1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
.. _installation:
Installation
============
Before Suricata can be used it has to be installed. Suricata can be installed
on various distributions using binary packages: :ref:`install-binary-packages`.
For people familiar with compiling their own software, the `Source method` is
recommended.
Advanced users can check the advanced guides, see :ref:`install-advanced`.
Source
------
Installing from the source distribution files gives the most control over the Suricata installation.
The Suricata source distribution files should be verified before building
the source, see :doc:`verifying-source-files`.
Basic steps::
tar xzvf suricata-7.0.0.tar.gz
cd suricata-7.0.0
./configure
make
make install
This will install Suricata into ``/usr/local/bin/``, use the default
configuration in ``/usr/local/etc/suricata/`` and will output to
``/usr/local/var/log/suricata``
Common configure options
^^^^^^^^^^^^^^^^^^^^^^^^
.. option:: --disable-gccmarch-native
Do not optimize the binary for the hardware it is built on. Add this
flag if the binary is meant to be portable or if Suricata is to be used in a VM.
.. option:: --prefix=/usr/
Installs the Suricata binary into /usr/bin/. Default ``/usr/local/``
.. option:: --sysconfdir=/etc
Installs the Suricata configuration files into /etc/suricata/. Default ``/usr/local/etc/``
.. option:: --localstatedir=/var
Setups Suricata for logging into /var/log/suricata/. Default ``/usr/local/var/log/suricata``
.. option:: --enable-geoip
Enables GeoIP support for detection.
.. option:: --enable-dpdk
Enables `DPDK <https://www.dpdk.org/>`_ packet capture method.
Dependencies and compilation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ubuntu/Debian
"""""""""""""
.. note:: The following instructions require ``sudo`` to be installed.
.. literalinclude:: ../../scripts/docs-ubuntu-debian-minimal-build.sh
:caption: Minimal dependencies for Ubuntu/Debian
:language: bash
:start-after: # install-guide-documentation tag start: Minimal dependencies
:end-before: # install-guide-documentation tag end: Minimal dependencies
CentOS, AlmaLinux, RockyLinux, Fedora, etc
""""""""""""""""""""""""""""""""""""""""""
.. note:: The following instructions require ``sudo`` to be installed.
To install all minimal dependencies, it is required to enable extra package
repository in most distros. You can enable it possibly by
one of the following ways::
sudo dnf -y update
sudo dnf -y install epel-release dnf-plugins-core
# AlmaLinux 8 / RockyLinux 8
sudo dnf config-manager --set-enabled powertools
# AlmaLinux 9 / RockyLinux 9
sudo dnf config-manager --set-enable crb
# Oracle Linux 8
sudo dnf config-manager --set-enable ol8_codeready_builder
# Oracle Linux 9
sudo dnf config-manager --set-enable ol9_codeready_builder
.. literalinclude:: ../../scripts/docs-almalinux9-minimal-build.sh
:caption: Minimal dependencies for RPM-based distributions
:language: bash
:start-after: # install-guide-documentation tag start: Minimal RPM-based dependencies
:end-before: # install-guide-documentation tag end: Minimal RPM-based dependencies
Windows
"""""""
For building and installing from source on Windows, see :doc:`install/windows`.
Compilation
"""""""""""
Follow these steps from your Suricata directory::
./configure # you may want to add additional parameters here
# ./configure --help to get all available parameters
# j is for adding concurrency to make; the number indicates how much
# concurrency so choose a number that is suitable for your build system
make -j8
make install # to install your Suricata compiled binary
# make install-full - installs configuration and rulesets as well
Rust support
""""""""""""
Rust packages can be found in package managers but some distributions
don't provide Rust or provide outdated Rust packages.
In case of insufficient version you can install Rust directly
from the Rust project itself::
1) Install Rust https://www.rust-lang.org/en-US/install.html
2) Install cbindgen - if the cbindgen is not found in the repository
or the cbindgen version is lower than required, it can be
alternatively installed as: cargo install --force cbindgen
3) Make sure the cargo path is within your PATH environment
echo 'export PATH="~/.cargo/bin:${PATH}"' >> ~/.bashrc
export PATH="~/.cargo/bin:${PATH}"
Auto-Setup
^^^^^^^^^^
You can also use the available auto-setup features of Suricata:
::
./configure && make && sudo make install-conf
*make install-conf* would do the regular "make install" and then it would automatically
create/setup all the necessary directories and ``suricata.yaml`` for you.
::
./configure && make && sudo make install-rules
*make install-rules* would do the regular "make install" and then it would automatically
download and set up the latest ruleset from Emerging Threats available for Suricata.
::
./configure && make && sudo make install-full
*make install-full* would combine everything mentioned above (install-conf and install-rules)
and will present you with a ready-to-run (configured and set-up) Suricata.
.. _install-binary-packages:
Binary packages
---------------
.. toctree::
:maxdepth: 1
install/ubuntu
install/debian
install/rpm
install/other
Suricata is available on various distributions as binary
packages. These offer a convenient way to install and manage Suricata
without compiling from source.
**For Ubuntu systems**:
See :doc:`install/ubuntu` for detailed instructions on
installing from PPA repositories.
**For Debian systems**:
See :doc:`install/debian` for detailed instructions on
installing from official repositories and backports.
**For RPM-based distributions (CentOS, AlmaLinux, RockyLinux, Fedora, etc)**:
See :doc:`install/rpm` for detailed instructions on
installing from COPR repositories.
**For other distributions**:
See :doc:`install/other` for installation instructions
for Arch Linux and other distributions.
.. _install-advanced:
Advanced Installation
---------------------
If you are using Ubuntu, you can follow
:doc:`devguide/codebase/installation-from-git`.
For other various installation guides for installing from GIT and for other operating
systems, please check (bear in mind that those may be somewhat outdated):
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation
|
