From 8879b125d26e8db1a5633de5a9c692eb2d1c4f83 Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Wed, 9 Sep 2015 22:21:41 -0700 Subject: suricata checkin based on commit id a4bce14770beee46a537eda3c3f6e8e8565d5d0a Change-Id: I9a214fa0ee95e58fc640e50bd604dac7f42db48f --- framework/src/suricata/doc/INSTALL.WINDOWS | 181 +++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 framework/src/suricata/doc/INSTALL.WINDOWS (limited to 'framework/src/suricata/doc/INSTALL.WINDOWS') diff --git a/framework/src/suricata/doc/INSTALL.WINDOWS b/framework/src/suricata/doc/INSTALL.WINDOWS new file mode 100644 index 00000000..f03bd37b --- /dev/null +++ b/framework/src/suricata/doc/INSTALL.WINDOWS @@ -0,0 +1,181 @@ +Before you start +================ + +An up to date version of this document can be found online: +https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows + +Alternatively, an installation document for using CYGWIN instead of MinGW can +be found here: +https://redmine.openinfosecfoundation.org/attachments/download/676/SurWinInstallGuide.pdf + +This file describes how to build and run Suricata on Windows. Currently +Windows XP and above are supported. + + +Preparing the build environment +=============================== + +1. Setup MinGW environment from http://mingw.org + +Do not use the automatic installer as it is deprecated. Manually unpack +the following packages to c:\mingw (use newer versions if you like): + + * binutils + o binutils-2.20–1-mingw32-bin.tar.gz + * mingw-runtime (dev and dll): + o mingwrt-3.17-mingw32-dll.tar.gz + o mingwrt-3.17-mingw32-dev.tar.gz + * w32api + o w32api-3.14-mingw32-dev.tar.gz + * required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads): + o gmp-4.2.4-mingw32-dll.tar.gz + o libiconv-1.13.1–1-mingw32-dll-2.tar.lzma + o mpfr-2.4.1-mingw32-dll.tar.gz + o pthreads-w32–2.8.0-mingw32-dll.tar.gz + * gcc-core (bin and dll): + o gcc-core-4.4.0-mingw32-bin.tar.gz + o gcc-core-4.4.0-mingw32-dll.tar.gz + * make + o make-3.81–20090914-mingw32-bin.tar.gz + * zlib + o libz-1.2.3-1-mingw32-dll-1.tar.gz + o libz-1.2.3-1-mingw32-dev.tar.gz + +2. Install MSYS + + http://sourceforge.net/projects/mingw/files/ + + MSYS-1.0.11.exe (MSYS Base System) + msysDTK-1.0.1.exe (MSYS Suplementary Tools) + autoconf-2.63–1-msys-1.0.11-bin.tar.lzma + automake-1.11–1-msys-1.0.11-bin.tar.lzma + libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma + + MSYS will ask questions during the installation: + Accept Post Install: [y] + MinGW Installed? : [y] + path to MinGW: [c:/MinGW] + +3. Install pkg-config taken from http://wiki.videolan.org/Win32CompileMSYSNew#PKG-CONFIG + Download and extract the following into c:\Msys\1.0 + http://ftp.gnome.org/pub/GNOME/binaries/win32/glib/2.18/glib_2.18.2-1_win32.zip + ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config_0.23-3_win32.zip + ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config-dev_0.23-3_win32.zip + + Set PKG_CONFIG_PATH=/win32/lib/pkgconfig + + (e.g. by adding the Windows enviroment variable PKG_CONFIG_PATH in "Control Panel"->"System"->"Advanced System Settings"->"Environment Variables" and setting the value to /win32/lib/pkgconfig) + + +4. Get git + + Download portable GIT from this URL: + http://code.google.com/p/msysgit/ + + - unpack to /msys/1.0 + - don't forget to edit your ~/.gitconfig to at least give youreself a name :-) + +5. Get libpcre + + http://www.pcre.org/ + + ./configure --enable-utf8 --disable-cpp --prefix=/mingw + make + make install + +6. Get libyaml + + http://pyyaml.org/wiki/LibYAML + + It does not support mingw compilation. However it works in static mode: + + ./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC" + make + make install + +7. Get libpcap + + Guide can be found here: + - Download Devlopers pack http://www.winpcap.org/devel.htm + - Download and install a coresponding installer package http://www.winpcap.org/install/default.htm (to have the driver in the system) + - Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib + - Rename libwpcap to libpcap + +8. Get and compile Suricata + + git clone git://phalanx.openinfosecfoundation.org/oisf.git + cd oisf + + Because of some weird autools port bug we do the following: + dos2unix.exe libhtp/configure.ac + dos2unix.exe libhtp/htp.pc.in + dos2unix.exe libhtp/Makefile.am + + ./autogen.sh + ./configure CFLAGS="-DYAML_DECLARE_STATIC" + # add --enable-nfqueue as parameter to configure to enable inline mode + make + +If everything goes well, you'll end up with suricata.exe in src/.lib. To test it +you will need libpcre-0.dll, libz-1.dll, and pthreadGC2.dll which you already have somewhere +under c:/mingw or c:/msys. To prepare the runtime environment: + + - copy the executable and the DLLs to a dedicated directory + - get there classification.config and suricata.yaml + - edit suricata.yaml (at least set the directories correctly) + +PCAP Mode +========= + +Make sure you have winpcap runtime and driver installed and then: + + - determine your eth device UUID in the registry: + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ + - now cross your fingers and do: + suricata.exe -c suricata.yaml -i \DEVICE\{your device uuid} + + +Inline Mode +=========== + +You need to downoad, compile and install netfilterforwin (the netfilter.sys +driver and Windows port of the libnetfilter_queue library): + +1. Download and install Windows Driver Kit from Microsoft + + http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff + +2. Download netfilterforwin + + http://sourceforge.net/projects/netfilterforwin/ + + Unpack it so the netfilterforwin directory (omit the version from its name) + is beside the oisf directory. + +3. Compile the driver + + - Open the build environment from you Start menu: + Start->All Programs->windows Driver Kits->WDK xxxx.yyyy.z->Build Environments + ->Windows Server 2003->x86 Free Build Environment + (or the one which is proper for your system) + - cd to netfilterforwin/netfilter + - enter command: + nmake + +4. Install the driver + + - copy inf/* files and the freshly built netfilter.sys to a separate directory + - open network connecions + - right-click an interface, select properties + - click install... + - select service + - click add + - click 'have disk...' + - browse to the directory with the inf files and netfilter.sys, select netfilter.inf anc click ok + - confirm everything + + You should have the driver installed now. + +5. Run Suricata in inline mode: + + suricata.exe -c suricata.yaml -q 0 -- cgit 1.2.3-korg