Installation of Suricata on FreeBSD i386.
Step by step.
cd /usr/ports/devel/pcre/ make install clean cd /usr/ports/textproc/libyaml/ make install clean cd /usr/ports/net/libnet/ make install clean mkdir /usr/local/pkgs/ cd /usr/local/pkgs/ fetch http://www.openinfosecfoundation.org/download/suricata-0.8.1.tar.gz tar -zvf suricata-0.8.1.tar.gz cd suricata-0.8.1 ./configure && make && make install
Move the config file to somewhere nice
cp suricata.yaml /usr/local/etc/ vi /usr/local/etc/suricata.yaml
Change `default-rule-path: /etc/suricata/rules/` and `classification-file: /etc/suricata/classification.config`, lets put them in the proper place.
mkdir /usr/local/etc/suricata/rules mkdir /var/log/suricata
We can populate the rules folder with something while we are at it.
cd /usr/local/etc/suricata/ fetch http://www.emergingthreats.net/rules/emerging.rules.tar.gz tar -xvf emerging.rules.tar.gz
You are also going to need some files from the snort ruleset release, go over to snort.org and register.
Get the latest release and unpack it just like the emerging set.
cd /usr/local/etc/suricata/ tar -xvf snortrules-snapshot-2.8.tar.gz
You really don’t need the entire set you just need one file specifically, the classification.config file. But we will pick that up in part 2.