Suricata IDS on OpenBSD 4.8

2011-02-10 00:00:00 +0000

Suricata is a new open-source intrusion detection product from Open InfoSec Foundation, much like and mostly compatible with well-known Snort. Suricata is still in beta and it didn’t compile cleanly on OpenBSD. Now it does. The attached patch is for Suricata 1.1beta1 (download source). I’ve used the following configuration options:

CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" ./configure --sysconfdir=/etc --enable-gccprotect

On my OpenBSD 4.8 it compiles and runs cleanly. You will need some additional packages (pkg_add) - here’s my list. I guess autoconf, yaml, net and pcre were needed for compilation. You also want snort for basic rules.

autoconf-2.62p0 automatically configure source code on many Un*x platforms gettext-0.18.1 GNU gettext help2man-1.29p0 GNU help2man libiconv-1.13p1 character set conversion library libnet- raw IP packet construction library libyaml-0.1.2 YAML 1.1 parser and emitter written in C metaauto-0.9 wrapper for gnu auto* pcre-8.02p1 perl-compatible regular expression library snort-2.8.6 highly flexible sniffer/NIDS vim-7.2.444-no_x11 vi clone, many additional features