Suricata 是一个网络入侵检测和阻止引擎，由开放信息安全基金会以及它所支持的提供商说开发。该引擎是多线程的，内置 IPv6 的支持，可加载预设规则，支持 Barnyard 和 Barnyard2 工具。

This installation guide has been tested with:

• Suricata 3.0, 2.0.11 on CentOS 7
• Suricata 3.0, 2.0.11 on Scientific Linux 7
• Suricata 3.0, 2.0.11 on Fedora 23, Fedora 22
• Suricata 3.0 on CentOS 6

Pre-Installation Requirements

CentOS 6 Only: CentOS 6 requires the EPEL package repository:

yum install epel-release

Before you can build Suricata, run the following command to ensure that all dependencies are installed:

sudo yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-devel \
  zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make \
  libnetfilter_queue-devel lua-devel

Suricata

To download and build Suricata, enter the following:

wget http://www.openinfosecfoundation.org/download/suricata-3.0.tar.gz

tar -xvzf suricata-3.0.tar.gz

cd suricata-3.0

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-nfqueue --enable-lua

then

make

sudo make install

sudo ldconfig

Auto setup

You can also use the available auto setup features of Suricata:

ex:

make install-conf

make install-conf
will do the regular "make install" and then it will automatically create/setup all the necessary directories and suricata.yaml for you.

make install-rules

make install-rules
will do the regular "make install" and then it will automatically download and set up the latest ruleset from Emerging Threats available for Suricata

make install-full

make install-full
will combine everything mentioned above (install-conf and install-rules) - and will present you with a ready to run (configured and set up) Suricata

Then continue on to Basic Setup.