Suricata IDS binary package is available in the EPEL repository for CentOS 7 but it’s not always the latest stable release. At the time of writing the v4.1.2 is the latest stable release and v4.0.6 is available in the EPEL repo.
We’ll proceed with installing from the source tar.gz.
Installing pre-requisite
Prepare the system by installing all the dependencies required for a full working Suricata v4.2 installation.
$ sudo yum -y install epel-release
$ sudo yum -y install jq cargo openssl-devel PyYAML lz4-devel gcc libpcap-devel pcre-devel libyaml-devel file-devel zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make libnetfilter_queue-devel lua-devel
Download & Unpack Suricata v4.2
$ wget https://www.openinfosecfoundation.org/download/suricata-4.1.2.tar.gz
$ tar xzvf suricata-4.1.2.tar.gz
$ cd suricata-4.1.2
Compile & Install Suricata v4.2
$ ./configure --libdir=/usr/lib64 --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-nfqueue --enable-lua
$sudo make install-full
Verify Suricata Installation
$ suricata -V
This is Suricata version 4.1.2 RELEASE
ASCIInema Walk-through
Following is the asciinema walk-through of the above steps.
$ sudo make full-install —– wrong
$ sudo make install-full ——– right
LikeLike
Thanks Valery for pointing out. I’ve fixed the typo.
LikeLiked by 1 person
whats wrong with:
yum install suricata?
its even the latest version
LikeLike
Hi geegee, at the time of writing Suricata team only managed a deb repository and the CentOS yum didn’t have the latest stable as mentioned very early in the post.
LikeLike