Compiling Suricata 0.9.0 in Ubuntu Lucid 10.04 in IPS (inline) mode
Note: the difference with the 0.8.2 post is that addition of libcap-ng-dev. This allows Suricata to run as an unprivileged user.
Here is how to compile Suricata 0.9.0 in inline mode on Ubuntu Lucid 10.04.
First, make sure you have the “universe” repository enabled. Go to the System menu, Administration, Software Sources. There enable “Community-maintained Open Source Software (universe)”. If you’re not running a gui, edit /etc/apt/sources.list and enable the universe repository there. Don’t forget doing an “apt-get update”.
Install the following packages needed to build Suricata: libpcre3-dev libpcap-dev libyaml-dev zlib1g-dev libnfnetlink-dev libnetfilter-queue-dev libnet1-dev libcap-ng-dev.
apt-get install libpcre3-dev libpcap-dev libyaml-dev zlib1g-dev libnfnetlink-dev libnetfilter-queue-dev libnet1-dev libcap-ng-dev
Download Suricata 0.9.0 here
Extract the suricata-0.9.0.tar.gz file as follows:
tar xzvf suricata-0.9.0.tar.gz
Enter the extracted directory suricata-0.9.0.
Run “./configure –enable-nfqueue” If “./configure –enable-nfqueue” was succesful, run “make” If “make” was succesful, run “sudo make install” Except for Suricata itself, the build process installed “libhtp”. For that to work properly, run “ldconfig”.
Run “suricata -V” and it should report version 0.9.0.
To use Suricata in inline mode, pass -q
suricata -c /etc/suricata/suricata.yaml -q 0