Installing Suricata 4.1.2 from source on CentOS 7

This post is part of a learning series on leveraging Suricata IDS for Network Security Monitoring. I will cover Suricata configuration, architecture, rules management, log analysis and advanced topics including rule writing and intrusion investigation throughout the series.

Suricata IDS binary package is available in the EPEL repository for CentOS 7 but it’s not always the latest stable release. At the time of writing the v4.1.2 is the latest stable release and v4.0.6 is available in the EPEL repo.

We’ll proceed with installing from the source tar.gz.

Installing pre-requisite

Prepare the system by installing all the dependencies required for a full working Suricata v4.2 installation.

$ sudo yum -y install epel-release
$ sudo yum -y install jq cargo openssl-devel PyYAML lz4-devel gcc libpcap-devel pcre-devel libyaml-devel file-devel zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make libnetfilter_queue-devel lua-devel

Download & Unpack Suricata v4.2

$ wget
$ tar xzvf suricata-4.1.2.tar.gz
$ cd suricata-4.1.2

Compile & Install Suricata v4.2

$ ./configure --libdir=/usr/lib64 --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-nfqueue --enable-lua
$ make
$ sudo make install-full

Verify Suricata Installation

$ suricata -V
This is Suricata version 4.1.2 RELEASE

ASCIInema Walk-through

Following is the asciinema walk-through of the above steps.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.