From 19d701ddf07d855128ded0cf2b573ce468e3bdd6 Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Wed, 20 Jan 2016 01:10:01 +0000 Subject: Removing Suricata and Audit from source repo, and updated build.sh to avoid building suricata. Will re-address this in C release via tar balls. Change-Id: I3710076f8b7f3313cb3cb5260c4eb0a6834d4f6e Signed-off-by: Ashlee Young --- .../src/suricata/doc/Installation_with_PF_RING.txt | 207 --------------------- 1 file changed, 207 deletions(-) delete mode 100644 framework/src/suricata/doc/Installation_with_PF_RING.txt (limited to 'framework/src/suricata/doc/Installation_with_PF_RING.txt') diff --git a/framework/src/suricata/doc/Installation_with_PF_RING.txt b/framework/src/suricata/doc/Installation_with_PF_RING.txt deleted file mode 100644 index ea4f4172..00000000 --- a/framework/src/suricata/doc/Installation_with_PF_RING.txt +++ /dev/null @@ -1,207 +0,0 @@ -Autogenerated on 2012-11-29 -from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_PF_RING - - -Installation with PF RING - -This is the installation guide for Suricata with PF_RING support and a guide to -install PF_RING. -To install DKMS, enter: - - sudo apt-get install dkms - -To get subversion for checking out the PF_RING code, flex and bison for -libpcap, enter: - - sudo apt-get install subversion flex bison - -To install the debs needed for Suricata, enter the following: - - sudo apt-get install libpcre3-dev libpcap-dev libyaml-dev zlib1g-dev libcap- - ng-dev libnet1-dev - -In the example you will build from the GIT repository, so you will need some -extra packages: - - sudo apt-get install git-core automake autoconf libtool - -To build your modules, please go to: - - cd /usr/src/ - -Checkout the PF_RING code: - - sudo svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ - PF_RING_CURRENT_SVN - -Create the DKMS build directory and copy files over for the main PF_RING module -by entering the following: - - sudo mkdir /usr/src/pf_ring-4 - sudo cp -Rf /usr/src/PF_RING_CURRENT_SVN/kernel/* /usr/src/pf_ring-4/ - cd /usr/src/pf_ring-4/ - -Create a file called 'dkms.conf' - - sudo nano dkms.conf - -and place the following into the file: - - PACKAGE_NAME="pf_ring" - PACKAGE_VERSION="4" - BUILT_MODULE_NAME[0]="pf_ring" - DEST_MODULE_LOCATION[0]="/kernel/net/pf_ring/" - AUTOINSTALL="yes" - -To close the file, do so by pressing Ctrl and X at the same time, followed by y -and enter. -Build and install the kernel -module of PF_RING: - - sudo dkms add -m pf_ring -v 4 - sudo dkms build -m pf_ring -v 4 - sudo dkms install -m pf_ring -v 4 - -development headers.(zie aantekeningen) - - sudo mkdir -p /opt/PF_RING/{bin,lib,include/linux,sbin} - -Next, build and install the userland lib.: - - sudo cp -f /usr/src/PF_RING_CURRENT_SVN/kernel/linux/pf_ring.h /opt/PF_RING/ - include/linux/ - cd /usr/src/PF_RING_CURRENT_SVN/userland/lib - sudo ./configure - sudo sed -i -e 's/INSTDIR = \${DESTDIR}\/usr\/local/INSTDIR = \$ - {DESTDIR}\/opt\/PF_RING/' Makefile - sudo cp -f pfring_e1000e_dna.h /opt/PF_RING/include - sudo make - sudo make install - -Enter the following to pull down the latest version of Suricata from the git -repository and build with PF_RING support: - - cd /usr/src/PF_RING_CURRENT_SVN/userland/ - sudo git clone git://phalanx.openinfosecfoundation.org/oisf.git oisfnew - cd oisfnew - sudo ./autogen.sh - sudo ./configure --enable-pfring --with-libpfring-libraries=/opt/PF_RING/lib - --with-libpfring-includes=/opt/PF_RING/include --with-libpcap-libraries=/opt/ - PF_RING/lib --with-libpcap-includes=/opt/PF_RING/include LD_RUN_PATH="/opt/ - PF_RING/lib:/usr/lib:/usr/local/lib" --prefix=/opt/PF_RING/ - sudo make install - sudo make - sudo mkdir etc/suricata - -To make config and log directories for a more complete getting started, see: -Basic_Setup. - - sudo mkdir /etc/suricata - sudo cp suricata.yaml /etc/suricata/ - sudo cp classification.config /etc/suricata/ - sudo mkdir /var/log/suricata - -The information about the setup options for when you initialise the module: -min_num_slots:Number of ring slots (uint) -transparent_mode:0=standard Linux, 1=direct2pfring+transparent, -2=direct2pfring+non transparent. -For 1 and 2 you need to use a PF_RING aware driver (uint) . -enable_tx_capture:Set to 1 to capture outgoing packets (uint) -enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx traffic is -defragmentead) (uint) -Enter the following as super-user: - - echo "options pf_ring transparent_mode=0 min_num_slots=32768 - enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf - -To check the status of PF_RING : - - sudo modprobe pf_ring - sudo modinfo pf_ring && cat /proc/net/pf_ring/info - -Start up Suricata with PF_RING support: - - sudo /opt/PF_RING/bin/suricata --pfring-int=eth0 --pfring-cluster-id=99 -- - pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml - -If you need to uninstall PF_RING or rollback your PF_RING aware drivers to -their previous state you can do so with the following commands: - - sudo dkms remove -m pf_ring -v 4 --all - - -Optional - -The following part is optional. - - sudo dkms remove -m e1000e-pf_ring -v 1.0.15 --all - -If you issue the following command, you can see that PF_RING should now be -installed as DKMS module: - - dkms status - -Now go through the steps to build a PF_RING aware driver: - - sudo mkdir /usr/src/e1000e-pf_ring-1.0.15 - sudo cp -Rf /usr/src/PF_RING_CURRENT_SVN/drivers/intel/e1000e/old/e1000e- - 1.0.15/src/* /usr/src/e1000e-pf_ring-1.0.15/ - -Enter the following so that DKMS can find it for driver rebuilds: - - sudo cp -f /usr/src/PF_RING_CURRENT_SVN/kernel/linux/pf_ring.h /usr/src/ - e1000e-pf_ring-1.0.15/ - cd /usr/src/e1000e-pf_ring-1.0.15/ - -After that, fix the path to pf_ring.h: - - sed -i -e 's/\.\.\/\.\.\/\.\.\/\.\.\/kernel\/linux\/pf\_ring\.h/pf\_ring\.h/ - ' netdev.c - -Then create a file called 'dkms.conf'. - - sudo nano dkms.conf - -and place the following into the file: - - PACKAGE_NAME="e1000e-pf_ring" - PACKAGE_VERSION="1.0.15" - BUILT_MODULE_NAME[0]="e1000e" - DEST_MODULE_LOCATION[0]="/kernel/drivers/net/e1000e/" - AUTOINSTALL="yes" - -Build and install the module of the e1000e-pf_ring network driver: - - sudo dkms add -m e1000e-pf_ring -v 1.0.15 - sudo dkms build -m e1000e-pf_ring -v 1.0.15 - sudo dkms install -m e1000e-pf_ring -v 1.0.15 - -After that, build and install the PF_RING enabled libpcap: - - cd /usr/src/PF_RING_CURRENT_SVN/userland/libpcap-1.0.0-ring - ./configure - sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/ - ' Makefile - sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/ - ' Makefile.in - ./configure --prefix=/opt/PF_RING && make && make install - -Subsequently, build and install tcpdump using the PF_RING enabled version of -libpcap: - - cd /usr/src/PF_RING_CURRENT_SVN/userland/tcpdump-4.0.0 - sudo ./configure - sudo sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/ - ' Makefile - sudo sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/ - ' Makefile.in - sudo sed -i -e 's/-I \.\.\/libpcap-1\.0\.0-ring/-I \/opt\/PF_RING\/include/ - ' Makefile - sudo sed -i -e 's/-I \.\.\/libpcap-1\.0\.0-ring/-I \/opt\/PF_RING\/include/ - ' Makefile.in - sudo sed -i -e 's/-L \.\.\/libpcap-1\.0\.0-ring\/-L /\/opt\/PF_RING\/lib\// - ' Makefile - sed -i -e 's/-L \.\.\/libpcap-1\.0\.0-ring\/-L /\/opt\/PF_RING\/lib\// - ' Makefile.in - sudo ./configure LD_RUN_PATH="/opt/PF_RING/lib:/usr/lib:/usr/local/lib" -- - prefix=/opt/PF_RING/ --enable-ipv6 && make && make install - -- cgit 1.2.3-korg