This post has been updated: 31/05/2013. I’ve tested the installation steps with CentOS 6.4. It also works with CentOS 6.3
Today I’ll compile Suricata in a clean CentOS 6.4 server. I’m not compiling it with PFRING support (it would increase performance). Ok, hands on:
- You’ll need the EPEL repository, see the step 2 from this post.
- I’ll install Development Tools group and some packages needed by Suricata.
yum groupinstall "Development Tools" yum install pcre-devel libyaml-devel libnet-devel libpcap-devel libcap-ng-devel file-devel zlib-devel - Download Suricata from its web page. Move the tar.gz file to a suitable directory, in my case I’ve chosen /opt directory.
- Uncompress it (I’m compiling 1.4.3 version) and configure the compilation. I’ve set some prefixes and directories and added the –disable-gccmarch as I was having problems (Illegal Instruction) when executing Suricata on my QEMU/KVM virtual machine (the post that helped me).
tar xvfz suricata-1.4.3.tar.gz cd suricata-1.4.3 ./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-gccmarch-native
- Ok. Now let’s use make, make install and if you want Suricata to create a config file and download rules from Emerging Threats use make install-full.
make make install make install-full ldconfig - And finally let’s try to execute suricata command.
[root@sherlock ~]# suricata -V This is Suricata version 1.4.3 RELEASE
I read in ntop’s web page that virtual pf_ring would improve performance dramatically for virtualization environments like KVM but I have no money now to pay for the fee (if you want to donate let me know :-D) so I’ll try to use it for a few minutes as they suggest for evaluation purposes.
As always I appreciate any comments to improve the quality of this post. Enjoy!
n40lab 
This was extremely helpful, thank you! Now I just need to find a guide on how to use Suricata… *sigh
LikeLike