can not find /usr/local/src/suricata-1.4.6.tar.gz"
  wget http://www.openinfosecfoundation.org/download/suricata-1.4.6.tar.gz
  #exit
fi
tar -xvzf suricata-1.4.6.tar.gz
cd suricata-1.4.6
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
make install-full
ldconfig

rm -fr  /etc/init.d/suricatad

echo '#!/bin/bash'  >> /etc/init.d/suricatad

echo ""  >> /etc/init.d/suricatad
echo "# chkconfig: 345 99 01"  >> /etc/init.d/suricatad
echo "# description: Suricata Daemon startup script"  >> /etc/init.d/suricatad
echo "# 345 - levels to configure"  >> /etc/init.d/suricatad
echo "# 99 - startup order"  >> /etc/init.d/suricatad
echo "# 01 - stop order"  >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo ". /etc/rc.d/init.d/functions "  >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "case \"\$1\" in " >> /etc/init.d/suricatad
echo "start)" >> /etc/init.d/suricatad
echo "  echo -n \"Starting Suricata: \"" >> /etc/init.d/suricatad
echo "  daemon PCAP_FRAMES=max /usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0" >> /etc/init.d/suricatad
echo "  echo" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "stop)" >> /etc/init.d/suricatad
echo "  echo -n \"Stopping Suricata: \"" >> /etc/init.d/suricatad
echo "  killproc suricata" >> /etc/init.d/suricatad
echo "  echo" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "restart)" >> /etc/init.d/suricatad
echo "  \$0 stop" >> /etc/init.d/suricatad
echo "  \$0 start" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "status)" >> /etc/init.d/suricatad
echo "  status suricata" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "*)" >> /etc/init.d/suricatad
echo "  echo \"Usage: service suricatad {start|stop|restart|status}\"" >> /etc/init.d/suricatad
echo "  exit 1" >> /etc/init.d/suricatad
echo "  esac" >> /etc/init.d/suricatad
echo "  exit 0" >> /etc/init.d/suricatad

chmod +x /etc/init.d/suricatad
chkconfig  --add  suricatad
chkconfig  suricatad  on

service suricatad restart


測試

[root@localhost ~]# ps aux | grep suricata
root     10369 90.4  9.6 121940 97556 ?        Rs   22:30   0:09 /usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0
root     10371  0.0  0.0 103236   856 pts/1    S+   22:30   0:00 grep suricata

[root@localhost ~]# ls -al /var/log/suricata
total 2316
drwxr-xr-x.  3 root root    4096 Oct 31 22:30 .
drwxr-xr-x. 14 root root    4096 Oct 31 22:29 ..
-rw-r-----.  1 root root 2335626 Oct 31 22:30 fast.log
drwxr-xr-x.  2 root root    4096 Oct 31 22:29 files
-rw-r-----.  1 root root       0 Oct 31 22:30 http.log
-rw-r--r--.  1 root root    6873 Oct 31 22:30 stats.log
-rw-r-----.  1 root root   10972 Oct 31 22:30 unified2.alert.1383229829
[root@localhost ~]#

(完)

[研究] Windows Azure Pack 與 Web Platform Installer

[研究] Windows Azure Pack 與 Web Platform Installer

2013-10-31

Windows Azure Pack for Windows Server
http://technet.microsoft.com/zh-tw/library/dn296435.aspx

Windows Azure Pack White Paper
http://download.microsoft.com/download/0/1/C/01C728DF-B1DD-4A9E-AC5A-2C565AA37730/Windows_Azure_Pack_White_Paper.pdf


微軟出了 Windows Azure Pack,因為敝人有開發 Windows Azure 平台上的網站/系統,所以稍微關心一下,下載來安裝看看是怎樣的東西。


(下圖) 作業系統還要求 Windows Server 2012 或 Windows Server 2012 R2

先點選 Install Windows Azure Pack: Portal and API Express 安裝看看

(下圖) 安裝程式 WAP_SingleMachineInstallation.3f.3f.3fnew.exe

(下圖) Windows Azure Pack 就是 Web Platform Installer 4.6 嗎? (簡稱 WPI 4.6 )















(下圖) 線上安裝 164.34 MB 的東西











(下圖) 畫面多了些選項




換另一台乾淨的 Windows Server 2012 R2 測試

(下圖)
改點選 Install Windows Pack components on multiple machine
也是要求 Windows Server 2012 或 Windows Server 2012 R2
希望可以下載到離線安裝程式

(下圖) 畫面和之前不同,但也是 Web Platform Installer 4.6,安裝程式 wpilauncher.exe

(下圖) 這裡提到支援的作業系統很多,不僅 也是要求 Windows Server 2012 或 Windows Server 2012 R2???

(下圖) 執行  wpilauncher.exe,直接出現此畫面,比對 WAP_SingleMachineInstallation.3f.3f.3fnew.exe 的畫面,兩者相同,只是 WAP_SingleMachineInstallation.3f.3f.3fnew.exe 是先安裝了一堆東西才出現此畫面

(下圖) 好奇比較一下兩個檔案,居然是一模一樣的東西,微軟在檔案名稱動手腳?



測試:把 "wpilauncher.exe" 複製一份 "wpilauncher - 複製.exe" ,執行它,正常,只辨識前幾個字元?

(下圖) 測試:把 "wpilauncher - 複製.exe"  改名成 "2.exe",執行它,出現錯誤,檔案名稱真的有玄機

執行  wpilauncher.exe /? 
執行  wpilauncher.exe /layout
執行  WAP_SingleMachineInstallation.3f.3f.3fnew.exe  /? 
執行  WAP_SingleMachineInstallation.3f.3f.3fnew.exe  /layout
在 Windows 7 x64 上執行 (此台無 Visual Studio )

也是相同的錯誤畫面,也沒有離線安裝版可以下載 

(下圖) 把 "WAP_SingleMachineInstallation.3f.3f.3fnew.exe" 複製成 "WAP_SingleMachineInstallation.3f.3f.3fnew - 複製.exe" 執行,出現錯誤

其實檔案名稱看來有點怪,.3f.3f..3f 有點像是特殊編碼,new 有點像參數,查了一下 %3f 是 ? (問號)

測試:wpilauncher.exe 拿去有安裝 Visual Studio 2012 的 Windows 2008 R2 上執行,是正常運作,可以安裝東西的,並沒有一定要 Windows 2012

(下圖) 同一台 Windows 20008 R2 + Visual Studio 2012 執行WAP_SingleMachineInstallation.3f.3f.3fnew.exe ,卻出現錯誤

也就是說 Windows Azure Pack 其實是拿 Web Platform Installer 去改寫的,根據檔案名稱判斷是否可以在某些 OS 上安裝執行,也根據檔案名稱和 OS 種類決定安裝的內容。

(完)


相關

[研究] Windows Azure Pack 與 Web Platform Installer
http://shaurong.blogspot.tw/2013/10/windows-azure-pack.html
http://download.ithome.com.tw/article/index/id/2185

[研究] Windows Azure SDK for .NET 2.2 安裝記
http://shaurong.blogspot.tw/2013/10/windows-azure-sdk-for-net-22.html


[研究] 關閉「Internet Explorer 增強式安全性設定」

[研究] 關閉「Internet Explorer 增強式安全性設定」

2013-10-31

由於 Windows Server 是提供服務使用,一般使用者不會拿它來瀏覽網頁,所以Windows Server有個「Internet Explorer 增強式安全性設定 (Internet Explorer Enhanced Security Configuration,簡稱 IE ESC)」的功能,只要IE瀏覽器一連上不在白名單中的網址,就會跳出警告,使用者需要不斷把網址加入名單中,為了方便,Windows Server 有提供關閉 IE ESC 方法。

PS:非 Windows Server 的 Windows XP、Vista、7、8、8.1等則不會有這種問題。



Windows Server 2012 R2






Windows Server 2008 R2





 (完)

2013年10月30日 星期三

[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)

[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)

**********************************************************************************

這幾篇是相關的

[研究] Suricata 1.4.6 入侵偵測系統安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/suricata-146-centos-64-x64.html

[研究] Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/suricata-146-centos-64-x64_31.html

[研究] Barnyard2 for Suricata 1.4.6 安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/11/barnyard2-for-suricata-146-centos-64-x64.html

[研究] Barnyard2 for Suricata 1.4.6 快速安裝程式 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/10/barnyard2-for-suricata-146-centos-64-x64.html

[研究] Suricata 1.4.6 + Barnyard + BASE 安裝 (CentOS 6.4 x64)
http://shaurong.blogspot.com/2013/11/suricata-146-barnyard-base-centos-64-x64.html

**********************************************************************************

Suricata IDS 是一種入侵偵測系統(intrusion Detection Systems, IDS)。

Snort vs Suricata 比較
http://wiki.aanval.com/wiki/Snort_vs_Suricata
Suricata 最大優於 Snort 特點是支援 Multi-Threads

Quantitative Analysis of Intrusion Detection Systems: Snort and Suricata
http://people.clarkson.edu/~jmatthew/publications/SPIE_SnortSuricata_2013.pdf
(這裡有效能圖比較,為了方便辨識,小弟上了點顏色)

(下圖) 預設組態,在 2,3,4 cores 時候,Suricata 效能遠超過 Snort


(下圖) Suricata 的 CPU 使用率比 Snort 低

(下圖) CPU cores 不大於4個時,Suricata 的 RAM 用量較高,超過8個時候,Snort暴增




官方網站
http://www.openinfosecfoundation.org/index.php/download-suricata

參考
https://redmine.openinfosecfoundation.org/projects/suricata/wiki
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Quick_Start_Guide
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_56_Installation
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_User_Guide

安裝

su root
cd /usr/local/src

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm

yum -y install libpcap libpcap-devel libnet libnet-devel pcre pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml libyaml-devel zlib zlib-devel file-devel libcap-ng libcap-ng-devel

rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-1.0.0-1.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-devel-1.0.0-1.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.17-2.x86_64.rpm
rpm -Uvh http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.17-2.x86_64.rpm

wget http://www.openinfosecfoundation.org/download/suricata-1.4.6.tar.gz
tar -xvzf suricata-1.4.6.tar.gz
cd suricata-1.4.6
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
make install-full
ldconfig

測試

# 測試程式可否執行

[root@localhost suricata]# /usr/bin/suricata
30/10/2013 -- 14:03:14 - <Info> - This is Suricata version 1.4.6 RELEASE
30/10/2013 -- 14:03:14 - <Info> - CPUs/cores online: 1
30/10/2013 -- 14:03:14 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
30/10/2013 -- 14:03:14 - <Info> - preallocated 65535 defrag trackers of size 144
30/10/2013 -- 14:03:14 - <Info> - defrag memory usage: 13107056 bytes, maximum: 33554432
Suricata 1.4.6
USAGE: /usr/bin/suricata [OPTIONS] [BPF FILTER]

        -c <path>                            : path to configuration file
        -T                                   : test configuration file (use with -c)
        -i <dev or ip>                       : run in pcap live mode
        -F <bpf filter file>                 : bpf filter file
        -r <path>                            : run in pcap file/offline mode
        -s <path>                            : path to signature file loaded in addition to suricata.yaml settings (optional)
        -S <path>                            : path to signature file loaded exclusively (optional)
        -l <dir>                             : default log directory
        -D                                   : run as daemon
        -V                                   : display Suricata version
        --list-app-layer-protos              : list supported app layer protocols
        --list-keywords[=all|csv|<kword>]    : list keywords implemented by the engine
        --list-runmodes                      : list supported runmodes
        --runmode <runmode_id>               : specific runmode modification the engine should run.  The argument
                                               supplied should be the id for the runmode obtained by running
                                               --list-runmodes
        --engine-analysis                    : print reports on analysis of different sections in the engine and exit.
                                               Please have a look at the conf parameter engine-analysis on what reports
                                               can be printed
        --pidfile <file>                     : write pid to this file (only for daemon mode)
        --init-errors-fatal                  : enable fatal failure on signature init error
        --dump-config                        : show the running configuration
        --build-info                         : display build information
        --pcap[=<dev>]                       : run in pcap mode, no value select interfaces from suricata.yaml
        --pcap-buffer-size                   : size of the pcap buffer value from 0 - 2147483647
        --af-packet[=<dev>]                  : run in af-packet mode, no value select interfaces from suricata.yaml
        --user <user>                        : run suricata as this user after init
        --group <group>                      : run suricata as this group after init
        --erf-in <path>                      : process an ERF file


To run the engine with default configuration on interface eth0 with signature file "signatures.rules", run the command as:

/usr/bin/suricata -c suricata.yaml -s signatures.rules -i eth0

[root@localhost suricata]#

# 顯示版本

[root@localhost suricata-1.4.6]# /usr/bin/suricata -V
This is Suricata version 1.4.6 RELEASE

# 測試設定檔案  /etc/suricata//suricata.yaml

/usr/bin/suricata -T -c /etc/suricata//suricata.yaml -i eth0

如果看到這個 Warning 可不理會,這是因為 /etc/suricata/rules/emerging-icmp.rules 中每條 rule 都關閉了
30/10/2013 -- 14:09:27 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules

The two most common are Oinkmaster and Pulledpork. For a guide see:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster

# 測試輸出到檔案

vi  /etc/suricata//suricata.yaml

找到這些敘述,預設只會輸出結果到 console 畫面,可把 file 的 enabled 從 no 改為 yes,就會輸出到 /var/log/suricata.log

  outputs:
  - console:
      enabled: yes
  - file:
      enabled: yes
      filename: /var/log/suricata.log
  - syslog:
      enabled: no
      facility: local5
      format: "[%i] <%d> -- "

# 以前景方式執行 (要結束就 Ctrl-C 中斷)

/usr/bin/suricata -c /etc/suricata//suricata.yaml -i eth0

# 以背景 (daemon) 方式執行 (多 -D 參數)

/usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0

背景方式執行的中斷比較麻煩,先用找出 PID 再用 kill 砍掉

[root@localhost suricata]# ps aux | grep suricata
root     36436 87.5  9.4 120508 96036 ?        Rs   14:40   0:07 /usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0
root     36438  0.0  0.0 103244   828 pts/1    S+   14:40   0:00 grep sur
[root@localhost suricata]# kill -9 36436
[root@localhost suricata]# ps aux |  | grep suricata
root     36440  0.0  0.0 103244   828 pts/1    S+   14:40   0:00 grep sur
[root@localhost suricata]#


# 攻擊測試

目前 suricata 電腦上情況

[root@localhost ~]# ls  -al  /var/log/suricata
total 88
drwxr-xr-x.  3 root root  4096 Oct 30 14:09 .
drwxr-xr-x. 14 root root  4096 Oct 30 14:09 ..
-rw-r-----.  1 root root 17805 Oct 30 14:08 fast.log
drwxr-xr-x.  2 root root  4096 Oct 30 13:57 files
-rw-r-----.  1 root root     0 Oct 30 14:07 http.log
-rw-r--r--.  1 root root 30867 Oct 30 14:08 stats.log
-rw-r-----.  1 root root 24044 Oct 30 14:08 unified2.alert.1383113238

另外找一台主機來攻擊 ( nikto 好像無法對自己攻擊,所以必須另外找一台)

[root@localhost ~]# wget  http://www.cirt.net/nikto/nikto-current.tar.gz
[root@localhost ~]# tar zxvf nikto-current.tar.gz
[root@localhost ~]# cd nikto-*
[root@localhost nikto-2.1.5]# chmod +x nikto.pl
[root@localhost nikto-2.1.5]# ./nikto.pl -h 192.168.128.102
- ***** SSL support not available (see docs for SSL install) *****
- Nikto v2.1.5
---------------------------------------------------------------------------
+ No web server found on 192.168.128.102:80
---------------------------------------------------------------------------
+ 0 host(s) tested
[root@localhost nikto-2.1.5]#

現在 suricata 電腦上情況

[root@localhost ~]# ls  -al  /var/log/suricata
total 132
drwxr-xr-x.  3 root root  4096 Oct 30 14:13 .
drwxr-xr-x. 14 root root  4096 Oct 30 14:09 ..
-rw-r-----.  1 root root 31143 Oct 30 14:14 fast.log
drwxr-xr-x.  2 root root  4096 Oct 30 13:57 files
-rw-r-----.  1 root root     0 Oct 30 14:07 http.log
-rw-r--r--.  1 root root 41152 Oct 30 14:13 stats.log
-rw-r-----.  1 root root 24044 Oct 30 14:08 unified2.alert.1383113238
-rw-r--r--.  1 root root 19113 Oct 30 14:14 unified2.alert.1383113613
[root@localhost suricata]#

rule 管理可考慮 Oinkmaster and Pulledpork
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster


建立一個方便執行/停止的程式

#!/bin/bash

echo -e "\033[31m"
echo -e "Program : Suricata_Manager.sh "
echo -e "Suricata Daemon Runtime Manager Maker Shell Script (CentOS 6.4 x86_64) "
echo -e "by Shau-Rong Lu 2013/10/30 "
echo -e "\033[0m"

rm -fr /etc/init.d/suricatad

echo ""  > /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo ". /etc/rc.d/init.d/functions "  >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "case \"\$1\" in " >> /etc/init.d/suricatad
echo "start)" >> /etc/init.d/suricatad
echo "  echo -n \"Starting Suricata: \"" >> /etc/init.d/suricatad
echo "  daemon PCAP_FRAMES=max /usr/bin/suricata -D -c /etc/suricata//suricata.yaml -i eth0" >> /etc/init.d/suricatad
echo "  echo" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "stop)" >> /etc/init.d/suricatad
echo "  echo -n \"Stopping Suricata: \"" >> /etc/init.d/suricatad
echo "  killproc suricata" >> /etc/init.d/suricatad
echo "  echo" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "" >> /etc/init.d/suricatad
echo "restart)" >> /etc/init.d/suricatad
echo "  \$0 stop" >> /etc/init.d/suricatad
echo "  \$0 start" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "status)" >> /etc/init.d/suricatad
echo "  status suricata" >> /etc/init.d/suricatad
echo "  ;;" >> /etc/init.d/suricatad
echo "*)" >> /etc/init.d/suricatad
echo "  echo \"Usage: service suricatad {start|stop|restart|status}\"" >> /etc/init.d/suricatad
echo "  exit 1" >> /etc/init.d/suricatad
echo "  esac" >> /etc/init.d/suricatad
echo "  exit 0" >> /etc/init.d/suricatad

chmod +x /etc/init.d/suricatad

以後 ...

啟動程式

service  suricatad start

停止程式

service  suricatad stop

重新啟動程式

service  suricatad restart

顯示狀態

service  suricatad status

(完)

相關

[研究] snort-2.9.5.5.tar.gz (CentOS 6.4 x64) 快速安裝程式
http://shaurong.blogspot.tw/2013/10/snort-2955targz-centos-64-x64.html