Following insturctions will get you a fully working Suricata 5.0.0 by installing from the source. These steps are aimed at setting up Suricata 5.0.0 quickly for a test environment and isn’t recommended for a production server.
Installing pre-requisite
$ sudo dnf config-manager --set-enabled PowerTools
$ sudo dnf -y install gcc libpcap-devel pcre-devel libyaml-devel file-devel zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make libnetfilter_queue-devel lua-devel python3-PyYAML libmaxminddb-devel rustc cargo lz4-devel
Download & Unpack Suricata 5.0.0
$ wget https://www.openinfosecfoundation.org/download/suricata-5.0.0.tar.gz
$ tar xzvf suricata-5.0.0.tar.gz
$ cd suricata-5.0.0/
Compile & Install Suricata 5.0.0
$ ./configure --libdir=/usr/lib64 --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-nfqueue --enable-lua
$ sudo make install-full
Verify Suricata Installation
$ suricata -V
This is Suricata version 5.0.0 RELEASE
Excellent post thanks. At the end an error was shown and not make the install at all, use suricata 5.0.3 from https://www.openinfosecfoundation.org/download/suricata-5.0.3.tar.gz, but is the same with suricata-5.0.0.tar.gz… look like this…
make[1]: Leaving directory ‘/tmp/suricata-5.0.3’
make install-rules
make[1]: Entering directory ‘/tmp/suricata-5.0.3’
error: rules not installed as suricata-update not available
make[1]: *** [Makefile:937: install-rules] Error 1
make[1]: Leaving directory ‘/tmp/suricata-5.0.3’
make: *** [Makefile:918: install-full] Error 2
Any clue or recommendation..? Thanks in advance, your help is highly appreciated-
LikeLike
Hi, I just tried the exact steps with suricata-5.0.3 and had no issue. Is your machine connected to the Internet? It has a step that downloads latest IDS rules from the internet. Here is the snippet from my installation logs.
25/5/2020 — 01:20:26 – — Fetching https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.
looking at your error, I guess that it failed to download the rules.
LikeLiked by 1 person
Thanks for your prompt reply, discovered that SELinux was active, is now disable and I will try again. Let you know if this was the problem later. Best Regards
LikeLike
You can try the rpm which isn’t always the latest stable release or you can use Ubuntu. Suricata team only maintain official deb repo.
LikeLiked by 1 person
Sorry still the same error,have the internet open because download the file https://www.openinfosecfoundation.org/download/suricata-5.0.3.tar.gz and untar it. I will find other way to install it not compiling it.
Really Highly appreciated and very good post.
LikeLike
Thanks again, I will try, it is strange, try to compile other apps and it also happen.
LikeLike