[Suricata 6.0.3] 설치 및 실행

Network IDS/IPS 도구인 Suricata 6.0.3을 설치해 보았다.

나는 Linux 커널의 NetFilter를 이용,

IPTables NFQUEUE 포워딩을 통해 inline mode로 사용하기 위한 옵션을 추가,

Log를 redis로 가져오기 위한 옵션 등을 추가하였다.

# 패키지 설치
apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev
	build-essential autoconf automake libtool libpcap-dev
	libnet1-dev libyaml-0-2 libyaml-dev zlib1g zlib1g-dev
	libcap-ng-dev libcap-ng0 make libmagic-dev libjansson-dev
	libjansson4 pkg-config libnetfilter-queue-dev libnetfilter-queue1
	libnfnetlink-dev libnfnetlink0 libhiredis-dev python-yaml
	liblz4-dev libmnl-dev libevent-dev libnss3-dev
apt-get install -y rustc cargo
apt-get install -y python3-distutils
apt-get install -y python3-yaml

# 다운로드
wget --no-check-certificate
	https://www.openinfosecfoundation.org/download/suricata-6.0.3.tar.gz
	-O suricata-6.0.3.tar.gz
   
# 압축해제
tar xfz suricata-6.0.3.tar.gz

# 빌드
cd suricata-6.0.3
./configure --enable-nfqueue --enable-rust --prefix=/usr
	--sysconfdir=/etc --localstatedir=/var
    --enable-hiredis
	--with-libhiredis-includes=/usr/local/include/hiredis
    --with-libhiredis-libraries=/usr/local/lib
    --enable-hiredis-async
    --with-libevent-lincludes=/usr/include/event2
    --with-libevent-libraries=/usr/loca/lib
    --with-libnss-libraries=/usr/lib
    --with-libnss-includes=/usr/include/nss
    --with-libnspr-libraries=/usr/lib
    --with-libnspr-includes=/usr/include/nspr
make
make install
make install-conf

# 실행
suricata -c /etc/suricata/suricata.yaml -D -v -q 0 -q 1 -q 2 -q 3
	--runmode workers --pidfile /var/run/suricata.pid