一 准备

准备安装的版本是6.0.2 安装的系统是CentOS Linux release 7.9.2009 (Core)。

yum -y install epel-release yum-plugin-copr
yum -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev                   libnet1-dev libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev                 libcap-ng-dev libcap-ng0 make libmagic-dev                         libnss3-dev libgeoip-dev liblua5.1-dev libhiredis-dev libevent-dev                 python-yaml rustc carg
yum -y install pkg-config
yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-devel   zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make  libnetfilter_queue-devel lua-devel
yum -y install libtools

二 安装

export RUSTUP_DIST_SERVER=https://mirrors.ustc.edu.cn/rust-static
export RUSTUP_UPDATE_ROOT=https://mirrors.ustc.edu.cn/rust-static/rustup
准备安装 rust

执行 wget https://cdn.jsdelivr.net/gh/rust-lang-nursery/rustup.rs/rustup-init.sh
执行环境变量的配置source $HOME/.cargo/env

至此，rust安装结束

   可以执行suricata 目录下的./augentsh

   会产生 configure

./configure --prefix=/opt/suricata  --enable-unix-socket --with-libnss-libraries=/usr/lib64 --with-libnss-includes=/usr/include/nss3 --with-libnspr-libraries=/usr/lib64 --with-libnspr-includes=/usr/include/nspr4 --enable-non-bundled-htp --with-libhtp-includes=/usr/local/include/htp --with-libhtp-libraries=/usr/local/lib

发现个错误：

   ERROR! libhtp was found but it is neither >= 0.5.37, nor the dev 0.5.X

下载：

https://codeload.github.com/OISF/libhtp/zip/refs/tags/0.5.41
sh ./autogen.sh && make && make install

export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig

继续执行报错：

checking for cargo vendor support... yes
checking for ./rust/dist/rust-bindings.h... no
checking for ./rust/gen/rust-bindings.h... no
checking for cbindgen... no
  Warning: cbindgen too old or not found, it is required to 
      generate header files.
  To install: cargo install --force cbindgen
configure: error: cbindgen required

在执行安装cargo install –force cbindgen

在执行安装之前，先配置好cargo的源

执行vi ~/.cargo/config

添加如下内容

image.png

安装好后，继续configure
然后执行：

make && make install && make install conf 

但是执行：

make install full 

报错：

make[1]: Leaving directory `/home/suricata/suricata-suricata-6.0.2'
make install-rules
make[1]: Entering directory `/home/suricata/suricata-suricata-6.0.2'
error: rules not installed as suricata-update not available
make[1]: *** [install-rules] Error 1
make[1]: Leaving directory `/home/suricata/suricata-suricata-6.0.2'
make: *** [install-full] Error 2

执行：

yum install python3-pip
 yum install python-yaml 
 pip3 install suricata-update 

执行：

python3 /usr/local/bin/suricata-update

下载失败，直接手工下载：

https://rules.emergingthreats.net/open/suricata-6.0.2/emerging.rules.tar.gz

三 参考：

[https://blog.csdn.net/qq_38601892/article/details/123944112](https://blog.csdn.net/qq_38601892/article/details/123944112)
[https://blog.csdn.net/isxiaole/article/details/123282267](https://blog.csdn.net/isxiaole/article/details/123282267)
[https://blog.csdn.net/weixin_42785632/article/details/125638748](https://blog.csdn.net/weixin_42785632/article/details/125638748)